Protecting credit card payment information might not seem like the most exciting topic to a small business owner. In general, we tend to prefer to focus on things like attracting new customers because we can immediately see the positive impact on our business.
However, there are many hidden pitfalls that can slow us down or stop us altogether as we grow our dream business–one of those pitfalls is failing to properly protect our customers’ credit card information.
The ramifications of this can be disastrous. You’ve heard the statistics about keeping customers happy, right? There are a bunch of them:
- Bad customer service is mentioned twice as often as good service
- It is 7 times more expensive to acquire a new customer than to keep a current one
- It takes 12 positive experiences to make up for one negative one
With that in mind, imagine what would happen if your customers experienced identity theft and fraud that occurred as a result of doing business with you! I think it’s safe to say you’d run the risk of losing a customer or two, not to mention the work you’d have to do to convince your remaining customers that you have repaired the breach.
We’ve written extensively about how to properly handle credit card information. Here, we’ll focus on best practices for safely accepting credit card information over the phone.
While no system is 100% secure, there are five simple steps you can implement today to make sure that you have done your part to protect payment information when taking credit card orders over the phone.
1. Make sure your credit card processing company is PCI DSS compliant and certified
PCI DSS stands for Payment Card Industry Data Security Standards. These are the standards and guidelines created to ensure that merchants who process credit cards are doing so in a safe and secure way. Ensuring that your processing company is PCI compliant takes a huge burden off your business if you often take orders over the phone.
PaySimple, for example, maintains PCI DSS compliance so that you can safely accept credit cards.
2. Refrain from writing card information down
When taking credit card information over the phone, try to avoid writing it down whenever possible. Instead enter credit card information directly into your payment processing system. If you write information down on a Post-it, intending to process the payment later, you run the risk of losing the Post-it. Use equipment and software that allow you to enter this data securely. Enter that information directly into your payment processing system. Cut out the risk of leaving this critical data out where thieves might find it.
Now, sometimes a company might need to store paper copies of credit card information. If you can avoid this, do so. But, if you cannot, make absolutely certain that you don’t store CVV2 security codes (the 3 or 4 digit code on the back of cards). This data acts as the key to authorize transactions. Having this on paper is like leaving a key to your cash register under your door mat…and that’s just bad business.
3. Train all employees on procedures
Would you believe that humans are the weakest link in the payment processing chain and account for the majority of data breaches? It’s true! Make sure that you properly train your employees on the procedures that you require them to follow when processing payments.
All employees should receive a copy of your company policy, as well as be educated about the business and personal ramifications should they fail to comply. When training, make sure that you reiterate the “why” to your staff. Understanding why you require something done a certain way makes employees more compliant and increases their knowledge retention.
4. Regularly monitor that procedures are adhered to
All too often in business, I watch as owners set expectations, build procedures, and then let nature take its course. More often than not, that means that employees start taking shortcuts or unintentionally dropping procedures. To prevent this, stress with your employees that this is not an area of business where shortcuts are encouraged. Constantly monitor your employees to ensure that they are following the proper steps that you created in order to protect the data and identities of your customers. Retrain employees, if over time, you start to notice a decline in their attention to detail in this area. Lastly, don’t hesitate to take disciplinary action if you have employees who consistently fail to adhere to your procedures. This is one area where you can’t afford to cut corners!
5. Be sure to record the customer’s phone number
Make sure you take down the phone number of all phone orders. This will help you in two ways: Firstly, it will allow you to contact the customer in case of any unforeseen issues fulfilling the order or processing the payment. Secondly, should the customer dispute the payment, having this extra piece of information will help you prove the validity of the transaction.
Put these steps to work in your business today and feel comfortable knowing that you’re treating your customers with the respect they deserve.
Start a 14 day Free Trial and start accepting credit card payments with PaySimple: