5 Ways Merchants Can Help Protect Their Customers' Privacy

Merchants have an ethical and legal obligation to protect their customers’ privacy. Yet when it comes to the threat of data breaches, many merchants—especially smaller businesses—take solace in the attitude that “it won’t happen to us”. Unfortunately, the data doesn’t back this up.By 2019, data breaches and cybercrime are expected to surpass $2 trillion in costs to U.S. businesses. As much as 70 percent of the data breaches that occur each year involve small businesses.Not only do data breaches represent massive financial costs, but they can also drive away customers. One survey found more than 50 percent of consumers will terminate a relationship with a brand if the brand falls victim to a cyberattack that jeopardizes customers’ personal info. Beyond the costs to your business, allowing your customers’ privacy to be breached puts them at financial and personal risk.For these reasons, it’s critical for merchants to take data security seriously. Here are five ways merchants can help protect their customers’ privacy.1. Take stock. Startups and small businesses too often fall into the trap of “winging it” when it comes to consumer privacy, which means they’re hopelessly unprepared in the event of a data breach. It’s critically important to think about customers’ privacy before it become an issue. To that end:

• Make sure your company has internal privacy policies and procedures in place.
• Determine who on your team is responsible for maintaining privacy policies.
• Make sure you’re informed about your legal obligations when it comes to customer privacy.
• Develop a clear-cut response plan for data breaches.
• Identify who on your team has access to customer data, and decide whether these roles really warrant or require access.
• Identify where and how private data is stored.
• Identify sites or activities where private data might be at risk—e.g., are employees taking home laptops that include customers’ private data? Are you working with third-party software that sends data to advertising networks?
• Train your whole team to adhere to privacy policies and guidelines.

2. Limit data acquisition. Many companies collect more customer data than they actually need. By restricting data collection to only the information that’s essential for you to do business, you limit the amount of harm that could be incurred by a data breach.3. Secure what you keep. Once you’ve narrowed down the information you’ll keep, designate how (and how long) you’ll store this information. For example, plan to delete all credit card numbers after a certain period. Additionally, take the following steps to secure any information you store:

• Make sure your IT systems are operating with the most up-to-date software and security measures, from anti-virus software to firewalls, malware monitoring, spam filters, and so on.
• Make sure all possible access points to your customers’ data (e.g. laptops, smartphones, and USB drives) are secured.
• If you have an ecommerce site, always use a secure connection for online checkout and require that customers create strong passwords.
• Use a dedicated server (instead of a shared server) to host your files.
• Encrypt all sensitive data, especially data that makes customers personally identifiable.

4. Keep customers informed. When your customers provide you with their credit card number and other information, they’re entrusting you with highly sensitive data. Respect that trust—and demonstrate to your customers that you take their privacy seriously—by sharing your privacy policy with your customers, soliciting feedback and promptly responding to privacy-related complaints from customers, immediately informing customers if any of their data is compromised, and providing support in the unfortunate event that data is breached.5. Outsource carefully. If you’re a merchant, you’re no doubt working with third-party payment processors (and potentially other third-party services). This means these companies’ privacy policies have a direct impact on your ability to keep your customers’ data secure. So it’s important to vet payment processors to ensure their privacy policies are up to snuff. The good news is that a quality processor can take over the responsibility of storing your customers’ credit card information for you. If you’re not sure how to go about vetting a payment processor, SwipeSum is here to help.These steps might seem laborious—and honestly, they are. That’s because securing your customers’ sensitive information is a huge responsibility. But the investment it takes to secure this data is well worth it for the protection it provides against potentially catastrophic data breaches.