Now more than ever, your department or agency needs to accept payments in as many ways as possible. The global pandemic has made in-person payments impossible, forcing many governments to accept online, digital, and over-the-phone payments, where they may not have had to in the past. In their well-intentioned efforts to help citizens make payments, governments might be overlooking the potential risks to their citizens and their PCI compliance.
Especially true for one-off payments for fines, fees, registrations, permits, etc. One-off payments made over the phone are risky if a staff member writes down the credit card information on paper. Handwritten credit card information is easily subject to loss, theft, and misuse.
Not only should you never write down credit card data on paper, but you should also not store credit card data onsite. Ever. Not on a computer, not in the customer’s paper file, anywhere in your office. Period.
Departments and agencies can face lawsuits and financial penalties when sensitive data is exposed. Not to mention the risk to your PCI compliance, i.e., your continuing ability to accept credit cards. In the list below, we list some commonsense dos and don’ts you can use to safeguard your operations.
To Reduce and Eliminate Risk and Safeguard Credit Card Data and your PCI Compliance:
- Physically write down any credit card information
- Use an imprint machine to process credit card payments
- Leave sensitive information unattended on a desk or in any public area
- Copy the front and back of a credit card
- Store physical credit card information onsite or in places like Google Drive, Dropbox, etc.
- Closely supervise all staff and visitors to the area where credit card information could be available.
- Collect only the information you need to complete the transaction
- Write down the customers phone number
- Use a fully-hosted virtual terminal that encrypts card data upon entry and transmission to record credit card information given over the phone.
- Have strict credit card handling policies in writing
- Hold regular credit card handling training with your staff
What are Virtual Terminals?
Like an online checkout form, virtual terminals are web-based and allow your staff to accept payments by telephone, mail order, fax, email, or health conditions permitting in-person.
Virtual terminals do not require new software or hardware. Existing desktop, laptop, tablet, smartphone, or POS system can host a virtual solution. An in-person transaction would require the installation of an external card reader.
Plus, Vvrtual terminals use your existing merchant account and payment gateway, internet access, and web browser.
Tokenization and End-to-End Encryption
Transactions on virtual terminals are made on a payment processor secure systems that use tokenization and end-to-end encryption to protect sensitive data during transmission. For example, when a customer gives their credit card information to your staff to input into a virtual terminal, the customer’s account number (PAN) is replaced with a randomly generated alphanumeric ID, known as a token meaningless to everyone except the payment processor.
The virtual terminal encrypts the tokenized information before sending it to the payment processor, which routes the transaction through the credit card networks. Using a virtual terminal frees you from storing sensitive data in your system and minimizing PCI scope and liability.
Simple to Install, Customizable Solutions
Web-based virtual terminals are easy-to-install, use, and offer comprehensive reporting features.
Use only terminals from a PCI compliant and secure payment processor. Intelligent payment processing platforms like IntelliPay make it easy to get started with virtual terminals. They offer a virtual terminal solution for every need; all are customizable and easy to install, requiring no additional software. Customization and set-up are free, and many virtual terminals options are configured within a single business day.
IntelliPay has provided traditional (government pays credit card processing costs) and user-pays payment fee-based options to governments of all sizes for 16 years. To learn more about your virtual terminal options, contact Adam Hensleigh by clicking here.