Blog

Benefits of Payment Integration with Accounting Systems

Any business owner can vouch that running a business is made up of multiple moving parts. Between creating, marketing, and selling a viable product or service, some parts are prioritized over others. And according to a survey conducted by PYMNTS.com in 2015, improving payment systems through new or existing payment technology is low on that priority list. In fact, they actively avoid it.

In the same survey, 44% of small to medium businesses stated their wariness of new technologies for managing payments, and only 4 percent of small to medium businesses had completely automated their invoicing process. However, business owners don’t realize the exorbitant amount of time and money drained from using old-fashioned methods.

However, just because something has worked in the past doesn’t mean it’s the best option. Here are three reasons why payment integration, which allows you to process payments directly within accounting software, will save you time, money, and a whole lot of headache both instantly and in the long run.

What is Payment Integration?

1. E-Invoicing

The days of mailing invoices out and receiving paper checks are over. With electronic invoicing, you can send customers invoices to be paid online anytime, anywhere. This saves time for both parties, allowing an average company to get paid 7 to 21 days faster.

2. Elimination of Manual Labor

Without payment integration, it can take 4 to 5 minutes to manually reconcile and process invoice statements. By itself, this number may not look large at all. But imagine having to process 100 to 500 invoices per month, which is roughly the amount an average company will process. That’s 8 to 40 hours of work, and only if it’s done accurately the first time around. Furthermore, the larger your company grows, the larger that number will be. You need a streamlined, scalable process, and manual reconciliation just won’t cut it.

With payment integration, manual data entry is reduced and double entry errors are eliminated since you never have to leave your accounting program to process a payment, saving you a large chunk of time and money to be better spent elsewhere. But how much money can you really save? Here’s what a small company’s savings might look like:

Take a moment to calculate your company’s true cost. How much would you save by implementing payment integration?

true-cost-of-double-entry

3. Payment Security

In the Sage Payment Solutions 2017 Payment Landscape Report, the payment methods expected to be the most popular in 2020 are credit cards, debit cards and mobile payments. From the same report, 78% of consumers said they had concerns about fraud from online payments, and 65% of businesses are concerned about cyber security. With so many options for payment methods, security and fraud prevention is more important than ever.

Most businesses that do not use payment integration do not or can not securely store credit card numbers anywhere, and are at risk of payment breaches and not upholding the Payment Card Industry Data Security Standard (PCI-DSS). Even if credit card numbers are saved in a password-protected QuickBooks file, this is not enough, as passwords can be easily hacked. This kind of sensitive information must be stored in a secure and responsible way.

Luckily, with payment integration modules, credit card information doesn’t need to be unsafely stored in Quickbooks nor your, or anyone’s computer. Instead, they can be encrypted then stored in an online PCI secure vault, an impenetrable location that will keep your customer data safe and protect you from security breaches and fines that range from $5,000 to $500,000. (Read more about the importance of payment security and PCI compliance here.)

—–

If your payment systems could use an upgrade, consider payment integration with Skyline Payment Systems. With faster invoicing cycles, time freed up from manual labor, and a secure online vault that puts security responsibility on us, not you, your business will have the means to grow and thrive upon an efficient, strong, and trustworthy foundation—the right way.

Myths about PCI Compliance

You hear about them all the time — credit card data security breaches in Yahoo, Target, LinkedIn, and other large, established companies that serve millions of people. Surely with so many users, one can assume that they have the biggest targets on their backs when it comes to hackers.

In reality, it’s the opposite.

Myth: Big businesses are more likely to get hacked.
Reality: Small businesses are more vulnerable than big businesses, making them the perfect victims of hackers.

Oftentimes, a hacker’s goal is to steal credit card info not to commit fraud themselves, but to sell it to distributors that produce fake credit cards with those numbers. Some hackers may challenge big businesses, but the everyday hacker knows that small businesses are the easier targets, as they don’t always have the knowledge needed to properly secure their information. Sometimes, these businesses don’t even know they’ve been hacked, and the attack is left unreported.

Understandably, understanding the best security solutions can be complicated. That is why the Payment Card Industry Security Standards Council was formed — to guide and educate businesses to better protect themselves from security threats. So, if you run a small or medium-sized business, it’s imperative that your security is PCI compliant.

WHAT IS PCI COMPLIANCE?

PCI Compliance refers to upholding the standards set forth by the Payment Card Industry Security Standards Council. This includes properly guarding stored credit card data with encryption, which converts information into a code that is difficult to decipher for intruders.

Though there is no official “badge” indicating PCI compliance, as more security breaches happen every year, credit card companies may be obliged to issue mandates for them. Getting your business PCI compliant will get you ahead of the game, and encourages confidence and trust in customers who become wary after just one violation of privacy.

If your business accepts credit cards, you’re obligated to be PCI compliant regardless. Otherwise, you may be fined $5,000 to $500,000, depending on the offense, and as a small or medium-sized business, you’ve got more to lose. With just one fine, you could be blacklisted on Visa or MasterCard sites, never able to accept credit cards again, or put entirely out of business.

WHAT IS NOT PCI COMPLIANCE?

Businesses foregoing PCI compliance oftentimes do so because they feel their method of storing sensitive information like credit card numbers is “secure” enough with a password. With personal computers and online accounts all following more or less the same login process (a password of some sort, sometimes coupled with an authentication question), it’s not a surprising sentiment. But even if you may choose to exercise the password protection feature in Quickbooks, passwords are not PCI compliant. With just a password, there is only one thin wall of protection to bypass before reaching your customers’ private credit card numbers. Not only hackers but disloyal employees are absolutely capable of breaking down this wall. More needs to be done.

Luckily, businesses can easily become PCI compliant by using tokenization, encryption, and PCI compliant payment modules that act more than just an inferred seal of approval.

HOW TO BECOME PCI COMPLIANT

Point-to-Point Encryption

Point-to-Point encryption, or P2PE, is a payment security solution that encrypts credit and debit card numbers, protecting against hacking and fraud and allowing payments to process faster. It is a standard set for PCI Compliance, unlike End-to-End encryption, or E2EE. When a card is used, the numbers are encrypted instantly in a code that is unreadable to everyone, then sent to a secure online vault. If there is ever a need to go back to a previous transaction, you can use a token, a string of numbers generated to label transactions while keeping the customer’s card information unseen. Furthermore, you will not be held responsible for security breaches or resulting fines — it’s the P2PE provider’s duty to keep you safe.

Payment Modules

Payment modules are online card payments methods. While convenience is one factor in implementing payment modules, they also protect against potential security threats from both outside and inside company. If for whatever reason an employee goes rogue, they will not have access to any sensitive credit card information because everything is encrypted and stored in an online vault, not on a computer or server.

—–

The number of businesses falling victim to a security breach rises every year. Don’t become one of them — become PCI compliant.

Understanding Encryption E2EE vs. P2PE

If your business accepts credit cards, you will likely need to store credit card numbers for the convenience of your customers performing repeat transactions. However, choosing the right security method is a daunting task with its technological jargon and various available options. PCI compliance guidelines do help somewhat in navigating the process, but understanding what they’re asking for and why is essential in making the right decision.

WHAT IS TOKENIZATION?

Tokenization is the substitution of confidential data with a randomly generated symbol, or token, that has no meaning or value. It is typically used for static data like credit cards or social security numbers, and is a strong candidate for small databases that don’t require sending and receiving data. However, once your business scales and the amount of information you must protect grows, tokenization alone isn’t your best option.

WHAT IS ENCRYPTION?

Encryption is the transformation of information or data into an unreadable code to allow authorized parties to view and prevent unauthorized intruders from viewing. It is best for businesses with larger databases and third parties because it uses an encryption key that keeps the information decipherable only to the keyholders.

To protect credit card data and become PCI compliant, numbers must be properly encrypted. There are two ways to encrypt data: end‑to‑end encryption and point‑to‑point encryption.

END-TO-END VS. POINT-TO-POINT

End-to-end encryption, or E2EE, encrypts data from one end to the other. Both parties (for example, your business and your customer) are the only owners of the keys able to decipher the encrypted information, similar how two friends may make up a secret language that only they understand and have a “language dictionary” for.

Since there are only two parties that hold the keys that presumably have a high level of trust in each other, there is less of a chance that another party decrypting the information. However, if either key (i.e. language dictionary) were to get stolen and fall into the wrong hands, the thief would be able to use it to decrypt the information. If the key is stolen on the business’s side, you would be held responsible.

On the other hand, Point-to-point encryption, or P2PE, is a subset of E2EE. When a card is used through a P2PE solution, the numbers are immediately encrypted at the first point of interaction. The new encrypted code is then sent to a secure vault to be decrypted back to the original numbers, then sent to the applicable bank to confirm.

Instead of allowing the business to hold an encryption key, it is a third party P2PE provider that holds the keys. This puts the responsibility to manage and protect credit card data on the provider the moment a card is used, which is more difficult to steal and takes the burden off the business’s shoulders, allowing you to take a more hands-off approach to security while knowing that you are in good hands. The customer is essentially giving your business a sealed envelope to send to a trained professional you trust to handle. Meanwhile, the business is able to focus on the product rather than guarding and managing secret codes.

The rub is that once you’ve decided on a provider, it isn’t easy to change as most providers only offer one P2PE solution. Because changing equipment to support a different provider can become expensive, you’ll want to weigh your options wisely and choose the solution that’s best for you.