Wednesday, March 23, 2011

Credit Card Processing Security

There's been some discussions lately about how secure your credit card information is when you purchase online or at a merchant who uses the swipe reader attached to their smartphone.  VeriFone, a leading provider of card processing for merchants, actually tested out Square's security.  Basically, Square is a new card processor that you can use for free.  Yup, that's right, free.  Sounds good, right?  I actually considered using them for when I attend shows - makes it easier for customers to pay, might generate more sales.  I decided against using Square when they wanted some personal information because the information that I provided about my business when I signed up didn't match their records.  What records??  I told them to cancel my account immediately.  And I am so glad I did.

In VeriFone's security tests, they were able to write a hacking program in an hour - one that would steal a customer's credit card information as it was being swiped on the Square reader.  Yikes!!

I want to assure my customers that I've found a better way to accept credit/debit cards when attending trade shows.  I'm going to use my current merchant provider, ProPay.  This is who I use when customers decide to use their credit card on the website.  They're encrypted, secure, and it doesn't store payment information so I can see it again.  I can ask that it store payment information if I have a repeat customer who always uses the same card - but all I see is the last 4 of the credit card number and the expiration date for validation.

How does it work?

Basically, I enter in the card information as it was given to me in the order and ProPay charges the card, I pay them a fee, and voila! I have income.  Now, as further reassurance to my customers, when you use your credit card to pay for things on the website, yes, I see your card number.  I have to be able to process it somehow and I haven't managed to figure out how to get it to process automatically like some of the big merchants, like Best Buy or Overstock.  (I'm not a computer coder, I'm learning as I go, and I don't want someone else having access to the back office of my store's website.)  So does my website "store" your credit card information?  Yes - but only until I process the card.  Then it disappears and I can't see it again unless you make another purchase.  And my website is also encrypted and secure.

But wait, what about the onsite processing at trade shows?  Well, ProPay recently developed a mobile website.  It's got all of the security features of their main website, but it's made for the smartphone.  And since it automatically logs me out after no activity for 3 minutes, you can rest assured that your credit card information is safe.  And ProPay has developed an app for the iPhone and has one in the works for Android phones, which is what I currently have.

Worried about the app being secure?  I'm not.  Why?  Because I've been using ProPay for 4 years now and they are constantly updating and increasing their security precautions.  And because I plan on making sure that the app I download is from ProPay, not a look alike that some people downloaded and got their smartphone hacked.

Being as I have an online store but I also shop online, I'm conscious of the risks involved and try to make shopping on The Funky Fairy Shoppe as easy and secure as possible.  If you ever have a concern, please do not hesitate to contact me. 

No comments:

Post a Comment