More security requirements coming for small merchants

Category: Merchant Processing Industry

While merchants of all sizes have dealt with rising requirements for protecting transaction data for some time now, even more security efforts may be necessary in the near future. In general, smaller companies are the ones now being affected by payment fraud most often in the wake of the EMV liability shift, so more will soon be required of these merchants in particular.

Smaller merchants haven't been as eager to adopt the latest point-of-sale technology in the way their larger counterparts have, in part because of the cost associated, according to a report from Visa, the world's largest payment processor. But now Visa is implementing new rules that should improve security. Specifically, they will be required to hire IT pros who have the latest status as a Payment Card Industry Qualified Integrator and Reseller. The new rules will go into effect on Jan. 31, 2017.

Security is a front-and-center concern for the payment processing industry.Security is a front-and-center concern for the payment processing industry.

Why it's happening
After the liability shift, Visa and other payment processors saw upticks in fraud at smaller merchants, and it noted that these retailers may need to do more to get up to speed with modern security requirements, the report said. By putting these new requirements in place, it will help to ensure that smaller merchants are keeping up with industry-recommended best practices for security standards. For now, the two places where this problem is most pervasive - the U.S. and Canada - will be the only ones where merchants will have to abide by the new rules.

"Visa is introducing these requirements in the U.S. and Canada because these countries have experienced the largest number of small merchant breach incidents," the company said. "Visa will continue to evaluate whether the requirements should be expanded to acquirers in other countries."

Security on the mind
Meanwhile, for a litany of reasons, overall security of computer and payment systems is very much on the mind of many companies, according to a report from Digital Transactions. One survey from earlier this year found that many companies are looking for ways to improve security by going past passwords. Today, nearly 3 in 4 companies use employee logins, but security experts acknowledge that the effectiveness of this type of basic security isn't what it once was.

Nearly 7 in 10 respondents say a combination of usernames and passwords aren't enough to meet their security needs today, the report said. The security technology of the future likely will rely on more things like biometrics - thumbprints, eye scans, and so on - to further ensure accounts and sensitive data are adequately protected.

With all this in mind, it might be vital for smaller merchants and other businesses to make sure they're doing all they can to ensure they're keeping their payment data as safe as possible on an ongoing basis. By adopting the latest POS devices to handle both EMV and mobile payments, they may be able to take a significant step in the right direction.