Thanks to the emergence of mobile point-of-sale (POS) systems, the trusty old cash register is taking it on the chin. In fact, Juniper Research predicts mobile transactions will reach $1.3 trillion worldwide by 2015 – four times what it is today.
It should be no surprise that the adoption of mobile POS solutions by small businesses is a key driver behind this explosive growth. Most of these systems are geared toward small businesses – local coffee shops, boutiques, restaurants and convenience stores that, for the most part, still use cash registers.
Square, the company that brought us the first card-swiping device for the iPhone, recently introduced its Square Stand, which replaces the cash register with a mounted iPad and integrated card reader for accepting mobile payments. A new study from Constant Contact shows nearly 18 percent of small businesses are already using a tablet-based POS solution such as Square Stand.
Yes, the “cha-ching” of the cash register is slowly fading into oblivion, as sleek, hip, mobile devices take its place. But before you dive in headfirst, make sure you understand the steps you need to take to accept mobile payments safely and securely.
What is PCI compliance, and why do you need to take it seriously?
Every merchant that accepts credit card payments must comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI compliance protects your company’s data and your customers’ data, giving you credibility with both shoppers and payment brands.
Mobile POS is based on technology and programs that are very secure – as long as you’re using it properly. But just one data breach that compromises sensitive information can tarnish your reputation for years, and could even result in a lawsuit.
If you’re exploring mobile payments for the first time, the requirements could make your head spin. Fortunately, the PCI Security Standards Council published the PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users. This guidance explains how to isolate and prevent card data from exposure.
Take these steps to ensure PCI compliance when accepting mobile payments:
- Use a P2PE (Point-to-Point Encryption) solution to ensure that you’re encrypting cardholder data and accepting credit cards securely. Follow the P2PE Solution Provider’s Instruction Manual and check the PCI Council’s website for a list of companies that are qualified to assess these solutions.
- If you take credit card payments now, ask your payment processor or card brands for recommendations, guidelines or best practices for accepting mobile payments.
- Keep your mobile device secure and current. Make sure your device isn’t “rooted” or “jailbroken,” and use the latest operating system, apps and antivirus/malware programs from reputable sources.
- Never store credit card data, even temporarily. The longer you store it, the greater the risk of a security breach.
- Lock your mobile device. Having your device stolen or compromised is a much bigger hassle than entering a PIN a few times a day.
By accepting mobile payments, small businesses can improve order accuracy and productivity while reducing labor costs and paperwork. The benefits are clear. The risks of non-compliance are equally clear. Understand both before you move forward.
Atlantic-IT.net has extensive experience in both PCI compliance and mobile technologies. Give us a call for expert guidance in mobile payment solutions for your business.
What makes mobile payments appealing to you? What are your concerns?