By Rob Nathan, EVP, Integrated Solutions at CardConnect
Payments can be facilitated on a mobile device in a variety of ways. This is a huge advantage for SaaS companies looking to diversify recurring revenue streams in a way that also delights customers. Tablets or phones can be transformed into a formidable payment platform by swiping or inserting cards with hardware plugged into the mobile device. Companies could also choose to key in card numbers using secure web-based technologies that are accessed through an app or with a web browser on the device.
In either case, prioritizing and implementing repeatable security measures is absolutely essential to creating a secure mobile payment strategy. In this article, we’ll give you a clear and concise look at how SaaS providers can do just that, so data breaches can be avoided.
- Carry out a risk assessment. The first step to creating a secure payment strategy of any kind is to assess your existing IT set up, identify and then remedy any potential areas of weakness or access points hackers or cyber criminals could expose.
- Improve and maintain network security. It seems simple, but often people forget to update their antivirus software. Do this regularly and often to ensure there are no vulnerabilities in your systems.
- Train your employees. With so many data breach incidents arising as a result of internal data misuse, it is imperative to provide training and information to your employees to ensure they are aware of all data security best practices.
- Destroy unnecessary data. Securely dispose of all confidential information when it is no longer required. This includes both digital and physical data.
- Protect payment information. Use processes such as tokenization (anonymizing credit card information using algorithmically generated numbers which cannot be traced back to the original details) to protect the payment details of your consumers. In the case of a mobile transaction, tokens are sent to the POS terminal, protecting data while in transit.
- Enable device-specific cryptograms. This technology ensures that a payment originally came from the cardholder’s mobile device. If a hacker managed to obtain data during a mobile payment transaction, the cryptogram that is sent with the token to a POS terminal, cannot be used on another mobile device as it is unique to the original.
- Set up two-factor authentication. Otherwise known as ‘2FA’, this form of security uses two forms of identification for authentication. This can be a combination of a password, a payment card or phone, and a biometric mechanism such as a fingerprint, voice or facial recognition.
Why developing a secure mobile payment strategy is so important?
Your customers’ sense of safety is paramount, and with a secure mobile payment processing system in place, you will not only set yourself up to generate more sales, but allow for a fast and frictionless customer journey which can boost customer retention and improve customer loyalty.
CardConnect works with software companies of all sizes to create a streamlined customer experience through integrated payments. To find out more about the ISV partner program or any of the payment security information you read, click here.