Technology is everywhere, information moves in an instant, and hipsters always have new demands. Whether your company needs to adapt to the new landscape of mobile or wireless payments, or just dealing with a demanding group of locals who want the hottest, new thing in commerce tech, assessing the risks is an important part of moving forward. Before adopting any option, here are a few risk assessment overviews to help you get into the informed risk mindset--whether the new tech is a good idea or not.
Mobile Payment Attachments
Square, Paypal, Breadcrumb, Chase, MagTek -- there's no shortage of dongles and mobile attachments to slide credit cards on the fly, but how can you verify the security points of mobile payments?
Your threat vectors are large in number, but they can thankfully be grouped up into a few categories. First, you need to confirm the security of the service you're using. What's the security track record of the specific device and company? Any breaches that lead to customer data being lost become your problem as well, since customers will either ultimately hold your business responsible for the choice or simply associate the experience with your service.
Is the device itself secure? You need to confirm serial numbers, firmware, and other identifying information to make sure you weren't slipped a fake by local hackers--or hackers under your employment--who can either tamper with legitimate readers, make a good copy, or hire someone to do the job.
What about the device that the card reader connects to? This thankfully becomes a more traditional list of risk assessments, being either part of a desktop, laptop, or mobile device security. One security faux pas is allowing employees to use their personal devices to process payments--a terrible habit seen at farmer's markets and pop-up sales tables across the country--which can be easily smashed by supplying low-cost mobile devices that are tied to business accounts.
Network Concerns For Payment Centers
Finally, what about the network? Forget about using 4G, as you have no control over how that data is transferred. Use wifi if necessary for processing payments, and if you can spare a hard-wired (Ethernet cable or fiber optic cable), go with that option.
The issue with any wireless connection is the ability to intercept data. That's not a very big problem with modern wifi because of the speed of the data, the encryption (although you should confirm that your payment service does include encryption and isn't some plain text offbrand). Hackers need to be breaking into the systems at high speeds with encryption that goes well beyond the scope of most business security.
4G and other cellular networks, on the other hand, are much easier to intercept and challenge. If your company is always broadcasting data to local cell towers, it's just a matter of time before a hacker can emulate (copy) your business data system and begin passively storing data for later. Keep it secure, private, and able to change when someone suspicious is around.
Contact an IT (Information Technology) risk assessment professional, such as from The Cyber Watch, to discuss other points of payment security and financial data protection.