Credit cards are the number one form of payment with businesses today, and with more businesses offering online purchasing each year, the future of credit cards remains bright. At the same time, credit card fraud remains a serious issue. According to the Federal Trade Commission, 4.7 million reports of fraud were recorded in 2020 alone. The good news is small business owners can take several steps to protect themselves from credit card payment risks. Read on to find out how.
Fraud comes in different forms:
As a small business owner, you are especially vulnerable to these threats. Small businesses typically have fewer data protections while also housing financial data from numerous customers.
There are ways you can prevent and minimize attacks as a small business owner. Here's how.
You've probably already heard a lot about the Payment Card Industry Data Security Standard (PCI DSS), commonly known as PCI. First introduced in 2006, it's a popular standard used by merchants to protect cardholder data. In short, all companies that process, store or transmit credit card information must comply with the PCI DSS. They may be banned from honoring credit card transactions or hit with painful service charges if they don't.
Making your online store PCI compliant is essential for protecting your customers and business from credit card payment risks. To do so, you need to ensure that all of your web pages are encrypted and that you have a secure checkout process.
Your payment processor can assist you with PCI compliance.
A payment gateway is a secure, online portal that reads the card information and forwards it to your merchant acquiring bank—the bank account that receives credit card payments—so the data can be sent to your payment processor.
A payment gateway helps with card payments from card-present to card-not-present and online purchases. It provides an added level of security during transmission. If someone steals your merchant account information, you will be able to flag the purchase as fraudulent before the money leaves your merchant account.
When choosing a payment gateway, be sure to look for one with PCI compliance to ensure that all your customers' credit card information is sufficiently secured.
All card payment types are ranked by their risk, and card-present transactions are characterized as having the least risk. Purchases made when your customer and their payment card are present are less likely to be disputed than a payment made remotely. Additionally, they are less likely to be fraudulent.
Still, issues happen. An individual may have stolen the card or dispute the charge later after reviewing their credit card bill. Follow the practices below to minimize the risk of disputes when making card-present transactions.
Require that customers provide more than just their credit card information when making a purchase. Request information like their driver's license, name, address, and date of birth to ensure only the authorized user is making the purchase.
If the purchase requires shipping, see if the billing address, driver's license address, and shipping address are the same. If not, inquire why.
EMV stands for Europay, Mastercard, and Visa. This technology consists of security chips in credit cards, debit cards, and prepaid cards that store far more detailed information than a magnetic stripe card and are extremely hard to clone. An EMV card can be inserted or tapped onto a reader without the threat of another device picking up credit card data for fraudulent means. Running orders through EMV cards almost always requires the customer's original card, virtually eliminating the risk of a fraudulent card.
Due to the effectiveness of EMV technology, the credit card industry has shifted merchant liability. Now when merchants run orders through traditional swipe technology, they are automatically liable for fraud.
If you accept orders over the phone or have online purchasing capability through a virtual terminal or an e-commerce website, the customer won't be physically present in front of you. This is a more convenient way for customers to buy, but verifying the customer is the actual customer is more complicated.
Here are some steps you can follow to minimize the risk of payment disputes.
During a phone call, ask for all details like the name on the card, billing address, expiration date, and CVV code.
As mentioned earlier, inquire if a customer's billing address and shipping address are not the same. Additionally, require that the customer signs for delivery.
Have your customer thoroughly review and sign a work order for any services you provide and keep the signed paperwork for future reference. Additionally, teach our teams to spot signs of fraudulent behavior and follow concrete steps when they suspect someone is trying to use a stolen credit card.
Provide an online resource portal where your employees can reference your credit card policy at any time.
Advances in technology make it easier than ever for criminals to get their hands on credit card data. Ensure you and your employees use complex passwords and regularly change them—as frequently as every few months. Pair passwords to critical logins with two-factor authentication.
For online purchases, confirm the person making a purchase is not a bot and is who they claim to be.
Hackers are constantly working on new methods of stealing credit card information from point-of-sale systems. Ensure you have the latest security patches installed on your computer and all anti-virus software is updated. Make it a habit to regularly evaluate your virus protection and stay up on the latest fixes. This work may be outside of your interest level and expertise, but a managed service provider (MSP) and payment processor can help.
Prevent credit card information from being read in your billing software, data systems, and paper copies by using encryption and truncation. Encryption conceals credit card information using mathematical techniques while requiring a password key to decrypt the data.
Truncation is an FTC-required strategy where the credit card information shown on receipts is limited. For example, it may exclude the first six and last four digits of the credit card number.
Your payment processor or managed services provider can ensure you have each of these solutions in place.
Employees are ideal pathways for data thieves to collect customer data, and this also makes your employees your first line of defense against credit card payment risks. Educate them about credit card fraud and how to protect your business.
You can start by creating a policy for handling credit card information. This policy should include storing, processing, and using cardholder data. You should also hold regular training sessions for your employees, updating them on new security risks and best practices.
Restricting access is another way to prevent data thieves from gaining customer data through your employees. Limiting access prevents data from accidentally falling into the wrong hands and prevents direct theft from your employees. Restricting access to only you or select members of your team also keeps you aware of which employees requested any needed client data and when.
If you have files with customer data, keep them inside lockable file folders. These papers can be easily stolen, lost, or mistakenly discarded, only to fall into the wrong hands.
Credit card fraud happens, but misunderstandings also lead to credit card fraud claims. Here are some ways you can prevent issues with clients.
Require cardholder permission to charge for goods and services regularly. Make sure to obtain their signature on an official document that clearly lays out information, such as the transaction amount, charge frequency, and contract duration.
Include your business phone number and address on any receipts, so the customer calls you first before disputing a charge.
Provide your customer with an explicit cancellation and refund policy on the receipt so they know when to dispute a charge or not.
An easily recognizable business name on a customer's credit card statement prevents questions and fraud claims. If your business name is different or long (more than 35 characters), add your location and product description.
Unfortunately, customers sometimes dispute charges and claim fraud to get out of paying. Having easily viewable terms and conditions on a receipt reminds customers of the legal agreements during the purchase and provides valuable evidence when disputes are filed.
A quality payment processor joins PCI compliance with advanced protection programs. Look for automatic tools like machine learning and AI to bring powerful, ongoing protection. Additionally, look for e-commerce platform providers that offer integrated fraud solutions.
Following the above tips will help you protect yourself from credit card payment risks. BNG Payments can also help. We are a reliable payment processor with a solid reputation in the industry and know the best payment systems, software, and strategies to protect your customer data. We offer the latest EMV tools and protections, and our payment system can also simplify PCI compliance. We can even customize our offering to fit your current systems and way of work.