When searching for a business to hack, credit card fraudsters don’t discriminate. In fact, since most small businesses lack the big budgets and sophisticated technology to protect themselves fully, they often become the prime target in credit card breaches.
Big businesses often have deep enough pockets to wade the financial impact that comes along with credit card fraud. Small companies, however, aren’t privy to that luxury and a breach of any size can be devastating to their bottom line. Luckily, even without investing big bucks into fancy cybersecurity measures, small businesses can take strategic actions to be proactive in protecting themselves from becoming credit card fraud victims.
Credit card fraud is complicated, but it preventing it shouldn’t be. By following these five simple steps below, you can worry less about security and focus more on serving your customers.
1: Invest in an EMV Card Reader
By 2018, it’s no secret that EMV chip cards the expected security measure to thwart off unnecessary credit card fraud. EMV credit card processing is a fraud-reducing chip technology that can help protect businesses and consumers against losses from the use of counterfeit, lost and stolen credit and debit cards at the point-of-sale. As the global standard for credit card and debit card payments, this became the norm following the merchant liability shift in October of 2015. Still, three years later, many small businesses haven’t made the switch.
EMV chip card technology protects your business and the cardholder by encrypting the data used for every transaction. By tokenizing the number, this makes it virtually impossible for a hacker to intercept sensitive card data. The data is stored on a chip within the card, instead of on your business’ payment systems. Among the benefits of EMV chip technology include: a reduction in counterfeit card fraud, preventing shifts in liability and the ability to accept more forms of payment cards from customers. Modern chip card terminals also tend to be equipped for contactless and mobile payments, which can further protect your business from credit card fraud.
2: Work with a PCI-Compliant Payment Processor
If you’re a business that accepts credit and debit cards, your required as part of your payment processor and issuer relationships to adhere to standards of the Payment Card Industry (PCI). The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to protect how and where businesses store or transmit credit card data. The standards, which were set by the major payment card brands, are designed to protect your business and customers from outside data threats.
But achieving PCI Compliance isn’t a one-time task; it’s an ongoing project that requires businesses to know they are working with the right payment partners to protect them and their customers. The easiest way to ensure your business is staying up-to-date with these complex industry security standards is to work with a payment processing partner that provides the necessary software and hardware that aligns you with PCI compliance guidelines. Knowing that your business is following these requirements is essential, but you don’t have to tackle this issue alone. Take advantage of the dynamic payment partnerships available to help your business.
3: Rely on an AVS and CVV/CVC Verification
An Address Verification System (AVS) is a tool that banks and credit cards use to confirm the identity of a customer. When making a purchase at your business, relying on an AVS can enhance the authorization process by confirming that the data on the card matches what the issuer has on file. When the payment is being processed, an AVS is used to let the business know if the data revealed a full match, a partial match or if it was unable to verify the identity at all.
Knowing your customer is another sure way to tell if an AVS is accurate. Similarly, you should always require customers to provide a CVV/CVC when making a purchase online. These are two ways to ensure the cardholder has the physical card on hand and is authorized to use it. Businesses don’t want to reject a transaction from a potential customer just because of an AVS alert since there could be a simple reason why the information doesn’t match. AVS only receives data from banks, and not payment software/gateways, so there are limits to its effectiveness. CVV/CVC codes are another layer of protection. Collectively, these can provide another backstop from credit card fraud when determining the legitimacy of a purchase.
4: Ask for Identification
Consumers who have their credit cards stolen are quick to find out, and usually equally as quick to dispute fraudulent transactions. One of the easiest ways to avoid this hassle doesn’t require any fancy technology investment at all. When taking a payment in-person, merely ask for a person’s ID. Since this is noted on the back of a credit card, your customers should appreciate the due diligence of ensuring you are looking out for their well being by verifying the card is being used in an appropriate manner.
By asking for an ID, you can confirm that the name matches the credit card presented, and if the card is signed, you can compare signatures against each other. This is another method to learning the customer and flagging any suspicious behavior. If a customer is hesitant to hand over their ID, or doesn’t have an ID, this could be a red flag that the card is stolen.
5: Stay Ahead of Security Trends
As mentioned above, the payments industry has already set in place many security protocols designed to protect businesses and consumers from credit card fraud. Both offline and online, your business needs to ensure your payment processing systems are following the latest security technologies available on the marketplace. From end-to-end encryption, tokenization and enhanced verification methods, small businesses must rely on their payment industry partners to have the right set of tools to adequately protect them and their customers.
In person, when you are suspicious about the cardholder or card itself, it’s OK to ask the customer for more verification. Remind them you are simply protecting their best interests. Online, this is harder to do, which is why you’ll want to work with payment providers who are equipped with their own set of cybersecurity and fraud-fighting platforms. Most small businesses don’t have big enough budgets to tackle credit card fraud alone.
The good news is that thanks to innovations across the payments technology ecosystem, businesses no longer have to wade through fears of credit card fraud alone. Find the right industry partner and tap into their security toolbox. That’s how you can rest easy at night knowing your software and systems are working on behalf of you and your customers to fight off the unnecessary spread of credit card fraud.