We often think of credit card fraud in the personal sense. We question, “What would I do if my identity was stolen or someone used my credit card without permission?” There’s good reason for that. The FTC estimates that 11.1 million of us will fall victim to personal credit card fraud this year alone. But it doesn’t end there. Credit card fraud is a major threat to businesses as well. A 2012 report from Javelin Strategy & Research found that credit card fraud committed against companies had increased an alarming 87% since 2010 and has accounted for a cumulative total loss of multiple millions of dollars. It’s a major problem, and organizations need to increase their awareness and take steps to prevent fraud, particularly as the buying season picks up and additional card transactions take place. Here are five things you can do right now to protect your business:
1. Maintain Payment Card Industry (PCI) compliance.
Compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customers’ payment card data secure. The size of your business will determine the specific compliance requirements that must be met but all businesses -- from the world's largest corporations to small Internet stores -- must be certified. PCI certification provides a level of confidence and assurance that a processor has passed a robust set of best practices for securing the information being processed when credit card payments are made. It is an absolute must in today’s economic climate.
A full PCI audit will offer a scorecard across your business' payments environment, including all connected back-office applications, allowing you to make critical changes before security holes are exposed by thieves. Make certain your payment processing software security is current and Payment Application Data Security Standard (PA-DSS) certified. Also ensure that your business receives its Payment Card Industry Data Security Standard (PCI-DSS) certification.
2. Use end-to-end encryption for all sensitive data.
End-to-end encryption (E2EE) essentially boils down to scrambling the data sent from one device to another. It starts with your payment capture devices and goes all the way to the transaction being authorized. E2EE technology prevents the card account data from being stolen electronically and lessens the cost and impact for your business to become PCI certified. A company's mobile payment devices, credit card terminals, software applications, and online payment portals need built-in encryption functionality when transmitting customer information. Select a technically savvy payments provider that provides this level of technology. You'll need to balance cost versus product and service here. Using the low-cost provider could come at the expense of limited product functionality, thus creating security holes.
3. Train your employees.
Make certain all employees tasked with the responsibility of accepting credit and debit cards from customers have a working understanding of the look and functionality of the payment processing equipment they're using. Scammers often try to tamper with a business' payment processing equipment in an effort to steal credit card information. Altered equipment usually consists of a small piece of hardware physically attached to the terminal itself. An attentive employee who knows what to look for should be able to easily identify an extra attachment to the device or oddly functioning software.
4. Refrain from storing credit card numbers.
To avoid one of the biggest PCI compliance risks, you should do everything in your power to avoid storing credit card numbers. Look for a payments provider whose platform is designed so credit card information is never stored at your business site or on your business software. Your provider should be able to process the transaction and then store your customers' card information securely in the Cloud. They should provide you with an encrypted ID, so when you want to do another transaction for that same customer, your software can pass the payments provider the encrypted ID.
5. Keep immaculate records and immediately deal with any breach.
Even if all cautious, conservative steps are taken and the best payment processing security is installed, a breach can still occur. Big merchants like Target and Home Depot recently learned this the hard way. If a breach does occur, you must have detailed credit card sales records to refer back to as a means of retracing your steps. This will help in determining when and where the breach took place and will help you in mitigating the potential for additional losses. Additionally, a proper investigation of the initial attack may ultimately provide a trail back to the source.
Enjoy the holiday season but take it as a reminder of your need to take the necessary precautions to protect your company's assets and security. ‘Tis not the season for you to lose your hard earned money to thieves.