1. Encrypt data with an SSL certificate
2. Make use of Payment Tokenization
- Improved online payment security for merchants and customers
- Helps sellers establish trust with their customers;
- It can prevent penalties and revenue loss as a result from data breaches;
- It allows merchants to store credit card data for recurring payments;
- Payment tokenization also allows makes it easier to achieve PCI-DSS compliance;
PCI-DSS, also known as the Payment Card Industry Data Security Standard, is a standard established by the biggest card brands, and it was designed with the purpose of reducing fraud and increasing online payment security. We will talk more about it in our next section.
3. Achieve compliance with PCI-DSS
- Building and maintaining a secure network
- Maintaining a Vulnerability Management program
- Restricting physical access to cardholder data
- Assigning a unique ID to each person with computer access
- Regular monitoring of all accesses to network resources
- Maintaining an Information Security Policy
4. Update your operating system
5. Implement 3D secure
- The merchant/acquirer domain
- The issuer domain
- And the interoperability domain
6. Ask for the CVV number
7. Monitor for fraud and security threats continuously
8. Comply with the European Directive PSD2
- Knowledge: Something only the user knows, e.g., password, code, personal identification number
- Possession: Something, only the user, possesses, e.g., token, smart card, mobile handset
- Inherence: Something, the user, is, e.g., biometric characteristics, such as a fingerprint
Among other requirements defined under the directive, merchants and banks should also seek the perfect balance between security and convenience, highlighting the importance of smooth payment experience for users.
MYMOID offers personalizable payment solutions that not only help merchants meet the requirements of PCI-DSS, PSD2 and GDPR, but also allow them to establish and optimize the payment experience for their customers to make it as smooth and intuitive as possible.
9. Require a strong password
- Uppercase letters
- Lowercase letters
- Special characters
As a merchant, you can consider adding a password generator that automatically creates these combinations for them in order to facilitate the purchase or the creation of an account. In the event of forgetting the password, they can always request a password reset.
Just as we mentioned in the previous section, all merchants should comply with the European laws for strong authentication such as the PSD2. Requesting a strong password as an additional layer of security can help to achieve this compliance.