Credit card fraud does not just happen to large companies like Target, Sony, and Equifax. The sad truth is that criminals are increasingly exploiting small businesses and their customers since their security protocols tend to be less sophisticated or even completely out of date. Fortunately, when it comes to payment processing for small businesses, there are things you can do to protect yourself and your customers from the potentially devastating effects of credit card fraud and other data breaches.
1. Follow PCI security standards.
All entities involved in payment processing, or the storage, management, or transmission of cardholder data, are required to comply with the data security standards set forth by a consortium of payment card industry companies known as PCI-DSS. Compliance requires the following:
• Networks and systems must be secure via firewalls. Default settings for security parameters
must be changed.
• Cardholder data, both stored and transmitted, must be protected.
• A vulnerability management program must be implemented and maintained.
• Access control protocols must be set up. Access to cardholder data should be restricted only
to those who need it and authentication procedures should be implemented.
• Networks should be monitored and tested regularly.
• An information security policy must be maintained.
Many of the companies that provide payment processing for small businesses can provide you with proof that their systems are PCI-compliant. Even so, you should still ensure your payment ecosystem is fully in line with these standards to avoid costly penalties and harm to your brand and reputation.
2. Look for security red flags.
Even if your systems are PCI-compliant, you are still vulnerable to fraud. Fortunately, fraud can often be identified as it is happening, long before criminals can do any real damage. There are several clues that can be red flags pointing toward potential fraud. They include the following:
• A customer buys an unusually large number of costly items.
• A customer removes the credit card from their pocket instead of a standard wallet.
• The number or types of items purchased are unusual. For example, the customer might
purchase the same dress in six different sizes or colors.
• The customer might seem to be unusually nervous or in a big hurry to complete the purchase.
Beware of people who try to pay for a high volume of items right before the store closes.
Of course, not everyone who exhibits these behaviors is a criminal. Therefore, it is important to train your staff to be both polite and discreet. Encourage them to call you or someone else on the management team if they are suspicious.
3. Pay attention to the security and integrity of online payments.
You’ll want to be especially cautious before processing an ecommerce payment as online businesses are particularly susceptible to criminal activity. Some signals a purchase might be fraudulent, include:
• Several “big-ticket” items in one order, especially on or around a holiday.
• Multiple purchases on the same day.
• Overnight or rush orders.
• Orders that do not pass your Address Verification Service (AVS) tests.
• International orders.
• Orders paid to multiple cards, or using different billing addresses, but shipped to the same
• The customer requests expedited shipping to a location different from the billing address.
• Email accounts look suspicious.
• The customer tries and fails to enter their credit card number several times.
• There are repeated declined transactions.
Since online purchases are increasing in popularity each year, keeping these warnings in mind will most likely become even more important for your company, even if your ecommerce footprint is very small at this time.
4. Secure your network
Since it is the pathway by which all traffic comes into and leaves your company, your network must be kept as secure as possible. Begin by safeguarding it from human error or malicious attacks from within your business. Restrict user access and require that all staff use strong, unique passwords. Prohibit the downloading of email attachments from outside the company whenever possible to safeguard your system from phishing attacks and other malware.
When it comes to shielding your systems from external infiltration, use encryption for your data. Make sure that all software and hardware are updated regularly. This requires that a specific person or team is charged with the task since it can often fall between the cracks. Automated anti-malware solutions are also highly effective weapons that can detect threats, so you can neutralize them, hopefully before they do any lasting damage.
5. Report suspected fraud right away.
Credit card fraud can happen to any business. If you think that you are a victim, don’t wait to alert the authorities; say something immediately. Retain possession of the card in question if you can and call the card issuer’s authorization center. Tell them that you have a “code 10 authorization request.” If the card is not present, call your bank, the card issuer, and if necessary, the local authorities. Gaining the upper hand in these matters is always the best approach.
Accepting credit card payments from customers has become a necessity for businesses of all types and sizes. Unfortunately, it has left the door open to a myriad of bad actors who have figured out countless ways to exploit weaknesses in the systems involved in processing merchant transactions. While credit card security will never be 100 percent airtight, adopting and following these strategies can markedly reduce your chances of becoming the next unwitting victim of credit card fraud and also protect you from loss if an unwanted breach event does occur.