9 best practices for accepting payments via mobile device and mPOS
Is your business accepting payments on mobile devices, or considering it? If so, you are in good company. Large retailers, such as Nordstrom’s, have seen increased sales after integrating an mPOS (mobile point of sale) solution. Major restaurant chains, including McDonald’s and Olive Garden, are using it, too. In fact, a report by 451 Research projected that by 2019, the global mPOS installed base will reach 54 million units, which is quadruple the number from 2015.
According to a Juniper Research report, by 2021, more than one in three POS systems will be mobile. It’s no wonder mPOS solutions are catching on. They are not only convenient, but also provide tangible benefits to both merchants and customers. Shortened transaction time, elimination of lines, scalability capability, and less reliance on cash all increase sales and heighten customer satisfaction. But any data transfer comes with risk. To ensure a safe and secure mPOS experience, follow these best practices:
1. Become PCI DSS certified
If you accept credit cards, you must be compliant with Payment Card Industry Data SecurityStandard (PCI DSS). This is a set of requirements designed to ensure customer and data security. Noncompliant merchants can face steep fines, or worse, lose their merchant accounts, making them unable to accept credit card payments at all. They will also find themselves on Visa/Mastercard "Terminated Merchant File" (TMF) list, which blocks them from obtaining new merchant accounts for years. Being on the list pretty much means the end of your business.
If you’d prefer to avoid the hassle of getting PCI DSS Level 1 certified, yourself, you can choose to work with a certified payment service provider (PSP). Working with a PCI DSS certified PSP will keep you from coming into contact with any cardholder data, reducing the chances of theft, fraud and hacking. Make sure to request a certificate of compliance from your PSP each year.
2. Store only cardholder data that is absolutely necessary
If there is no service, some mPOS apps will store cardholder data to send when service becomes available. Make sure your system avoids this practice. Why? The longer data lingers on any device, even if it’s encrypted, the higher its risk of becoming compromised. If your mPOS solution has such a "store and forward" feature, disable it.
3. Ensure your device has not been "rooted" or "jailbroken"
Rooting an Android, or jailbreaking an iPhone, grants superuser rights, which allows users to install basically any app or customization, avoiding manufacturer or carrier restrictions. It also presents serious security risks since most breaches happen on such devices. Did you buy your phone used, or lend it to a tech-savvy teenager? Your phone may be rooted or jailbroken. Check online for instructions to find out the condition of your device.
4. Make sure your operating system is up-to-date
Enhance your security by updating to the most recent versions of iOS, Android, MS, or Blackberry. Software companies constantly work to improve security and protect against hackers, and you benefit from these improvements only with up-to-date versions. If your device cannot support the latest operating system version, upgrade your device to one that can.
5. Use apps only from reliable sources
If your device hasn’t been rooted or jailbroken, you most likely do not have apps from unapproved sources. But check anyway– go through your apps and uninstall anything that’s not from a trusted source.
6. Continually update your apps
Make sure you are using the latest version of all your apps. And remember to update as often as new versions are released.
7. Use anti-malware/antivirus apps
Find an anti-malware or antivirus that works for your mobile operating system. There are plenty of reliable options, many of them free. Avast, AVG, McAfee, and Lookout are a few of the more popular mobile security products out there, but search for reviews and do your research in order to select the one that is right for your business.
8. Secure your device with a strong password
We know, it’s annoying to keep your mobile device locked. Worse, though, is dealing with compromised data if your device is lost or stolen. And try to make your PIN is hard to guess. Did you know that more than 10 percent of mobile users choose 1111, 0000, 1234, 2580, 0853 as their password? Choose something more difficult.
9. Educate and train your staff in mPOS security
Best practices are only helpful if your staff is using them. Take the time to train your employees so these steps, above, are second-nature, and check in periodically to make sure everyone is up to date. You can take advantage of everything mPOS has to offer while keeping your customers’ data secure. These best practices will help you reap the benefits of accepting payments on the go: convenience, increased revenue, and happy customers. Your business will thank you.
Eran Feinstein is the founder of Direct Pay Online, a global e-commerce and online payments solutions provider for the travel and related industries. With over 14 years of experience leading technology, sales, marketing and operation teams, Eran is an authority in the East African e-commerce and payments arena. He's also an avid marathon runner.