9 Crucial Tips to Protect Your Small Business From Credit Card Fraud
Vigilance and readily available security tools can keep fraud losses to a minimum.
Opinions expressed by Entrepreneur contributors are their own.
Processing credit cards for your small business is pretty much a given these days. Unfortunately, cyber-criminals are well aware of the increase usage of credit card payments. Nielsen expects that by 2020, credit card fraud will result in over $31 billion in losses.
In short, credit card fraud is a very real threat to both your bank account and reputation. Thankfully, you can avoid credit card fraud from damaging your small business by following these nine tips.
1. Use an Address Verification System.
An Address Verification System (AVS) is a tool used by banks and credit card associations. The AVS are able to compare the numerical part of a customer's address to the information on file. The issuing bank can then verify when a merchant makes an authorization request.
For example, if the cardholder's name and address is Mr. John Smith, 123 Main Street, Realtown, USA 09876, the system will verify 123 and 09876. Once this info is sent, the merchant will receive one of six codes: full match, partial match address, partial match zip code, no match, international, and unavailable. Receiving a full match for AVS assures you that there is less risk processing this payment.
However, don't solely rely on AVS. There could be instances, like when a customer moved and hasn't updated their address yet. Also, AVS is only available from banks and not payment software or gateways.
2. Upgrade to chip readers.
Counterfeit cards are one of the most common types of fraud in brick-and-mortar stores in the U.S. There's a good explanation: we're behind on implementing EMV.
If you haven't already, it's past time to upgrade to chip readers. An EMV is more theft-resistant than swiping the magnetic stripes of credit cards. Additionally, merchants who are using chip readers aren't liable if credit card fraud does occur.
3. Keep an eye out for unusual customer behavior.
If you accept credit cards in-person pay particular attention to the cardholder for warning signs including:
- Pulling their credit card out from their pocket, instead of a wallet or purse.
- Purchasing a large number of expensive items.
- Purchasing an unusual variety of items, such as clothing in multiple sizes.
- Rushing to complete a checkout at a closing time.
- Telling you not to insert or swipe their card because it doesn't work.
- Handing you their phone when they claim that they're talking to their bank.
A customer who does any of these actions isn't automatically guilty of credit card fraud but these are some some of the tricks fraudsters use. Trust your gut when a customer seems suspicious.
4. Process online payments safely and securely.
Reviewing the following before processing a payment:
- Orders that have several of the same items - especially when it wouldn't make sense to purchase multiples. I mean how many iPhone 7 chargers does a customer really need?
- Orders consisting of "big-ticket" items, such as TVs.
- Multiple same day purchases.
- Multiple purchases coming from the same IP address.
- "Rush" or "overnight" orders.
- Orders that have failed AVS (Address Verification Service) or CID (the three-digit value on the back of the card).
- International orders from countries that you usually don't have customers in.
- Orders that are shipped to a single address, but made on multiple cards or using multiple billing addresses.
Since 45 percent of all credit card fraud involves card-not-present transactions, make this a priority for your small business.
5. Secure network access.
Secure your network by utilizing encryption, limiting employee access to sensitive data, using updating the latest versions of any software that your business is running, and using separate devices for your personal and business use since this can decrease the threat of cyberattacks like phishing.
Also, please remember to use anti-malware software.
"Cybercriminal use all types of malware, including Trojans, Man-in-the-Middle, Man-in-the-Brose, and keyloggers, to get what they want, including personal data and payment details," says Due co-founder Chalmers Brown. "Continue updating your tools to detect malware that may be present. You may also need to invest your time in understanding how malware is used in terms of patterns used by cybercriminals. Focus on using malware detection solutions that can work in the background rather than relying on those options that involve user downloads or registrations."
Embrace layered security measures like generating strong, complex passwords that contain numbers, upper and lower case letters, and special characters, as well as two-factor authentication.
6. Use tokenization.
In layman's terms, tokenization replaces numbers with a token. This is a mathematical representation of a number.
If you accept payments through Apple Pay or Samsung Pay you're already using tokenization. These services aren't actually transmitting the customer's real credit card number.
7. Report fraud immediately.
No matter how prepared you are and the security measures that you've taken, you can't completely prevent credit card fraud. If you suspect that an instance of fraud has happened, then you need to act immediately. Quickly call the card issuer's authorization center. You say that you have a "code 10 authorization request." Hold onto the card itself, if possible.
If the card is not present, and you suspect fraud, don't hesitate to call your credit card processor, bank, and even the local authorities.
8. Follow PCI Security Standards.
These are security standards established by the Payment Card Industry. The standards have been designed to guide small businesses. They instruct how to securely accept, transmit, and store cardholder data. Becoming compliant is one of the most effective ways to thwart credit card fraud.
Becoming PCI compliant is your responsibility. Thankfully, you can read all about these PCI Security Standards online. Reviewed this resource and implement the recommended security measures and frequently test your framework.
9. Continue educating yourself on credit card (and other types of) fraud.
Always remember that credit card fraud is constantly evolving. Cybercriminals are diabolical and will use the latest technology to commit acts of credit card fraud. In other words, the advice listed above may not be relevant in the future.
Make sure that you frequently stay updated and informed on the latest credit card fraud tactics. Stay current with the best ways to protect both your business and customers.
Additionally, don't neglect other types of fraud that target small businesses. These include:
- Invoice fraud where you're tricked into paying a fake invoice for advertising, domain name renewal, office supplies, or directory listings.
- Overpayment scams where a "customer" overpays for an item, and then asks for a "refund."
- Malware where you accidentally install software on your device that gives scammers access files or track your activities.
- Ransomware is malicious software that will block access until you make a payment.
- Whaling or spear phishing are when criminals attempt to obtain confidential information.
- Scammers posing as a boss, client, or another authority figure and then demand an employee transfer money to a bank account.
- Some disgruntled or nefarious employees will use business credit cards for their own personal use or purposely leak sensitive information.
- Government imposters where criminals pretend be from a government agency, like the IRS, demanding an immediate payment.