Security is something you never really think about until something goes wrong – then it unceremoniously catapults to the top of your ‘to-do’ list! The trouble is that once that happens, the damage has already been done.
I’m talking about a security breach within your point of sale environment (where you’re swiping credit cards) which allows customer card details to be copied and stolen. The bad guys copy card details to create fake cards that they then use in stores, or online. If a fake card is used in your store, you could find yourself in a ‘chargeback’ situation that as a small business you may or may not win, resulting in revenue loss.
But that’s not the end of it. The biggest thing you stand to lose is your customer’s trust. According to a recent survey of 2,000 consumers, 60% blame merchants – not banks – for data theft. Secure credit card swiping is a service you provide to your customers and one they expect from you.
Aside from swiping cards, there are several other areas to think about to make sure your store data is secure. Here are five steps you can take to help keep your store safe.
1. Never use a Windows point of sale machine again
Windows point of sale environments are notoriously insecure and easy to hack. We all remember the Target disaster, when up to 70 million Target customers had their credit card details copied by Russian hackers. All this happened on Windows machines.
Even more worrying, if you are still using Windows XP, is that Microsoft no longer supports these machines. As of April 8th this year, Microsoft stopped issuing security ‘patches’ to address vulnerabilities in its software, which means XP is now the ‘weakest link’ that is easiest for the bad guys to target. For more information on this and to weigh up your options, read our ‘Small Business Guide to Surviving XP End of Life.’
In addition to being insecure, Windows point of sale systems can also be extremely disruptive to maintain. I ran my wine and grocery stores on several Microsoft RMS machines back in 2008, and they made my life miserable. If they didn’t have a virus they were crashing or in need of expensive upgrades that I just didn’t have time to deal with. Take my advice – do yourself a favor and never use a Windows point of sale machine again!
2. Use an encrypted credit card swiper
The best way to keep your customer’s details secure is to keep them out of your store entirely. Using an encrypted swiper means that no card data is ever touched, stored or shared by your point of sale device. When you swipe a card, the information on that card is immediately encrypted into a secure code. The code is then what’s sent to process a payment, rather than card details which can easily be copied.
Let’s use the Target breach again as a recent example. Credit card details were copied because of a piece of malicious software which was placed in-between the point of sale terminal and Target’s servers. When a card was swiped and payment details were sent to the server, the malicious software simply intercepted and copied those details. With an encrypted credit card swiper, customer payment details are replaced with an encrypted code that can only be read by a secure financial institution that has the key. It’s a much safer way of doing business, and will help you sleep at night.
3. Make sure your data is kept off-site
If, God forbid, your shop were destroyed in a fire, flood or other disaster, would you be able to recover your customer information or sales records? Or are they sitting on a server in your basement? Keeping this information on-site is risky business, as if something did happen your entire store history would go down along with your shop.
There is also a big insurance risk. Did you know that you won’t get your business interruption insurance paid-out unless you can prove how much money you were making? If your records are kept on-site and are lost in the event of a disaster, you won’t get your money.
Either move your server off-site, backup your information onto an external device (like a hard drive) that you take home with you, or even better store your information in the cloud. This is by far the easiest option as it happens automatically so you will never miss a backup. You’ll also be able to access your data from anywhere on any device with a web browser.
Switching to the cloud to run my wine store literally changed my life. I never had to deal with a server again and I wasn’t tied to the shop anymore. I could see exactly what was going on and manage the store from wherever I was.
4. Keep your software up to date
Software providers release updates when they are fixing bugs (little glitches), addressing security vulnerabilities or adding new features. It’s important to make sure you are always running the latest version of your software so that you are benefiting from the improvements that have been made. Be sure to check for updates regularly and pay attention when your device alerts you that a new version is available.
5. Take care of your employees
Technology aside, your employees are your last line of defense against any suspicious activity. I don’t mean to pick on Target again, but evidence suggests that breach was an inside job.
Treat your employees and contractors well and they will take care of you too. As a rule I always paid my employees more than the average amount because their loyalty and willingness to go above and beyond was worth more to me than a few extra dollars of pay per hour.
Also, always hire people you trust. I’ve heard countless small business owners say that the biggest mistake they ever made was hiring the wrong people. If you hire people you trust and treat them well they will do the same to you. And ultimately, that’s the person you want dealing with your customers.
There’s no ‘silver bullet’ to mastering security – if there were, crime would no longer exist! But there are measures you can and should take to secure your small business, and keep the trust of your customers in-tact. The most important thing is to plan ahead and put those measures in place before disaster strikes, or you’ll be kicking yourself for not acting sooner.