You have likely heard the word, “encryption” when discussing digital security. If you have not heard that word, you have heard the phrase, “credit card breach”. Many big companies such as Target, Home Depot and Chipotle have experienced highly publicized data breaches that exposed their customers credit card data. End-to-End Encryption is the most effective way to avoid exposing sensitive card data.
Small Businesses – Take Notice!
According to the US Securities and Exchange Commission (SEC), 43% to 63% of all data hacks are targeted towards small to mid-size businesses. Thieves assume small businesses are ill-prepared for cyber-attacks. Even worse, a study by the U.S. National Cyber Security Alliance found that 60% of small businesses that suffer a data hack go out of business within six months of the breach. The cost of a breach rests solely upon on the merchant. The costs include absorbing the expense of issuing new cards to cardholders who had their data exposed, notifying the cardholders of the breach and losses caused by fraudulent use of the stolen card data. More importantly, customers who trusted you with their credit card may never trust you with their business again.
End-to-End Encryption Simplified
E2EE, the acronym for End-to-End Encryption is essential to protecting your business. It is a secure method of communications that prevents third parties from accessing sensitive card data while communicated through devices and communications environments such as wi-fi and cellular networks. Think of this like two interlocking puzzle pieces. When you transfer card data you use an encryption key that scrambles the data. For the data to be put back into a usable format, the recipient needs to have the corresponding key or the second piece of the puzzle that interlocks perfectly with the first puzzle piece. When a customer uses a credit card to make a purchase, their information is encrypted. It remains encrypted until the data arrives at the payment processor or acquirer who is then able to unscramble or decrypt it.
E2EE is built into hardware and software. The data is protected during the transmission. However, that does not provide protection on either end points. Therefore, it is important that credit card numbers (and data) never be written down on paper. The entire card number should never appear in written form, be stored in a filing cabinet or shown in any manner that could allow someone to see it and write down the information. As a merchant, you are required to keep customer information such as passwords, credit card numbers and other personal data such as addresses and birthdays completely secure. Make sure that all parties involved in credit card processing for your business use E2EE. This includes specialized software providers and POS systems.