How To Better Secure Your Credit Card Data

Written by: Ryan Fried

You don’t have to be a newshound to know that data breaches are an all-too-common occurrence. Cyberattacks are being reported at a record pace—recent data shows there were 918 data breaches compromising 1.9 billion data records in the first half of 2017 alone. That’s an increase of 164 percent over the same time period the previous year.

A recent incident to be reported was related to Under Armour’s fitness and nutrition app, MyFitnessPal. It is believed the breach was limited to usernames, email addresses, and hashed passwords—and that it did not include credit card information. The reason? Because Under Armour collects and processes payment data separately from other user information.

Being proactive about protecting your company from a data breach is a great strategy that many eCommerce businesses would be wise to adopt.
The truth is, no plan will protect your company from a data breach 100 percent of the time. You can, however, look for solutions and partners to help you reduce risk—one of which should be a secure payment gateway. Click To Tweet

Your gateway can help protect payment information by storing credit card data on your behalf. That takes a good deal of the burden off you, and helps protect your customer credit card data at the same time.

The BlueSnap All-in-one Payment Platform is secure, simple, and seamless. Talk to us to find out what we can do for your business today.

Why is a payment gateway a better secure option to store your card and shopper data?

Payment gateways process payments as their core business and have to comply with a number of regulatory programs/mandates. This forces gateway vendors to expend a substantial amount of budget and resources on security, which creates a more secure environment than a typical merchant would have. One such regulatory mandate is the Payment Card Industry (PCI) Data Security Standard (DSS) compliance. PCI is designed to protect businesses and their customers from credit card theft and fraud. All businesses or service providers that store, process, or transmit payment card data are required to comply with the data standard, regardless of business size or the amount of annual payment card transactions.

Typically, gateways must comply with Level 1 PCI-DSS, which is the highest standard of PCI compliance. This standard includes encryption of data in transit and at rest, periodical penetration tests and ethical hacks, and deployment of security defenses and infrastructure (such as intrusion prevention systems, data leak protection software, endpoint security protection), just to name a few. Any environment that must adhere to PCI Level 1 compliance will naturally be more resilient and secure than an environment that does not. Hence, having your payment gateway store your card and shopper data makes perfect sense.

Any business that processes cards falls under some level of PCI scope. Your payment gateway can ease the scope of PCI compliance for you while still allowing you flexibility in how you create and manage your checkout experience. Look for options like these from your payment gateway:

  • Hosted checkout pages are prebuilt payment pages you can build into your site for secure credit card processing, but the payment gateway still stores credit card data for you. This type of integration gives you the benefit of having the main burden of PCI compliance covered by the payment gateway.
  • A payment API with hosted payment fields integration lets you design your ideal checkout experience (a major advantage of API integration) but still usually gives the payment gateway the responsibility of protecting customer credit card data. Hosted payment fields replace the credit card input fields on your checkout page, saving sensitive payment data to the gateway’s Level 1 PCI-compliant servers. With this option, card data never touches your company’s database/servers.
  • Integration via payment API with client-side encryption encrypts sensitive data before sending it to your server, which reduces your PCI compliance burden and makes payments more secure. The encrypted information is then sent to the payment gateway’s servers, decrypted, and processed.

Data Ownership

Another critical question to ask is who owns the data stored with your gateway provider. Does it remain the property of the merchant, or does it become the property of the gateway? This question becomes important when you are evaluating payment gateways. If you ever decide to make a switch, then you would want your current gateway to work with your new one and transfer the historic data. However, if the payment gateway owns your data, they do not have to willingly share your historic customer data with your new gateway. BlueSnap allows customers to retain ownership of their data, making it a more flexible platform.

Looking for a payment platform to partner with?

BlueSnap can help. We’re committed to providing eCommerce businesses the best security solutions available while at the same time making security management as easy as possible for you. Talk to us about what we can offer your business, or visit our website for more information about our All-in-one Payment Platform and our various payment integrations.

BlueSnap-Talk-To-Sales