We are surrounded by technology. When credit cards first appeared, nobody thought that technology would evolve so fast and reach the level we are at today. Plumbers can accept payments with android phones directly to their Paypal account, waiters can receive customer payments with an iPad and even taxi drivers can use iPhones to get paid. It seems logical that you would think about including such options so that you offer flexibility for your business.
The problem is that whenever using mobile devices to accept credit card payments, we need to think about security. This is something that a lot of people forget.
Are the mobile devices really safe? Are you compliant according to PCI Data Security Standards? Is it a good idea to use personal phones? These are all questions that you have to ask.
The PCI DSS Problem
For those that are not aware, PCI DSS stands for Payment Card Industry Data Security Standard. Unfortunately, there is no recommendation listed when referring to mobile devices and accepting payments. While the PCI Council did make it public that they work on this problem, market adoption rate has skyrocketed. This forced the council to adopt a formal standard but nothing official is out there. Operators can basically do whatever they please.
We all understand how many problems we can get ourselves into when credit card payment problems appear. With this in mind, let us think about what we can do in order to accept credit card payments properly on mobile devices.
P2PE (Point-To-Point Encryption) is quite good with such payments. Such a solution will have the data of the cardholder encrypted before it will be recorded by the mobile device. The entire data remains encrypted and the P2PE Solutions Provider will take care of transferring all the necessary data to a payment processor. By using P2PE you basically make sure that credit cards are accepted in a really safe environment.
The problem is that we do not have a P2PE solution that is properly validated by the council. Only some companies that can assess the solutions we have are officially recognized. This basically means that while using P2PE is a great idea, you will need to be careful when choosing the provider.
Preparing The Mobile Device To Accept Credit Card Payments
You cannot simply take a device and install the necessary app. In order to increase the security that you offer, you will need to:
- Have a proper device – You should not have a device that is jailbroken or rooted. Android devices can be rooted in order to receive superuser rights. This allows the user to make all the modifications he wishes. For the iPhone this process is called jailbreaking. If you have a device that went through such changes, it is better to not use it.
- Update the operating system – Every single OS for mobile devices, be it MS, Blackberry, Android or iOS, needs to be updated so that you only use the newest version. With older devices this may not be possible as hardware limitations exist. In this situation, you have to upgrade your device, not just use the OS that it can handle.
- Use trusted sources for apps – Never download an app that has bad reviews or that is not so popular when compared with the others. Go for the best since there is a reason why they are rated better!
- Protect Your Device – This should go without saying but there are so many that do not do it. You need to be properly protected against viruses and malware. You can find various apps that are free and that should be used to keep the mobile device safe.
- Update Apps – As soon as a new release is available, get it.
Talk With Card Brands Or Payment Processors
The trick is to get recommendations of what you can do. In the event that you now use a specific processor to accept credit card payments, there is a pretty good chance that there are some guidelines or recommendations available. It is very important that you take all the time that you need to see what the big card brands and the payment processors say about the service that you think about implementing.
Make Sure You Do Not Store Credit Card Data
There are some apps that are going to store the data on the actual device. This happens when no service is available. As soon as service becomes available, data is sent through the internet connection. The problem is that when you have data on a device, it is a possibility that it can get compromised. Whenever using an app, look for a “Store and Forward” mention. This feature needs to be turned off.
Locking The Device
This is most likely the simplest piece of advice that you will ever receive but it is one that is incredibly strong. Too many overlook the importance of locking mobile devices when they are not used. In many cases people will just avoid locking when they use the PIN many times per day. While this can definitely be a drag, think about what would happen if the device was stolen or unauthorized access happens.
In addition to locking the device, make sure that the PIN number you use is not easy to figure out. General PINs like the same number typed 4 times will usually get hacked pretty fast. This is not something that you want to see happen. If your device is compromised, you want to have enough time to close its access to payment processing platforms through other methods as soon as possible.
Take Your Time!
You do not need to implement such a feature tomorrow and you do not have to do it, either! No matter what you may believe at the moment, the really important thing is to know what you are doing. This basically means that you need to start the proper documentation. Never implement anything that has to do with credit card payments until you are 100% sure that the security you offer is top notch.