Skip to main content

Insights by Cathay

How businesses can keep their customers’ payment info safe

Data breaches are occurring increasingly often, but many companies still have not implemented the latest security measures. With security topping the list of consumer concerns, businesses must keep data security in mind if they hope to appeal to new customers.

Consumers would like to see companies invest in new technologies to protect their transaction information. Unfortunately, many retailers still have not started using EMV— sometimes referred to as “chip” — technology meant to protect personally identifiable information. Some companies have expressed difficulty maintaining payment card industry data security standards on mobile payments. In fact, according to the 2019 Mobile Security Index conducted by Verizon, 67% of organizations do not feel confident about their security system in place.

That same study shows that while small businesses are generally more confident in their security than larger organizations, almost one-third of them have experienced a breach or have been compromised, and they are less likely to have certain measures, such as unified endpoint management, in place.

No matter what type of business you run, it is important your organization does everything it can to protect financial data. Here are three tips on how to store customer data securely:

1. Be careful about what data you store.

The more data you have, the more you are considered a target. According to payment card industry data security standards, companies cannot store certain types of credit card data, such as Card Verification Value 2 (CVV2) data.

In fact, companies can store only the primary account number, expiration date, cardholder name, and service code, provided they take certain precautions to hold that information. Companies also cannot keep any data that is authenticated, and personal identification numbers cannot be kept under any circumstance. 

2. Test for vulnerabilities.

Analyze your computer systems and networks for weaknesses to identify gaps in cybersecurity, and develop an incident response plan. An incident response plan will act as a guide on how your company will counter a data breach. It must be current, so you should test your plan often.

In addition to putting in play an incident response plan that is reactive, companies must also be proactive. New vulnerabilities are discovered every day, so systems must be tested regularly. Monitor your customer portal and users, and have team members trained and ready to talk to customers, law enforcement officials, regulatory officials, etc.

3. Educate your users and customers.

Many companies believe that their customers and employees are their biggest security vulnerability. About 50% of consumers act in a way that puts themselves at a higher risk of having their information stolen because they do not know how to identify suspicious activity and how to ensure online payment security.

Provide warnings and training to your employees and customers to help them recognize phishing and fraud attempts. Ensure you are using proper protection and encryption to secure your customers’ data, which will also help increase their engagement with your company and encourage brand loyalty.

To learn more about how to keep your customer information secure, here are a few more resources to help your company keep track of security standards:

It is true: All businesses are at risk for a data breach. However, with the right secure payment processing in place and resources and tools to help you along the way, you can worry less about losing important data and can concentrate on other ways to expand your business. Cathay Bank also maintains information about cybersecurity. Tour the Security Information Center.

This article does not constitute legal, accounting or other professional advice. Although the information contained herein is intended to be accurate, Cathay Bank does not assume liability for loss or damage due to reliance on such information.

Share This Article: