How to Make Rental Payment Processing More Secure (And Why You Should Care)
Faith Kubicki
You’re rental experts – not cybersecurity experts. You shouldn’t have to worry about encryption, network configurations, or firewall settings … but if you accept credit card payments from your customers, you’ve got to find a way to meet your PCI compliance requirements.
Of course, it’s not just a matter of “checking a box” to meet your obligations as a merchant. Credit card data breaches are a very real threat – even for rental businesses. There’s the obvious financial cost, as well as reputational damage. With as many as 60 percent of small businesses who experience a data breach going out of business within six months of the attack, it’s crucial to take appropriate steps to protect your customers’ payment data.
So: what can you as a rental business do to keep your customers’ data safe, protect your business, and meet your compliance requirements?
Our rental software lets you process credit and debit card payments without storing or transmitting the card data on your system.
If you’re processing the payment in-store, customers tap, swipe, or dip their card in a secure EMV terminal. This terminal passes the card data to the authorization network; it never touches your software or your systems. Once the transaction is complete, the results are passed back to your rental software for simple reconciliation.
If you’re processing the payment over the phone, you enter the data on a secure, isolated terminal. This terminal passes the card data to the authorization network over a designated connection. Again, you aren’t processing or transmitting that data on your main systems, which means a much shorter compliance audit for your team to complete.
If you’re processing the payment in-store or over the phone for a customer you’ve already worked with, you can charge a previously used card on file. You don’t have to re-enter the card information each time, which makes the process much faster for your sales reps. And, because you’re storing a secure, unencryptable payment token instead of actual card data, you don’t have to worry about card numbers or security codes being breached.
When it comes to your security efforts, that means:
You get to qualify for a much shorter, less complicated compliance audit. Instead of taking weeks away from your other work to collect documentation for the SAQ-D, you can complete one of the reduced versions in a matter of hours or days.
You don’t have to worry about writing down credit card numbers on a post-it note or saving them in a spreadsheet, where they could be accessed without permission.
You get even more peace of mind knowing that if a breach were to occur, the only thing on your system is a randomized token that can’t be used to charge your customers’ card without their permission.