How Secure Are Hosted Payment Pages?
Hosted payment pages are only as secure as the payment processing technology behind the scenes. It's analogous to alarm systems or antivirus protection — you get what you pay for.
In fact, some hosted payment pages are unprotected and can lead to higher levels of credit card fraud. For example, some processors do not protect Transparent Redirects or Direct Post Methods from code insertion that could allow a "keylogger" to be included in the payment form. A "keylogger" would be able to capture financial data during the checkout process. This type of fraudulent activity can be prevented by ensuring that communications between the merchant's server and the payment gateway are protected from changes by a tamper proof seal. Failure to protect from changes to the data can leave a merchant vulnerable to this type of attack.
So what other steps should you take to protect yourself?
Choose a Trusted, Security-Conscious Payment Processor
When shopping around for hosted payment solutions, always select a processor that follows the PCI Data Security Standard (PCI DSS) set forth by the PCI Security Counsel and leverages the latest in data protection security.
Trusted payment processors should employ encryption and tokenization. Tokenization is an advanced security measure that swaps out personal account numbers with tokens. In the event that a hacker manages to get a hold of this token, he won’t be able to use it for malicious purposes. This token is worthless to anyone but the payment processor.
But arguably most important, the processor needs to continuously update its payment infrastructure to detect and plug all potential loopholes before they affect your customers. Data security is not a one-time fix — it is a dynamic process that demands 24/7 monitoring.
About The Author
Kristen Gramigna is the Chief Marketing Officer for BluePay, a credit card processing firm. She has more than 20 years of experience in the bankcard industry helping small businesses succeed.
BluePay is a leading provider of technology-enabled credit card payment processing services for enterprise, small, and medium-sized businesses in the United States and Canada. Through physical POS, online, and mobile interfaces, BluePay processes payments and provides real-time settlement, reporting, and reconciliation, along with robust security features such as tokenization and point-to-point encryption. BluePay is headquartered in Naperville, Illinois, with offices in Chicago and New York. For more information, follow BluePay on Twitter andLinkedIn, or visit www.bluepay.com