How to Keep Your Small-Business Merchants Secure

Editor’s Note: This blog entry was originally published on May 25, 2016, and was updated on April 3, 2020.  

In recent years, small businesses such as Level 4 merchants have proven particularly susceptible to data hacking and credit card fraud. (Level 4 merchants are defined as those who process less than 20,000 transactions per year.)

Contributing to this may be the fact that small businesses may feel they can’t afford sophisticated, expensive IT security solutions. However, putting security measures in place need not be too cumbersome for the small business. Here are some measures you can take within your own software solution to keep you and your customers protected.

Remove Data from the Merchant Environment

A quick Google search for the phrase “credit card data breach” returns over 47 million results - showing how easy it has become for hackers to gain access to almost any stand-alone system. The trick is to move any sensitive customer (or business) data to a secure cloud-based vault administered by qualified security professionals. That data should never be present in the merchant environment (such as a network or hard drive).

Protect Data

For data that must be captured and stored in the merchant environment, it’s imperative to keep that data secure and protected. A combination of encryption and tokenization is one of the strongest ways to keep data out of the hands of hackers. By converting data into digital tokens, any data a hacker might access would be useless, as the “token key” is required in order to translate the information.

Ensure PCI Compliance

The Payment Card Industry Security Standards Council (PCI-SSC) created the Payment Card Industry Data Security Standard (PCI-DSS), a set of required security standards for any entity that processes credit card payments.

The measures have reduced credit card fraud and helped combat data theft. To help keep your merchants secure, it’s essential to ensure that your software solution is PCI compliant.

Provide EMV Capability

EMV, or “chip”, cards have become more widely used in recent years because of the additional security they provide. EMV helps prevent card fraud at the point-of-sale – the chips are nearly impossible to duplicate and the processing is dynamic (data never moves the same way twice).

Further, a few years ago, the payment industry implemented a “liability shift.” This means that the liability for a data breach will fall on whichever entity in the payments chain did not implement EMV technology. To avoid ending up on the hook for a very expensive problem affecting numerous parties, make sure your software solution offers EMV capability to your merchants.


In recent years, some credit card brands have started requiring merchants to use certified QIR professionals. This means those merchants must use a professional who is certified by the PCI Security Standards Council as a Qualified Integrator and Reseller (QIR) to install, integrate, and support terminals and point-of-sale applications. The goal of this requirement was to increase payment security and to help to better prevent data breaches caused by poor PCI compliance practices. For this added layer of security, ensure your payments partner has QIRs on staff.


Payment security measures can seem daunting to a small business, but they don’t have to be. Moreover, they’re necessary to prevent costly data breaches. Global Payments Integrated offers a comprehensive suite of security solutions to integrate into your software to ensure you and your merchants are processing payments securely. Contact us today to learn more.