Credit card fraud is rampant these days.1 Pay attention to business and tech news on any given day, and you're likely to find at least one story on this topic. It's important for businesses of all sizes to do everything in their power to prevent, detect, and report fraud. Following are some tips to help you protect your business from credit card fraud.

What to do if you accept cards in your place of business

Take advantage of tokenization

One of the great tools technology has provided in the battle against fraud is tokenization, which replaces sensitive information with unique symbols that allow the transfer of data without it being compromised. Microchips embedded in credit and debit cards generate unique data for each new transaction, allowing the ability to verify card authenticity. As TechTarget notes, this has become popular especially among small and mid-sized businesses as a way to enhance credit card and e-commerce security.2 Make sure you’re using a chip reader for tokenization.

What to do if you accept cards online

Prioritize network security

One of the most important things you can do to protect your small business from credit card fraud is to make sure your network is secure. This is easier said than done, as cybercriminals are getting better at what they do all the time, and security technologies and strategies are constantly evolving. However, it should be a priority to stay abreast of these changing trends to help ensure that your network is protected with updated anti-fraud software. Having customers' information compromised can be a very damaging blow – especially to a small business.

Get all possible credit card information

Collect as much information as possible can enable you to better verify the legitimacy of card transactions. The more of the customer's credit card information you require (expiration date, billing address, three-digit code on back of card, etc.) the less likely it is that a criminal will be able to commit fraud.

In both cases, make sure your merchant services provider has these protections

PCI standards

It's a good idea to be compliant with PCI standards.3 These come from the PCI Security Standards Council, which is a global forum from the payment card industry for the development of security standards. They cover storage, dissemination and implementation of security for account data protection.

Address Verification System

Be sure an Address Verification System (AVS) is in use. This can compare a customer's address to information on file. The bank then verifies whenever you make an authorization request.

As Entrepreneur magazine explains, "For example, if the cardholder's name and address is Mr. John Smith, 123 Main Street, Realtown, USA 09876, the system will verify 123 and 09876. Once this info is sent, the merchant will receive one of six codes: full match, partial match address, partial match zip code, no match, international, and unavailable. Receiving a full match for AVS assures you that there is less risk processing this payment. However, don’t solely rely on AVS. There could be instances, like when a customer moved and hasn’t updated their address yet. Also, AVS is only available from banks and not payment software or gateways."4

Online or point-of-sale, use common sense

Beware of unusual orders

If you've been in business for very long, you're probably used to the types of orders customers make, and will notice when an order seems unusual. Is someone using a credit card to buy multiples of easily-sold items like laptops or cell phones? Is your local store being asked to ship items to an address across the country? Of course, not all unusual orders are fraudulent, but they should at least alert you to pay attention and investigate further.

Don't delay in reporting fraud

Last but not least, make sure you report fraud as soon as possible. If you delay, you might be giving the criminals a head start at getting away with it. Contact your merchant services provider and alert authorities immediately when you detect fraud, or even suspect it.

1. https://www.nsbank.com/business/treasury_management/fraud_prevention.jsp

2. http://searchsecurity.techtarget.com/definition/tokenization

3. https://www.pcisecuritystandards.org/

4. https://www.entrepreneur.com/article/296594

 


The information provided is presented for general informational purposes only and does not constitute tax, legal or business advice. Any views expressed in this article may not necessarily be those of Nevada State Bank, a division of ZB, N.A.