Blog

6 Ways to Secure Telephone Order Payments

Published November 6th, 2017 by Servistree

There’s a big difference between the type of fraud that occurred with Target, Neiman Marcus and other retailers and the potential fraud with card-not-present transactions. The breaches at brick and mortar retailers involved the compromising of cards scanned in-person at credit card terminals. Card-not-present transactions involve the processing of cards with only the card number and other necessary information while the customer isn’t physically there with the card.

Card-not-present breaches usually don’t make as much media noise as the card-present breaches, but they can be just as severe.

If not prepared, organizations that store credit card data and process card-not-present payments could be breached by cyber criminals who find ways to intrude networks with hacking technology. Once inside, the hackers can record sensitive credit card data and transfer the information to themselves. If your organization processes card-not-present transactions for yourself and/or other merchants, read on for some tips on protecting your customers’ sensitive card data.

  1. Use Encryption
    Encryption involves the scrambling of credit card data while the original credit card information is stored on a server. The fact that the original card data remains intact makes it a less secure option compared to tokenization. At Servistree our credit card processing systems provide layers of protection, when used in combination with EMV and PCI-DSS compliance; to ensure you’re doing all you can to protect cardholder data from increasingly complex and evolving security threats.
  2. Tokenize for Tighter Security
    Tokenization is a tried and true solution for securing credit card information. This process turns credit card data into unrecognizable tokens, leaving no trace of the original card information. The most powerful use of tokenization for vendors is the offsite variety, where all data is stored in a remote location away from the vendor’s environment. Using Servistree’s tokenization technology protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions. This eliminates the possibility of having card data stolen because it no longer exists within your environment.
  3. Remove Paper
    We’ve all seen magazine subscription forms with the credit card information sections. This type of payment method is simply asking for trouble. Remove the paper as a form of communication and payment. The rule is quite simple: never have full credit card numbers, expiration dates and other information on any form of paper.
  4. Ensure PCI Compliance
    Over the years, PCI Compliance has evolved to cover regulations for businesses that process card transactions in non-conventional ways (i.e. mobile). Staying within the scope of PCI Compliance will help you secure card-not-present transactions. At servistree we provide full PCI-DSS support and scanning using a PCI Compliance Manager it is a user friendly online tool that helps you quickly and easily report and maintain compliance.
  5. Keep Your Firewalls Active and Monitored
    Target’s lack of security on their payment network allowed cyber criminals to weave their way to the proverbial gold mine of customer card information used at terminals. If you process card-not-present transactions, you can learn from Target’s mistake as well, especially if you store card information locally. Confirm the adequate installation and monitoring of firewalls on your servers so intruders can’t tap into your network.
  6. Hire Good People
    No matter how good your systems and security technology are, a bad apple or untrained person on the inside of your organization can undo all your technical readiness. Make sure you have honest and trustworth people processing your clients credit card data especially if you’re in the business of processing card-not-present transactions.

With the following of these tips and the careful studying of payment security innovations, your organization can operate with more confidence. For more information on how Servistree can help you reduce your payment processing costs and prevent fraud contact adam@servistree.com or www.servistree.com.


‹ Back