Photo: Flickr / cogdogblog
OK, so you set up your new fruit stand downtown, generated buzz through a cool wanted-poster marketing campaign and got yourself a handy app like Square to process credit card payments.Now all you need to do is sit back, hand out some melons, swipe the plastic and let the money roll in, right?
Wrong. Card processing apps such as PayPal Here and Square may be making all sorts of headlines these days, but using them is actually kind of tricky.
In order to stay compliant with Payment Card Industry (PCI) regulations, you’ll have to follow a very strict set of procedures. If you don’t, all that money you’ve earned hocking cantaloupes can vanish in an instant.
When you misuse apps that process credit card payments, the resultant fines and lawsuits can bankrupt any business – even the ones that operate out of wooden stalls on the sidewalk.
To keep yourself on the industry’s good side, you should always make sure you follow these four cardinal rules before swiping anyone’s credit card through your new iPhone.
1) Don’t let anyone else touch your dongle. Yes, those cool gadgets that Square and PayPal Here use to read credit cards are cool, but that doesn’t mean you should be passing your phone around for everyone to play with.
The only people who should ever handle your dongle – the little thing you plug into your phone – are you and perhaps one of your trusted employees. That way you can make sure that every transaction processed is legitimate and accurate. The damage someone can cause with just one misplaced reader can be devastating, so keep a careful watch on that little bauble at all times.
2) Only make transactions on your business network. To prevent any card-processing issues from carrying over into your personal life, you should use your card reader as a dedicated business device only. The device should stay on the company network and make deposits only to the company account. Not only will you reduce the chances of downloading malware from a corrupted smart phone (it’s easier than you think), you’ll also keep your personal finances safe from investigation should you ever be audited for processing what turn out to be fraudulent credit card payments.
3) Review every transaction at the end of the day, every day. You’d be surprised at how many credit card payments you’ll end up processing with one of these apps. Square alone processes more than 4 million transactions per day. Since these transactions can really pile up over time, you should make it a point to review your history at the end of every business day to make sure everything checks out. If you find a breach or suspicious charge from someone’s card, then report it immediately. The sooner you can address security issues, the better off you’ll be – at least in the eyes of the courts.
4) Do not store any card numbers. The biggest no-no of the PCI regulations is keeping card information on a server that’s connected to the Internet, since that invites hackers to come and raid your network. Because smart phones and tablets are pretty much always connected to the Internet, you need to make sure that your processing app isn’t saving any card information from the credit card payments you run through it. Many times, the app will take care of purging this information for you, but you should always check to make sure you aren’t holding on to any data that could get you in trouble.
You don’t need to be a rocket scientist to process credit card payments with your smart phone, but you do need to be careful. If you want to avoid the wrath of the PCI – and a few lawsuits to boot – you should always follow these helpful tips when swiping plastic through your dongle. They’re easy to follow and they’ll keep you and your business safe for years to come. Or at least until everyone switches over to mobile wallets.