Mobile payments have become an increasingly popular payment method for small businesses across a range of industries, in large part due to their cost-efficiency, ease of use and the convenience they offer — both to customers and business owners. But in an age where even the largest brands in the world are subject to customer data breaches, do mobile payments present a risk your business can’t afford to absorb? Here’s a look at whether mobile payments are risky, and how you can ensure that you safeguard your business and customers as much as possible when integrating them into your business model.
Make your passwords hacker-proof – When sensitive customer data is involved, the possibility for fraud and data compromise exists; customer and financial data theft is a real threat all responsible merchants should proactively work to diminish. Though mobile payments don’t inherently present more risk than credit card or debit card transactions made with a traditional point-of-sale system, the fact that you may conduct mobile payments using a personal smartphone or tablet device demands an extra level of vigilance in terms of the username and password security you utilize.
Ensure that the mobile device that you use to process customer payments requires a unique password to access. Choose a setting that automatically requires re-entry of that password if the device goes unused for more than a few minutes, and install an app that will automatically force the device to shut down if it’s lost or stolen. Select a username and password for your mobile payment merchant account (and its app) that is not easily guessable (any iterations of social security numbers, birthdays, addresses, and variations of business names that a data thief could “breadcrumb” are off limits).
Choose unique username and password combinations for every account that you have (including email, online shopping accounts and bank accounts), using a combination of uppercase and lowercase letters, numbers, and symbols. Update passwords at least every 60 days, and be mindful of how data breach events suspected at retailers including Target, T.J. Maxx, Home Depot, Discover Card and JP Morgan Chase, for example, may present the need to update your mobile payment merchant account to a new password — even if there isn’t direct evidence that your credit card accounts were compromised.
Be mindful of where your mobile device travels. Despite the level of technology sophistication involved in large-scale data breaches, the PCI Security Standards Council (PCI SSC) reports that many breaches begin with a physical compromise of a single device, with an action as simple as a fraudulent sticker that a data thief places over a device’s serial number to “skim” sensitive data. In the case of Target’s 2013 data breach, which compromised an estimated 40 million consumer accounts and cost the company and financial institutions billions of dollars, Bloomberg Businessweek reporters revealed the compromise originated with a data security thief who posed as an HVAC vendor for a third-party service that Target used.
When customers handle your mobile device to complete their payment, watch them. Further, be mindful of the customers who may be in line behind, or near, customers and your sales staff as they complete mobile payment transactions, particularly if you process customer payments at highly public, remote locations, such as a trade show, festival or similar event. The PCI SSC reports that sophisticated data thieves commonly tap into signals placed near a point-of-sale terminal (whether affixed or on a mobile device) to access sensitive data.
Establish processes for who can access your mobile payments accounts. One of the key benefits mobile payments offer small businesses is the ability to enhance the customer experience by essentially eliminating the traditional checkout line, allowing for purchases to be made anywhere, with any member of a sales team. Establish written procedures for exactly how your team is to execute such transactions, including processes for “locking” mobile devices that are unattended, even for brief periods, along with which Wi-Fi connections have been verified as secure for processing mobile payments. Check your business’s Wi-Fi connections regularly to ensure that they remain secure, and to be proactively aware of nearby signals (and who owns and accesses them).
Choose a reputable vendor. With the popularity of mobile payments, a host of providers have come onto the scene — but not all are PCI compliant, or proactive in ensuring that their payment systems are secure and regularly updated based on the latest security threats. Though mobile payments can provide cost efficiencies to small businesses, remember to consider the “all in” security benefits a mobile payment provider offers before basing your decision on fees alone.