News & Resources

Mobile ACH payment options require security

Jun 10, 2013 Dave King

Mobile ACH payment options require security

Mobile ACH card payments are becoming attractive options for many small business owners. The flexibility of the technology allows users to collect money on or offsite, making it a great resource for food trucks, farmers markets or other mobile storefronts.

Transmodus recently announced that it is now offering a mobile app that allows users of its linked2pay service to collect payments on smartphones and tablets. It will be able to accept credit cards as well as all ACH transactions. The app comes with a free swipe device and the service will send emails to customers immediately after a transaction outlining their payment, the company stated in a press release.

"Built on our own ACH platform, we expect to lead in the area of enabling businesses to accept ACH payments, along with credit card, anywhere and with ease," according to Robert McShirley, CEO of transmodus.

Although the service is useful for small business owners, securing mobile ACH payment collection is a major concern. Insecure payment platforms can put data at risk for theft or loss. However, there are several ways in which business owners can prevent potential cyberattacks on mobile payment systems. CyberSource and RIS provided some tips for users of mobile collection based on PCI Security Standards Council guidelines.

Built-in security measures are useful


The source noted that using security features that come with mobile products should be set up when accepting payments. This includes the use of passwords, patterns and PIN numbers. However, the source said that users should not consider swiping to access features as a security measure. Features that force smartphones and tablets to time out after an specified idle period should also be used.

Disable if lost
Devices used to collect payments should have the ability to be remotely disabled if a phone or tablet is lost or stolen. Most collection services offer an option that can be accessed online from any location. Also, using GPS or other tracking software to help locate misplaced phones is recommended by CyberSource.

Don't allow offline use
The source also stated that if a device is offline for any reason, users should not collect payments. Although information can be collected and transmitted at a later period once a device is back online, it's a security risk to store the data.

These risks shouldn't prevent businesses from using mobile ACH collection systems. It's a useful and convenient technology, however, it needs to be implemented securely. Following PCI standards recommended by CyberSource and RIS can help companies establish secure payment options.