With TLS updated, what you can do to stay safe

TLS has come and gone, and on our end, we thankfully saw very little turbulence—our merchants were well-prepared, and we avoided the payment apocalypse that many thought was on the way.

TLS was the latest in the long line of crucial updates in the payment industry. It’s hot on the heels of other notable deadline efforts which were spearheaded to boost security in payments, such as EMV. All of these updates have made strides in payment security, but the battle against fraud is never-ending, and the criminals are always evolving.

In the aftermath of TLS, here are steps to take to ensure your customer data remains as secure as possible going forward.

Ensure you’re updated to EMV. By now it’s become somewhat rare to swipe instead of inserting. The once common refrain of “we don’t take chips” is disappearing, and that’s a good thing—updating to EMV is the most crucial step a business can take toward safety in payments. Visa has estimated that fraud is down 76% among merchants using EMV.

Yet some businesses are still ignoring the benefits of EMV. EMV has not only drastically decreased the frequency of in-person fraud, but when merchants accept EMV they also face lower liability if fraud does occur. There’s no downside to taking EMV, and every merchant must be sure they do so.

Utilize cloud-based updates to protect against the latest threat. In payments, you can never rest on your laurels when it comes to security. Criminals are always coming up with new techniques and methods, and it’s crucial that your solutions evolve at the same rate.

One of the best ways to keep your transactions and data safe against the latest threats is to use technology that downloads security updates from the cloud. That way, whenever a new threat is discovered, a patch is soon on the way to help keep businesses safe.

Use solutions that encrypt every single transaction. Encryption, especially P2PE encryption, is crucial in today’s modern world. It’s recognized by the PCI Security Council as the best way to keep a transaction safe, and it starts right from the moment a card is inserted by instantaneously encrypting cardholder data.

The best P2PE solutions can even simplify PCI-DSS compliance efforts and decrease the need for penetration testing and firewall deployment. It not only keeps customer data more secure, and makes your life easier, too.

Make sure you have strong e-commerce protocols that label red flags. During e-commerce transactions, preventing fraud can be tough—but more than anything else, you need to know when a transaction is suspicious. The most common methods of verifying online transactions are CVV numbers and address verification, but there is more that modern businesses can do to determine if an order is suspicious.

Is it a first time shopper? Is the order larger than normal for a return shopper? Is the shipping method or location odd? There are dozens of possible red flags for card-not-present transactions, and you should work with e-comm partners to be sure you’re aware of how to catch them. And, ideally, your e-comm partners can flag them automatically.

Follow the guidelines of the PCI Security Council. In talking about P2PE, we referenced the recommendations of the PCI Security Council—but those go far beyond just P2PE. The PCI Security Council tells businesses how to stay safe and what to do to keep up to date. They are a trusted resource, and one which should be checked frequently.

​​How to Stay Secure In the Post-TLS World

Put the Genius of Cayan to work for your business.