Does Your Small Business Accept Credit Card Payments? If So, Know The Security Requirements

The article content is provided with our sponsor, Bank of America Merchant Services.


If you ever want to accept payment through credit cards, you must be aware of the security regulations that surround this form of payment. The Payment Card Industry Data Security Standards (PCI DSS) is the standard security practice for businesses that handle all major credit cards, and it exists to increase security for consumers to help prevent credit card fraud.

Bank of America Merchant Services Vice President of Merchant Data Security, Larry Brennan explains that it is important to follow all rules of the PCI DSS with all of your transactions. “The PCI DSS has a ‘digital dozen’ of requirements for protecting cardholder information that companies should follow at all times,” says Brennan. “Those include not storing customer data unless absolutely necessary, and never storing sensitive account information after a transaction has been authorized. If an outside service provider handles account data on a merchant’s behalf, you must ensure they handle the data in accordance with those PCI DSS standards.”

Below are some of the ways small businesses can help mitigate fraud risk when accepting credit card payments.


Maintaining A Secure Internet Network

If your network isn’t secure for you to process payments or transfer any customer data, then you will be at risk of third parties being able to access data they shouldn’t. Work with your internet service provider and other technology experts to make sure you have the right data security software/products that you need to help protect your business.


Protecting Cardholder Data

Brennan knows this is important, and says, “We strongly advocate that companies should help protect card data by using point-to-point encryption and end-to-end encryption, along with tokenization to secure card data at every step in a transaction. These methods help ensure that even if a criminal is able to access company systems, the data they obtain would be useless as it would be encrypted, or in the form of a one-time use token that is not functional for their purposes.”


Monitoring & Testing Networks

It’s important to regularly test your Point of Sale (POS) devices and other software that you may have purchased to become EMV®¹ enabled to make sure they are working as they should.


Maintaining Internal Security Policies

Your business should have internal policies that let your employees know what to do in the event of any security situation. This includes what to do in a worst-case scenario. “We advocate that any business that is potentially facing a data security event work closely with their payments provider to resolve the security issue and notify any affected parties as quickly as they can,” says Brennan.


Training Employees On Secure Use

Human error can be the cause of many data security issues. Make sure that any employees who handle customer data know the proper procedures on how to keep everything secure.


Working Closely With A Credit Card Vendor

Most companies that accept credit cards don’t actually interact with the financial institutions themselves, but use a payment processing service vendor. A close working relationship with your vendor can make security easier for you and improve your customer’s experience.



To learn more about the topic above and how it affects your business, visit or contact a Bank of America Merchant Services business consultant.


¹EMV is a registered trademark in the U.S. and other countries, and an unregistered trademark elsewhere. EMV® is a registered trademark owned by EMVCo LLC.



Leave a Reply

Fill in your details below or click an icon to log in:

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Listen Live