Payment Security is Important to Enrollsy
Obviously. But what does Enrollsy do to ensure we can say this confidently, and how does that impact your communication with your customers?
In this article, I will highlight some of the key aspects of payment security and demonstrate how you can communicate with your Account Holders should questions arise regarding payment security.
Payment Options in Enrollsy
Enrollsy offers the following options for taking payments by card (debit or credit), with the only option for *ACH being EnrollsyPay.
EnrollsyPay*
CloverConnect
Stripe
When you sign up with Enrollsy, you'll choose one of these providers and apply for a Merchant Account. Once your account has been approved, the provider(s) will issue you a unique Merchant ID (or MID).
During the application process, you will provide a checking or savings account along with the account's routing number where you want payments received to be deposited. Enrollsy doesn't ever actually touch/hold any of your money. We are a reporting mechanism that lets you know when payments have been approved or denied.
Each one of these payment providers has been carefully vetted to ensure the highest level of security is offered. The three key components of payment security we are going to focus on in this article are:
Point-to-Point Encryption
Tokenization
PCI Compliance
Point-to-Point Encryption
Imagine you're sending a letter through the mail. Before you send it, you put it inside a special, magic envelope that only you and the person you're sending it to can open. Even if someone tries to peek inside, all they see is gibberish. Point-to-point encryption works kind of like this magic envelope, but for electronic payments.
When you use your credit card to buy something online or in a store, your payment information (like your card number and other details) travels through various electronic pathways to reach the place where the payment is processed. Now, in the past, these pathways were like regular envelopes that anyone smart enough could open and peek inside to steal your information.
Point-to-point encryption changes this game. It's like every step of the journey has its own magic envelope. So, when you swipe your card or type your card number online, your information is immediately put inside this special envelope. It stays inside this secure envelope as it travels through all the electronic pathways until it safely reaches the destination where the payment is processed. Only the right people, the sender (you) and the receiver (the store), have the keys to open these magic envelopes and see the actual information inside.
In simpler terms, point-to-point encryption is a high-tech way of keeping your payment information super safe while it travels through the internet or any other electronic system. It ensures that even if a sneaky hacker tries to intercept your payment data, all they'll find is a bunch of meaningless, encrypted jumbles. So, you can shop and pay for things online with peace of mind, knowing that your sensitive information is locked up tight in those magic envelopes, safe from prying eyes.
Tokenization
Picture this: you have a magic wand that can transform any object into a special, unique coin. This coin doesn't look like the object, but it represents it. For example, you can turn your toy car, your favorite book, or even a sandwich into these special coins. Now, let's talk about your credit card.
When you use your credit card to make a payment online or at a store, your actual card number is like a precious item you don't want to show to everyone. Here's where tokenization comes in. Instead of using your real credit card number, the payment system, with its own magic wand, turns your card number into a special token โ let's call it a "magic coin."
This magic coin is just a random set of numbers that has no connection to your actual card number. It's unique to that specific transaction. So, when you make a payment, the merchant (the store) doesn't see your real card number. They see and use this magic coin instead. Even if someone sneaky tries to intercept it, all they get is this meaningless magic coin, not your actual credit card number.
Tokenization keeps your real credit card number hidden and secure. It's like using these special magic coins instead of revealing your valuable treasures. So, you can make purchases without worrying about your card number falling into the wrong hands because, in the digital world, all anyone sees are these harmless, unique tokens, not your real, sensitive information.
PCI Compliance
Being PCI compliant means that a business or organization follows a set of security standards and practices to protect sensitive customer credit card data. Imagine PCI compliance as a sturdy fortress guarding a treasure chest (the credit card data). Here's a simple breakdown:
Protecting the Treasure: The treasure chest contains valuable credit card information of customers. Being PCI compliant means building a strong, secure fortress around this chest to keep it safe from thieves (cybercriminals).
Building a Strong Fortress: To be PCI compliant, businesses set up powerful digital walls (security measures and protocols) around their computer systems and networks. These walls are like high-tech shields that prevent unauthorized access.
Guarding Against Intruders: Think of hackers as sneaky thieves trying to break into the fortress. Being PCI compliant means having guards (security software) that constantly patrol the fortress, making sure no intruders get in.
Regular Inspections: Just like a fortress needs regular inspections to stay strong, businesses undergo security checks (audits and assessments) to ensure their protective measures are up-to-date and effective.
Safe Transactions: For customers, PCI compliance ensures that when they make a payment, their credit card information is processed within this highly secure fortress. It's like handing over your money to a trustworthy guard who ensures it reaches the right hands safely.
In simpler terms, PCI compliance is like having a super-secure vault for credit card information. Our payments partners comply with PCI standards and are trustworthy guardians, making sure that your customer's sensitive payment details are always kept safe from digital thieves.