As consumers, most of us prefer the use of digital, card-based or online payments for our retail purchases because of the convenience and security they offer. The use of cheques for everyday transactions is just not the norm anymore. There is no reason why this should be different for customers of law firms. Customers assume and expect that they should be able to pay for professional services using the same modes of payment that they use for retail transactions. Thus digital payments have become a business necessity for law firms and independent lawyers alike.
As mentioned in one of our previous articles, allowing clients to pay using credit cards or pay online, not only helps to better manage the accounts receivables processes but also helps in getting paid faster. Efficiency and increased cash flow are the main drivers for implementing new-age payment systems in your law firm. The payments and customer data security rules and regulations that govern other businesses, however, become even more stringent when it comes to the legal industry. With this in mind, we look at the top five tips for securely supporting digital payments in your law business.
Compliance
Different rules and regulations apply to Law firms operating under different jurisdictions. With respect to payments, it is usually mandatory to comply with the Payment Card Industry Data Security Standards (PCI DSS). A third party service may be engaged to verify your PCI compliance. To ensure PCI compliance, procedures need to be established to protect files with sensitive information. In Europe, it is necessary to ensure that your payment service provider meets the GDPR requirements as stated in this infographic.
Online System Safety
When creating an online integrated system that accepts payments on behalf of your firm, you need to ensure that the system is hosted on a secure environment. Small businesses may often tend to overlook the security aspect thinking that they won’t be targeted, but petty hackers are more likely to target them for the same reason. Ensure that the hosting provider for the system has the correct practices and safeguards in place Also ensure that the site is protected by Secure Socket Layer (SSL) to encrypt any data exchange between the system and external parties.
Human factors
In order to fully incorporate the digital payments culture in your firm or organization, it is necessary to educate all employees especially those responsible for handling payments regarding the safety measures required. Simple steps like password protected devices, secure and updated software, use of VPN’s, securing USB’s and other storage in the workplace etc., can go a long way in protecting customer data.
Two-factor authentication
Two-factor authentication is the recommended best practice to be used by both parties when making payments. This protects against data loss and fraudulent transactions caused due to identity theft. Customers need to secure their online and mobile payment transactions using two-factor authentication. Online systems accepting the payment needs to ensure that data required for two-factor authentication is captured and verified for every new customer, in the form of mobile phone numbers, email Ids or biometric information depending on the mode of payment.
Customer Data Protection
With respect to payments, there is no real need to store customer account information or card details long term. The best way to protect the customer data is not to store it in cases where it is not required. In situations where it needs to be stored, it should be encrypted and stored on a private network with limited access for authorized personnel. A trusted third party payment partner may be engaged to ensure the collection and transfer of payments as well as storage of the required payment data.
Conclusion
For any customer-driven business, it is certainly beneficial to think of the customers’ needs first. Digital payments in all its forms, be it contactless cards or online payments, provide a convenient alternative to customers to transact with the business. The onus of ensuring the security of the payment system implementation lies in the business. Therefore it is recommended to use tried and tested industry best practices as listed above when implementing the latest digital payment technology in your firm.
