How to Store Customer Data Securely
Explore how to store customer data securely, how to handle sensitive information and how to remain PCI DSS and GDPR compliant.
Over the past few years, there have been a number of high-profile security breaches that have, understandably, given the public pause. As an example, we can look to Marriott International, which in November 2018 announced that cyber thieves had stolen data (including names, contact information and passport numbers) of roughly 500 million customers. Capital One is another example — a hacker gained access to personal information of more than 100 million credit applications.
In light of incidents such as these, customers are increasingly concerned and less trusting. People want to know that their sensitive data is going to be safe, respected and protected.
Here, we explore how to store customer data securely while remaining GDPR compliant and ensuring no private data gets into the wrong hands.
1. Ensure Your Privacy Policy is Updated and Explain How You Use Customer Data
When it comes to customer experience, trust is of the utmost importance. Customers need to know that your security measures are tight so when they share their personal information with you (whether it be their credit card information or their phone number), they don’t have to worry about identity theft or information leaks.
First things first: make sure to update and review your company’s privacy policy. This is the first place your customers will think to look to get more information about your security practices and ensure you are GDPR compliant. Communicate the legal basis for processing their data. Discuss retention periods and make it clear that your customers have a right to complain should they be unhappy with your implementation. This information should be delivered in a simple, straightforward and easy-to-understand manner. Not only can misleading customers about how their data is collected and stored create legal problems — but it’s also a red flag to customers that they can’t trust you with their information. This is a concern for everyone, especially small businesses that need to compete with corporate eCommerce giants such as Amazon.
2. Ensure You are Taking Phone Payments Securely — Be PCI DSS Compliant
Payment Card Industry Data Security Standard (PCI DSS) compliance is necessary for any business website that transacts money. PCI’s Data Security Standard is adopted globally by every branded credit card company. This universally accepted measure for eCommerce security is a clear indicator that your business is safe for customers to use.
At Callstream, we make sure our customers are both Payment Card Industry Data Security Standard (PCI DSS) and GDPR compliant when it comes to taking phone payments. Callstream Vault allows your customers to provide their credit card details over the phone without any card information being shared or stored by the agent or call recording software.
With Callstream Vault, a customer simply enters their card number and security code via the telephone touchpad. Tones are muted, so information remains shielded. The payment details are then forwarded to the merchant’s card processing platform in a secure format.
3. Make Appropriate Website Adjustments
Your website needs to reflect your attitude towards customer privacy. You need to take the right steps to make appropriate website adjustments to be GDPR compliant. Adjusting forms and getting consent for cookies go a long way to ensuring this compliance. You need to inform your website’s visitors, in plain language, about the purpose of your cookies and trackers
4. Make Sure All Staff Have the Appropriate Training
Whether you’re leading a global conglomerate or a small business, the best way to make sure your customer’s data is protected is to adequately train staff about data protection policies and the wider legal procedures of your industry. All employees should be informed of best practices regarding customer information and they should know what steps to take to ensure that classified customer data doesn’t get into the wrong hands.
5. Update Your Protection Software and Operating Systems
According to Kaspersky Lab, more than 200,000 new malicious programmes are detected and blocked by its cybersecurity software each day. This is enough to give you a good idea of the fast-moving nature of malware and spyware. Knowing this, security software and operating systems must be regularly updated.
6. Test Your System for Vulnerabilities
You can’t simply put the minimum security standards in place and hope that they will be sufficient to protect private customer data. All businesses need to frequently revisit and test their websites and systems for vulnerabilities that haven’t already been picked up by security tools. This could include hiring ethical hackers or cybersecurity experts to identify code vulnerabilities. Security is an ongoing, continuous project — ensure all policies are being adhered to and that all personal data is being deleted appropriately.
7. Have a Disaster Recovery Plan in Place
If you don’t have a disaster recovery plan in place, now is the time to create one. Include specific contingencies for a cyber attack and human error. Most companies have a disaster recovery plan in place as a safeguard to ensure that day-to-day business functions can continue as much as possible should an issue arise.
8. Choose a Reliable Cloud Provider
If you store much of your customer information on the cloud, make sure your organisation chooses a reputable and secure solution. Some companies prefer to use cloud solutions offered by Google or Apple, while others opt to keep their data on their own private servers.
Callstream is an award-winning PCI-compliant secure payment platform. To find out how we can help your company take payments safely and securely, get in touch with our team today.