If you are using any method of collecting credit card payments that is not a payment processor, please stop, right now. Not only are you endangering your clients’ financial information, you’re endangering your event company, as you could be held liable if a client’s information is stolen because your security measures weren’t up to snuff. It’s credit card processors’ sole responsibility to keep you and your client’s information safe and secure. It’s unlikely any attempts to DIY your data security will meet their rigorous standards.
#1: Sending financial data through email isn’t secure
A big no-no we’ve seen is PDF forms being used to collect credit card information and then sent through email. While this may seem fairly secure, as the email is going directly from one email to another, it’s not secure enough for transmitting sensitive credit card information. Even if your email is encrypted, all it takes is for you to accidentally download the wrong file or to reuse a password for that data to become compromised. If that happens, you’ll have hackers to contend with. Email just wasn’t made with financial transactions in mind, so it’s important to use the right tool for the job.
#2: Storing credit card information in-house is risky business
When it comes to storing credit card information, if your computer’s connected to the internet, financial data isn’t much more secure there either. The same security threats still exist. Unless you want to take the time to research proper encryption methods and pay for special hardware and software, your best bet is to go through a credit card processor.
Even maintaining files on a hard drive that’s not connected to the internet is a risk due to theft. People could easily break in and steal it, or it’s possible a dishonest new hire could take an interest in it. You never expect disaster to strike, but it’s important to be prepared for it.
#3: Outdated financial security measures = outdated event company
Another factor to keep in mind is perception. I personally wouldn’t book with an event company that didn’t use a known payment processor, as I wouldn’t feel secure knowing that my information is safe and I’d feel a need to watch my bank accounts. Plus, if they’re still accepting payments the old fashioned way, what else are they doing that way? Will I be able to get the items that I want on time? Will they double book and mess up my event? What if I need to make some changes at the last minute— can they handle that? Using an out of date and unsecured method to collect payments just doesn’t instill confidence in a company as a whole.
The bottom line is this: having client credit card information on hand at your office or on your computers poses an unnecessary risk for you, your event company, and your clients. Credit card processors, like Stripe, have superior data security tools implemented to guard against all manner of cyber attacks. It is literally their job to keep that data safe— so why not let them do the heavy lifting and take on the liability too?
Using a payment processor, such as Stripe, makes so much more sense than trying to manage things the old fashioned way. Not only do you get extra levels of security while processing a payment, they can also securely store credit card information for later use as well. Plus, Stripe pairs seamlessly with Goodshuffle Pro and our QuickBooks Online integration, so you don’t have to do any back and forth when documenting financial information for tax purposes. Don’t be stuck in the past, especially when the threats to your data’s security are operating with contemporary tools and technology. Adopting a safe and secure method for accepting payments is easy— especially when you use Goodshuffle Pro.