6 Security Terms You Should Know to Protect Your Business

6 Security Terms You Should Know to Protect Your Business
Fraud, disputes, account takeover, data security, encryption and hacking. How much do you know about these security terms?
by Mallory A. Russell Sep 21, 2018 — 5 min read
6 Security Terms You Should Know to Protect Your Business

The same, recurring themes often come up when people talk about digital security. Understanding exactly what they are and how your business might be prone are the first steps in learning to safeguard you, your customers and your business.

1. Fraud

Fraud is the act of deceiving an individual or business to illegally obtain money, goods or services. One of the most common ways small businesses encounter it is through payment processing. And even more common is fraud taking place through “card-not-present” transactions — those processed virtually, without the physical use of a payment card by the cardholder. It’s for this exact reason that eCommerce businesses who rely entirely on online transactions, are at extra risk from fraud.

A typical example of fraud taking place is where an individual attempts to use stolen credit card information to purchase something through a website. The fraudster essentially deceives the business into thinking that they are the owner of the funds being used in the transaction, enabling them to illegally acquire products or services. If and when the real cardholder realises their card is being used by someone else, they will likely file a dispute (see the next section).

There are many ways both to avoid fraud and to cope in the unfortunate situation where it happens anyway. You can start out by reading our detailed but easy-to-action help article on how to protect yourself from scams and fraud.

 

2. Disputes

A payment dispute is when a cardholder contacts their bank to request the cancellation of a transaction. If the cancellation is approved, the bank reverses the transaction by issuing a dispute, before debiting your business’s account for the disputed funds. This final debit back to the customer’s account is called a chargeback.

There are a number of reasons a cardholder might file a dispute:

 

A cardholder has the right to initiate a dispute. If the bank deems their dispute to be legitimate, the cardholder will receive their money through the chargeback. Chargebacks are bad for your business’s cash flow generally, but there are a number of other reasons why they are best avoided:

 

Bearing in mind all of the above, you can see why avoidance is the best approach to payment disputes. The good news is, there are ways to do so. And some are as simple as choosing a payment provider who protects you in the first place. Read more about how to protect your business from payment disputes and chargebacks.

3. Account takeover

When accounts aren’t secure — whether that’s your email account, bank account or an account for software you use — individuals can seize control and use them with criminal intention. There have been a number of big news stories about data breaches in recent history, with all kinds of establishments targeted, from Facebook to the NHS.

Hackers often engineer these data breaches through websites or apps to access user information like saved email addresses and passwords. They then use these login details to make fraudulent transactions, sell them to other criminals on the dark web, hold the affected business to ransom or simply make an example of that business’s insufficient security.

A perpetrator might also pose as a legitimate business to trick people into freely giving them their personal information. This is known as “phishing”. After logging into the victim’s account, they may change their login information to prevent them from getting back in and — with bank accounts — transfer funds to their own account.

There are a number of ways to protect yourself from account takeovers:

 

In the same way you would protect your own data using the tips above, you should also be offering the same safeguards to your customers so that their data stays secure.

4. Data security

Data security refers to practices and techniques that stop data being accessed by hackers. These can be carried out using software (like a firewall) or hardware (like WIPS) that detect suspicious activity, help you secure payment devices and monitor the authenticity of transactions.

To ensure that business owners keep their customers’ data secure, the five major credit card brands — Visa, Mastercard, Discover, American Express and JCB — have created a series of regulations called the Payment Card Industry Data Security Standard (PCI DSS) under their collective organisation, the PCI Security Standards Council. PCI DSS obliges businesses to maintain a specific standard of security when accepting, processing, storing and transmitting payment card information to stop cardholder information falling into the wrong hands. Businesses that are found to be noncompliant may receive penalty fees. Additionally, businesses can enhance security further by implementing 3D Secure, an authentication protocol that adds an extra layer of protection during online transactions.

Maintaining compliance in-house is time-consuming and expensive for businesses, all the more so if you’re small. This is why it’s a good idea to choose a payments partner that handles all the PCI compliance for you.

5. Encryption

Encryption is the process of converting private information into a line of code that is readable only to those with a special security key. In end-to-end encryption, when a device sends encrypted information, only the device receiving that information is able to decrypt it. This keeps the information safe from decryption taking place through the servers and networks that transport it between the two designated devices.

Here’s a step-by-step example of how payments companies encrypt payments:

 

This means that if a business’s WiFi network was compromised during a transaction, all the data being transferred (the card details, customer billing information, transaction information etc) would remain unreadable and unusable to hackers.

6. Hacking

Hacking is the act of using a device (most often a computer) to obtain private data, typically for illegal use. Hacking methods include using malicious software to attack users’ devices, creating fake websites that trick users into entering personal information or sending emails that request users’ personal information directly.

As we mentioned previously the technique of phishing relies on users mistakenly thinking they’ve received an email from a legitimate source, such as a bank or reputable individual. The hacker poses as one of these sources, and requests information such as the user’s bank details or email password.

There are some simple ways to protect yourself from hacking:

Mallory A. Russell
Mallory Russell is the Head of Content Marketing at Square.

Related

Keep Reading

Tell us a little more about yourself to gain access to the resource.

i Enter your first name.
i Enter your last name.
i Enter a valid phone number.
i Enter your company name.
i Select estimated annual revenue.
✓

Thank you!
Check your email for your resource.

x
Results for

Based on your region, we recommend viewing our website in:

Continue to ->