11 Ways to Help Protect Your Company (and Customers) When Taking Payments Online

Online payment security tips

Small businesses often have a false sense of security, assuming cybercriminals have bigger fish to fry. In reality, according to Verizon’s 2022 data breach investigations report, small businesses are as appealing to cybercriminals as larger organizations ― and small companies are more likely to be put out of business due to a security incident. 

Consider the following online payment security best practices to protect your customers and business. 

1. Use two-factor authentication.

Two-factor authentication (2FA) is an essential part of any business’ cybersecurity plan. 2FA ― also called multifactor authentication (MFA) ― is essential when dealing with vendors, social media, financial institutions or any other platform where your business has an account. If a cybercriminal gets access to your accounts, your customers’ sensitive information is at stake, along with your business’ private data. If you deal with a vendor that doesn’t offer 2FA or MFA, request it or find a more secure vendor.  

With 2FA, you know immediately if someone is trying to access your account and can take steps to secure it by changing the password.

2. Verify every transaction.

E-commerce financial transactions are, by definition, card-not-present transactions, which are inherently less secure. Online businesses can improve security by verifying the transaction by the following means:

• Require customers to enter the credit card’s security code
• Have customers enter the card’s billing address and match it with address verification
• Get a phone number so you can call if there’s a discrepancy
• Validate the provided email address

3. Choose a secure e-commerce platform and payment provider.

One of the best ways to protect your online store is to base it on a secure e-commerce platform. The best e-commerce platforms are established companies with excellent reputations that implement innovative security measures. 

Platforms with excellent security are rarely the cheapest, but this cost is a crucial part of your cybersecurity budget. Secure e-commerce platforms can save you money in the end by protecting your reputation and your customers.

4. Buy cyber liability insurance.

Even when you do your best to secure your operations, you may still be vulnerable to savvy hackers or dishonest employees. Cyber insurance will help cover your bases. Cyber liability insurance typically covers costs associated with a data breach, such as loss of income, costs associated with notifying customers, the cost of recovering compromised data and repair costs for damaged computer systems.

5. Use a personal verification system.

Requiring customers to set up an account with you before purchasing lets you verify them with their login credentials. Alternatively, you can ask customers to verify their identity by providing a photo of their driver’s license or other government-issued identification for big-ticket items.

6. Don’t store customer payment data.

It’s best not to store any customer payment data so it’s not a target for cybercriminals. Don’t store electronic data or paper files, such as when you take credit card payments over the phone. However, if you must store payment data to enable easy repeat purchases, use a third-party company that uses encryption to protect the data. 

7. Get an SSL certificate for your site.

A secure sockets layer (SSL) certificate provides security by encrypting communication between the customer and your business. In addition to this very real benefit, an SSL certificate also makes customers feel more confident doing business with you because they see the certificate displayed in the browser. For extra security, install a firewall around your company data and implement an intrusion detection and prevention system. 

8. Ensure PCI compliance.

Anyone accepting credit cards is required to comply with Payment Card Industry Data Security Standards (PCI DSS). These standards cover proactive steps businesses must take to do the following: 

• Build and maintain secure networks and systems
• Protect account data
• Scan for and protect against malicious software
• Control access to sensitive data
• Test networks to spot intrusions
• Respond quickly and appropriately in the event of an attack

9. Accept secure forms of payment.

In addition to credit cards ― which you can verify with additional information ― consider accepting payment forms with built-in security. This includes electronic checks verified through the automated clearing house (ACH) network and digital wallets like Apple Pay, Google Pay and Samsung Pay, which are secured through blockchain technology (more on secure payment forms below).

10. Educate employees about security protocols.

Human error leads to many data breaches. Train employees on identifying and dealing with suspicious emails or calls that might be phishing for login credentials. Warn them against clicking on unexpected email attachments that might contain malware or sharing sensitive information with unauthorized people. Ensure they log out of their workstation when leaving their desks and never leave work-related USB drives or devices unattended. 

11. Watch for customer purchase patterns.

Monitor customer purchase patterns. When you see something out of the ordinary, like an unusually large order from an existing customer, call them to verify its legitimacy. 

The most secure online payment methods

Protect your customers and business by accepting secure payment forms. Some of the most secure include the following:

• Credit cards: Credit cards are an exceptionally secure payment option. The best credit card processors comply fully with the PCI DSS and help you attain PCI compliance. Credit card purchases also benefit your customers because they don’t immediately withdraw money from their bank accounts. Instead, the money initially comes from the credit card company. 
• Debit cards: Small business owners benefit from accepting debit card payments because they’re also governed by PCI compliance. Debit card purchases are among customers’ most secure online payments; in some cases, debit card use from an unfamiliar internet protocol address can trigger identity verification measures. Additionally, Visa and Mastercard don’t hold debit and credit card customers accountable for unauthorized purchases.
• Wire transfers: Wire transfers are usually a secure online payment form when your company’s and customer’s banks are reputable institutions. Banks with solid reputations presumably lack an extensive history of data breaches and other security gaps, likely because they have active safeguards against fraud and other security concerns.
• Mobile wallets: Digital wallets like Apple Pay and Amazon Pay are widely seen as among the most secure online payment methods available. Customers benefit because they mask credit and debit card numbers and your company benefits because customers must use a fingerprint or PIN to verify their purchase. Mobile wallets must be linked to a genuine debit account, eliminating the possibility of accepting a fake credit card.
• Electronic checks: Accepting electronic checks protects you and the customer because the processing ACH system verifies every transaction. The system keeps account numbers confidential so they can’t be stolen. If there is any fraud, you are protected by federal law. This is also an excellent payment method for online business-to-business transactions.