December 20, 2022
During the third quarter of 2022 alone, approximately 108.9 million accounts suffered exposure to worldwide data breaches. This is a 70% increase from the previous quarter. The United States is among the top 5 countries affected. Alongside Spain, Russia, France, and Indonesia.
Furthermore, a total of 603,591 identity theft cases were also reported in 2022. Research further revealed that credit card information leaked accounted for more than one-third of these cases.
With such staggering numbers of cybercrime, consumers have every right to be wary of entering their payment information online. It is a merchant’s responsibility to subside such worries and build trust with their clients for seamless secure online payments.
If your eCommerce site does not have the necessary security to protect cardholder data, chances are, your customers will favor a more secure business.
There are 4 main reasons why merchants should consider improving their online data security:
Keeping that in mind, the below methods can help answer your questions about credit card payment protection online.
Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) is an encryption-based internet security system. Its purpose is to protect communication between web devices. Ensuring privacy and data integrity in online communications. TLS is the modern-day successor to its earlier version, SSL.
When a website is hosting TLS security, the URL will read HTTPS rather than HTTP. The “S” at the end stands for secure. Additionally, the website might also contain a green shield or lock next to the URL.
Data encryption provides a high level of privacy, credit card users want for secure payments online. Encryption takes credit card info and mixes it up with random characters.
TLS-certified websites then perform a virtual “handshake” between the browser and the server. This determines a key to unlock encrypted information.
Because encrypted data is in code, it is nearly impossible for hackers to decipher the information. Which makes a customer’s credit card safe and secure for online shopping.
When you are charging a credit card on file, tokenization is the method used to protect stored customer card data. It replaces the real credit card number with a token.
The token is a random set of letters and numbers that would mean nothing to someone who had access to it. The payment processor is the only entity that can read it. A virtual vault securely stores a tokenized card’s real data.
When used with encryption– protecting credit card data during a transaction– tokenization prevents leaked credit card information. It is the best way to save credit card information.
If you’re looking at storing credit card information online, be sure to look for a payment gateway that offers secure tokenization for your merchant account.
Any merchant that accepts, stores, and transmits credit card information is subject to the rules and regulations of PCI standards.
The Payment Card Industry Data Security Standard (PCI-DSS) is a set of policies created by the PCI Security Standards Council (PCI-SSC) and regulated by major card brands. The design of PCI compliance is to safeguard cardholders from any misuse of sensitive information.
PCI compliance is not required by law. However, merchants that are not PCI compliant will suffer penalties. Such penalties could include:
With such devastating potential consequences, it is shocking to discover through recent research, that nearly 67% of merchants are storing unencrypted cardholder information.
There are 12 PCI compliance requirements that are essentially broken down further into sub-categories. For this discussion, we will go over the main 12.
There are plenty of consumer protection laws about keeping credit card numbers on file. However, entities that are following PCI compliance guidelines have permission to store information classified under Cardholder Data (CHD). Cardholder Data includes:
This information is a combination of personal information mixed with primary card information. It is all typically found on the front of a credit card.
Sensitive Authentication Data (SAD) is information that merchants can not store after the authorization of a transaction. Sensitive Authentication Data (SAD) includes:
SAD is highly valuable to financial criminals. Used for unauthorized transactions for both card-present and card-not-present environments. Fraudsters use stolen cards to make unauthorized purchases online. Some cardholders opt to hide credit card CVV by scratching it out or blacking it out with a permanent marker.
This is because security codes are necessary for completing online purchases. If the cardholder has the number memorized or stored somewhere safely, this method can prevent any unauthorized charges from a stolen card.
A merchant should know how to collect credit card information online not only safely, but also efficiently. Optimizing the checkout experience for customers can make all the difference. Especially when it comes to their trust in entering their credit cards for online shopping.
There are some practices that merchants should avoid and some practices that they should implement when it comes to taking different payment methods online.
Follow along to discover the best way to use a credit card virtual terminal:
Ideally, it would be best if you had your merchant account set up to accept all card brands. It can be an inconvenience for customers when their credit card issuer brand is not an accepted form of payment. This can often be the case with Discover or American Express credit cards.
Displaying a logo for each accepted card brand will limit any unnecessary customer confusion or concerns before even beginning to enter their payment information.
These card brand logos generally appear after selecting the payment type and before the card number field.
To take a customer payment online, you will need the following credit card details:
It can be cumbersome for customers to key in card details to complete their payments. Online transactions take more time than using contactless or EMV payment at a physical terminal.
Cutting out unnecessary fields will help reduce checkout time and increase customer experience.
One example of unnecessary information is the card type. This field is redundant.
Card brands are automatically determined by the first digits of the card:
As straightforward as this may seem, the more specific you can be, the fewer user errors will occur.
A person may have their name listed differently for independent situations. Take their bank account, their full legal name, their nickname, and the name on their card, for example. These can all vary slightly.
For example, a person’s card may or may not have their middle initial listed. In that case, you’d want the cardholder to make sure they enter in exactly as their name appears on their card.
To prompt the cardholder your cardholder name field can read as:
Security codes are Sensitive Authentication Data. Merchants cannot store this information online. Each card brand has different names, digit amounts, and locations for their credit card security codes:
Because each card brand uses different terminology, you will want to stick with the general term of “security code” rather than CVV, CVC, or CID. Sticking with the umbrella term can reduce customer confusion.
You can even include an image to help guide cardholders at checkout:
You should always label your fields with alpha characters. Never rely solely on icons such as a lock for security code or a calendar for expiration date. Vague prompts can potentially lead to the entry of inaccurate information.
A lock could suggest a few different things to cardholders:
It simply isn’t direct enough for a smooth user experience.
Even with clear directions, users can still make mistakes when entering information on online forms. This can be simply due to a typo or not fully reading instructions carefully enough.
Either way, entering the correct data is important to successfully complete an online transaction. So when errors do happen, it is important to prompt the cardholder with an accurate description of what needs adjustment.
Unclear Error Message: The message does not specify exactly what the mistake is and how to fix it.
“There’s a problem” or “not valid” are vague messages that do not help users correct their exact errors.
Is the card number too long? Too short? The right length, but entered with the wrong digit somewhere? Should I use a different format? Spaces? No spaces? Dashes?
Clear Error Message: In comparison, this error message says exactly what is wrong with the field:
As you can see, the more detailed an error message is, the more seamless the user experience will be.
Lastly, be sure you have your customer support phone number listed on your page. If your customer has any problem at checkout, they should easily be able to contact someone who can walk them through their payment.
If no help is available, you can easily lose out on a sale and a new customer.
To protect credit card information, never ask for customers to send sensitive information via email. Email is an unsecured method of transportation. It is very easy for hackers to access emails and steal your cardholder’s information.
Additionally, certain email addresses can be automatically sent to spam by your email provider. If your customers were to send payment information and it goes to junk, you may accuse customers of not sending payment. This would lead to unpleasant conversations, confusion, and happy clientele.
Data security is crucial. With more people buying online, it’s up to merchants to take every step possible to protect credit card information. In implementing secure business practices and easy virtual terminal checkout, merchants will not only build trust with their clients, but they will also build a more successful business. It is my hope that this article has prepared you for how to securely store customer credit card information online.
To contact sales, click HERE. And to learn more about ECS Payment Protection visit Security & Encryption.
Financial Writer
Magna Cum Lade BA, Communication, California State University Channel Islands.
Omega Alpha, National Communication Honors Society, Lambda Pi Eta
I spend the majority of my free time as a professional portrait photographer, traveling when I can, and focusing on physical fitness, weight lifting, and nutrition.
ECS Payments is committed to providing quality merchant services.
Our aim is to be a “One Stop Shop” for all payment and product needs.