4 Payment Security Tools to Help Protect Your Dealership’s Bottom Line
- Data fraud and breaches are happening more often.
- In the U.S., all retailers will be required to provide EMV capable payment.
When most people think of Chick-fil-A, they probably associate the brand with positive qualities such as good, quick-service food and friendly service. Now, Chick-fil-A has the dubious distinction of being the first company in 2015 to confirm publicly “potential unusual activity” in regards to consumers’ credit data.
In this case, being first isn’t something to boast about. Instead, it’s a warning sign to all other retailers that credit card fraud remains a very real problem.
Data fraud and breaches are happening more often with less forgiveness from consumers, and the price retailers are paying for having a non-secure system is increasing. One of the most infamous data breaches of 2014, Target, cost the retailer $148 million. But credit thieves don’t just affect large business. Over half of small businesses have suffered a security breach.
In a separate article, we highlighted four trends to help your dealership avoid data fraud and breaches. Plus, in a recent whitepaper, we mentioned payment security features that help secure customers’ credit information. But, what do these security features actually do and how can they help protect your dealership’s bottom line? Here are four important features and how they can help protect consumers and your business:
1. PCI Compliance
Payment Card Industry (PCI) compliance is a set of requirements designed to help ensure credit card information is maintained in a secure environment. There are a few types of PCI standards, but they all help protect the security of consumer information.
If a dealership lacks PCI compliance, its customers’ payment transactions aren’t secure. That could mean serious financial repercussions for the dealership for non-compliance penalties.
2. Point-to-Point Encryption
Point-to-point encryption (P2PE) is a security solution provided by a third party to code a customer’s personal information when the credit card is used at a point-of-sale terminal at a retailer. The information is decrypted once it reaches the solution provider’s secure environment outside the store.
P2PE also protects consumers from credit card thieves who try to hack into payments as they’re being transmitted electronically. A hacker could be waiting inside the dealership’s sales terminal, or near the point-of-sale terminal, with a device ready to steal the information wirelessly.
Either way, without P2PE your dealership’s transaction network is more susceptible to hackers.
If thieves do manage to intercept the data stream, tokenization is the next line of defense.
When a consumer makes a purchase at a retailer who uses tokenization, the cardholder information (such as full name and bank account information) is transformed into a “token,” usually as a series of unaffiliated letters or numbers. The token is stored at the retailer and the cardholder information is sent to a separate server housed by the third-party vendor.
When a consumer wants to make a repeat transaction, the point-of-sale terminal sends the payment request and token to the third party. There, it is verified that the request and token match the retailer that is on file. Once it’s verified, the cardholder information is utilized for the payment.
4. EMV Technology
EMV technology, originally developed by Europay, Mastercard, and Visa, was created to help reduce in-store fraud by standardizing credit and debit card transaction authentication.
The microprocessor chip embedded within an EMV card provides a more secure payment transaction in store because cardholder information is stored in the chip and encrypted to prevent unauthorized use of the card. Magnetic strip cards store the same information unencrypted, which makes them far easier targets for credit card fraud.
In the U.S., all retailers will be required to provide EMV capable payment terminals by October 2015. At this time, a liability shift will occur that states the party not EMV compatible will be found responsible for fraudulent charges should a breach occur. If the consumer uses an EMV card at a dealership that hasn’t installed EMV compatible terminals, the dealership is liable.
There’s one more thing to keep in mind when shoring up your payment security. Third parties can create more holes in your network for credit thieves to slip through, so the fewer third parties working within your network, the less chance there is of a security breach.
If you can find one service provider that can support all of the security features outlined in this article, your system will be more protected than if you have two or three doing the same work.
By continuing to add payment security features that protect your consumers’ data, you’ll continue to protect your dealership’s reputation, bottom line, and future profits.
An F&I manager once shared with me a work-stress nightmare he’d had. Trapped in his office in a steadily rising sea of paper, he was…