Login | December 09, 2019

Safety tips for digital payments

Technology for Lawyers

Published: July 19, 2019

Taking (and disbursing) payments digitally can be both a time and moneysaving process. This can be especially true for solo and small firms who don’t have a separate billing department.

But digital payments are, of course, online and come with all of the hazards of any online transactions.

The folks at Law Technology Today came up with a brief overview of safety practices to make those transactions as secure as they can get. Here it is:

One: Compliance. There is a thing called the Payment Card Industry (PCI) Data Security Standards (DSS) that can be found here: https://www.pcisecuritystandards.org/. Anyone taking online payments should be compliant with these standards, and there are third parties who can run the certification. This includes implementing procedures to protect sensitive files. In the EU, of course, GDPR compliance in financial transactions is mandatory and more EU financial regs are on the horizon.

Two: Online system safety. This goes without saying at this point but the servers that host these transactions-––yours, the payment processors and anyone else’s involved—have to be secure themselves. Particularly your servers. And the whole process has to be encrypted end-to-end through SSL.

Three: The human factor. First, recognize that Murphy’s Law is particularly applicable to an office environment that comes in contact with online payments. Train the humans and implement processes and equipment that limit the effect of that law. In order for the system to operate securely, every single person in the firm who may be involved in payment processing must be thoroughly trained. In addition password protect all devices, encrypt all data, update all software, update all hardware, use VPNs, and secure all storage devices large and small—oh, you know, the usual we’ve been talking about in this column for a long time.

Four: Use two-factor authentication with the second factor on a personal data stick if possible.

Last: Data security. Store all client data, including payment data, securely. Encrypt it and store it on a private network with limited access for authorized people. Make sure that any third-party payment processors are also completely secure.

And then go get paid!