All Posts

Visa has released best practices for data encryption to enhance cardholder data security, especially for businesses not utilizing tokenization. These guidelines advise limiting cleartext data, employing strong encryption and key management, and protecting cryptographic devices. Visa also recommends using alternative identifiers for recurring payments and other processes requiring account numbers post-authorization.

PCI, or Payment Card Industry Security Standards Council, was formed by major credit card companies to protect cardholder data through the Payment Card Industry Data Security Standard. This standard mandates annual compliance reviews for organizations processing credit card transactions, with the type of review depending on transaction volume. Merchants can reduce their PCI compliance burden by accepting eChecks, using tokenization, or utilizing their provider's secure web payment page.

Accepting eChecks or ACH transactions offers significant cost savings compared to credit cards due to their simple per-transaction fee structure. Beyond cost, eChecks provide numerous benefits like easy integration with shopping carts, reduced administrative and reconciliation expenses, and improved cash flow. Businesses can leverage these savings to enhance customer loyalty programs or offer discounts, making eChecks a financially and operationally advantageous payment method.

Storing customer credit card data is extremely risky, as highlighted by the case of a 28-year-old hacker who stole millions of records. The article strongly advises against businesses storing this sensitive information themselves. Instead, it recommends relying on payment providers to handle credit card data securely and mitigate the risk of large-scale theft.

Securely hosted payment pages are offered by payment processors to simplify online payments for merchants, but features vary across providers. Key considerations when choosing a payment page include PCI compliance, customization options for branding and data fields, supported payment methods like eChecks, and the availability of both single and recurring payment options. Merchants should prioritize ease of use and ensure these secure pages are included without additional fees.