How to Protect Customer Data When Using Credit-Card Plug-ins for Smartphones

Magazine Contributor
2 min read

This story appears in the April 2012 issue of . Subscribe »

Q: Are those credit card plug-ins for smartphones really PCI compliant?

A: First, a primer on Payment Card Industry (PCI) noncompliance. If you fail to protect customers' credit card data, your business could face hefty--even crippling--penalties and fines from payment processors, and could lose the ability to accept cards altogether. (Then there's the prospect of facing angry customers demanding to know how fraudulent charges ended up on their credit card statements.)

If you think your small operation is too insignificant to bother, think again. According to the PCI Security Standards Council, 80 percent of all credit card security breaches in the U.S. since 2005 have been attributed to small businesses. (For more info, go to PCISecurityStandards.org.)

With usage of mobile payments skyrocketing each quarter, understanding and maintaining PCI compliance is vital to protecting your business. As for the security of the hardware attachments (dongles) and software that can turn a smartphone or iPad into a credit card reader, you can breathe easy if you follow PCI rules and common sense, according to Rajat Bhargava, chairman and CEO of StillSecure, a Colorado-based security provider and PCI-compliance expert. Here's what he suggests.

  1. Separate online credit card processing from your business's main network, ideally with a dedicated computer, smartphone or tablet with its own internet connection. This will reduce the chances of infection from malware downloaded from an e-mail, website or app. Testing Square's card-processing app on your nephew's iPhone? That's a no-no.
     
  2. Limit control over access to those employees who actually take credit card information. Data access and monitoring should be limited to you or your controller.
     
  3. Monitor your account regularly--daily is best. You'll quickly spot any security breach or theft. If you find a breach, have a plan in place and follow it. This will help you validate your compliance measures and could reduce or negate your responsibility for fraud.
     
  4. Secure the device being used to process credit cards 24/7--both physically and through regularly updated network security apps. Start thinking of your smartphone or iPad as a portable cash register full of money. The last thing you want to do is lose it.
loading...
More from Entrepreneur
Our Franchise Advisors will guide you through the entire franchising process, for FREE!
  1. Book a one-on-one session with a Franchise Advisor
  2. Take a survey about your needs & goals
  3. Find your ideal franchise
  4. Learn about that franchise
  5. Meet the franchisor
  6. Receive the best business resources
Entrepreneur Insider members enjoy exclusive access to business resources for just $5/mo:
  • Premium articles, videos, and webinars
  • An ad-free experience
  • A weekly newsletter
  • A 1-year Entrepreneur magazine subscription delivered directly to you
Make sure you’re covered for physical injuries or property damage that occur at work by
  • Providing us with basic information about your business
  • Verifying details about your business with one of our specialists
  • Speaking with an agent who is specifically suited to insure your business

Latest on Entrepreneur