The holidays are over, which means the holiday shopping madness is over as well. Businesses have determined their earnings and unfortunately, have also calculated what was lost due to fraudulent transactions. In fact, the report from ACI Worldwide states that the amount of online credit card fraud between Thanksgiving and New Year’s grew by 22 percent. Even further, 1 out of every 85 transactions during the 2017 holiday season was a fraudulent attempt. This is a significant increase from the same time two years ago, which saw 1 out of every 109 transactions labeled as a fraudulent attempt.
Small businesses should pay particularly close attention to this trend, since they frequently rely on outdated payment technology that makes them popular targets for scammers. Even if you don’t conduct business online, you are not immune to risks. Credit card fraud continues to be a growing business in the United States and around the world, generating a lot of activity on the black market. If you are concerned about credit card fraud or have been a victim of credit card fraud, here is how you can protect your small business moving forward:
Comply With PCI Requirements
The size of your business does not matter (large, small, online or brick-and-mortar) — you need to be PCI compliant to get the most out of secure credit card processing. While you can still accept cards without complying with PCI requirements, it’s just not worth the risk.
Even if you only deal with a limited number of credit and debit cards on a regular basis, each time you run them without PCI certification you are taking a chance. If your system gets compromised and your customers’ card data gets stolen, it means not only loss of your clients’ trust but also large fines for you. PCI violations can cost acquiring banks up to $100,000 per month, where a portion of the fine frequently gets passed down to the merchant. Bottom line: PCI compliance is a simple and important investment that will give your small business the protection it needs.
Besides PCI compliance, which applies to all of credit card payment processing, there are additional security steps your small business can take to combat fraud in specific types of transactions. Let’s look at card-present transactions first.
Accept the EMV Standard
Every year an increasing number of merchants understand that EMV is their friend, not foe, when it comes to secure credit card processing. The statistics, which we have previously discussed in our State of EMV blog, provide extra reassurance for small businesses that are still waiting to upgrade.
If you've heard about the liability shift, you know that until your business meets the EMV standard you are responsible for all chargebacks caused by fraudulent transactions made with chip cards on a swipe-only terminal. Just like PCI, upgrading to the EMV standard should be a no-brainer. After all, it lets you enjoy the benefits of encryption through tokenization and, most importantly, a peace of mind. Use EMV-enabled equipment if you want to limit fraud and combat it more efficiently.
In addition to EMV, another way to limit card-present fraud is to simply use common sense. Look for features that a legitimate card should have — intact magnetic chip/stripe, properly displayed numbers on the front and the back of the card, and security elements, such as a hologram. Unless it’s a prepaid gift card, the cardholders' name should always be displayed on the front of the card. Even if everything appears to be fine, don’t be afraid to ask for ID to confirm that the person paying with the card is in fact its rightful owner.
Card-present transactions are pretty common, but what happens if neither the card nor its owner is in front of you? Let's look at how to prevent card-not-present fraud.
Various restriction measures are effective for card-not-present transactions, such as ones made via mail, phone or online. Given the rise of e-commerce, fraud involving the latter has become especially prevalent, allowing scammers to run thousands of fraudulent attempts at a time using stolen credit cards — a practice known as card testing.
In order to prevent card-not-present fraud and secure credit card processing at your business, you can begin by enhancing your website with CAPTCHA, which protects against robots that are frequently used to test stolen cards in large groups.
Next comes CVV and AVS. CVV requires the entry of a three or four digit code located on the back of the card, while AVS helps verify the address entered for the said card indeed matches the one on file. These are very effective, since in many cases data used by hackers doesn’t provide accurate information to fulfill both requirements.
And last, but definitely not least, you can use additional software, such as one that filters out foreign IP addresses or limits the number of orders that can be placed from them. Considering that majority of fraud originates abroad, this tool comes in handy, especially if your business only conducts card-not-present transactions domestically.
Your small business is a big part of your life that took a lot of effort to develop — TransNational Payments understands this better than anyone else as we have nearly two decades of experience serving small businesses. Contact us for expert insight and comprehensive fraud protection for your business.