Everywhere you look today, people are using their mobile devices to make and accept payments. From the coffee shop to the taxi stand, the wine bar to the tire place, tiny swipe-and-go devices are replacing the traditional cash register.
But is this sudden reliance on all things mobile for transmitting the most sensitive data premature? How can you keep your identity safe, your customers' identities safe and your company safe while still keeping up with the latest technology? Here are five tips to consider as you decide when, where, how, and how much to make the switch.
Tip #1: Make sure your mobile device or phone is safe and secure.
The mobile device or phone you use to accept payments will pay a big part in how secure your transactions may or may not be. For example, it is more popular than ever before to "unlock" a mobile device so you can use it on any carrier's plan. This is fine so long as the device has been purchased new and unlocked by the merchant who sold it to you (which is done by making a simple request to them for an unlock code).
Who Unlocked Your Device?
But if you have bought your unlocked (also called "jailbroken" or "rooted") mobile device or phone secondhand and are not sure where it was before it got to you, you don't want to use that particular device to accept or make mobile payments. Reason being - every time a third party makes alterations to the device, this ups the risk of future data breaches.
How Up to Date is Your OS?
If you have not updated your device's operating system (OS) recently be sure to check for and download any recommended updates before you begin making or accepting payments through that device. Often updates contain fixes for security bugs or breaches, so knowingly conducting financial transactions on a phone using an out-of-date OS is like asking for thieves to come and steal from you and your customers.
Update Your Apps - and Only Use Trustworthy Apps
If you are using a bunch of apps in "beta" mode, think again before taking or making payments from your device. You want to use only thoroughly tested, vetted and trusted apps, and only the most updated versions of those apps, to conduct financial transactions via your phone. Also consider adding an anti-virus app to your device for extra security.
Related Article: Are You Cheating On Your Budget?
Tip #2: Never store credit card or other sensitive data in your phone or device.
Whatever else you do or don't do when it comes to doing business with your device, don't store card numbers or sensitive financial data on the device. Even if you are using a fully compliant P2PE system, you still should not store sensitive data on your device. The longer that data remains for any reason, the more time hackers have to figure out a way to get at it.
When WiFi connections are weak or not available, some devices have the option to store the data (like old school faxes used to do when the recipient's fax line was busy) and send it later to try to process payment. This is not a safe practice, so double check to see if the payment method you are using has an option to turn off the "store and forward" feature. If it does, turn it off and keep it off!
Tip #3: Keep your phone or mobile device locked ALL the time when not in use.
Today's mobile devices are making it easier and easier to keep your device safely locked when not in use (so much so that the days of "butt dialing" a colleague or your ex are nearly gone). But even so, these tools only work to help keep you safe if you choose to use them.
For best results, have your screen lock up after the shortest possible time (for many devices, this is 1 minute). Use the thumbprint technology as a passcode if your device offers it - this is the hardest type of passcode for hackers to replicate. If you do choose another type of PIN number, make it something hard to guess (this nearly goes without saying, and yet the number of people who use their own birthdate or zip code might shock you!).
And be very cautious about allowing others to use your device for any reason - if you do lend it out even for a minute or two, be sure to change the passcode when you get it back! Finally, never let anyone else unlock your phone using your personal passcode.
Tip #4: Review your options for payment providers and ask for recommendations.
If you work with a particular credit card company or financial institution to accept or make payments, ask them for advice regarding data safety best practices. They may be able to recommend particular apps, security features or processes to keep your data and your customers' data safe.
You can also look for any type of white paper issued by your bank or credit card provider that contains data safety recommendations for merchants who choose to take or make mobile payments. Following these guidelines can not only improve your security but may also indemnify you if a future data breach occurs.
Related Article: When Should You Make That Big Purchase?
Tip #5: Keep your finger on the pulse of P2PE developments.
Making use of a P2PE, or point-to-point encryption system, is the single best way to ensure your data is safe from either a customer or merchant perspective. The Payment Card Industry (PCI) Security Standards Council oversees the development, testing and rollout of P2PE tools for the general community, and they regularly release updates to help merchants stay in compliance for safe data practices.
As a merchant in particular, staying abreast of and in compliance with PCI Council recommendations can keep you out of the hot seat in the case that there is a data breach despite your best efforts otherwise.
In Summary: Data Safety in the Mobile Age
One thing is clear, and that is that using mobile devices such as phones, tablets and computers to make and receive payments is here to stay. It may take a bit of extra time and effort up front to create a safe digital shopping environment, but it will pay off in new opportunities to make sales and take payments anywhere, anytime.
By following the recommendations in these five tips and simply staying alert and aware, you can keep data fraud and identity theft from affecting you and your customers.
