Protecting your business from credit card fraud
Your Business Credit
Elaine Pofeldt is a journalist whose articles on entrepreneurship and careers have appeared in Fortune, Working Mother, Money and many other publications. She is a former senior editor at Fortune Small Business magazine and an entrepreneur herself, as co-founder of 200kfreelancer.com, a website for independent professionals. She writes "Your Business Credit," a weekly column about small business and credit, for CreditCards.com.
Ask Elaine a question
or read her prior answers in the 'Your Business Credit' archive
Dear Your Business Credit,
recently opened a gift shop and am accepting the major credit cards. I
have one employee. What practices are most effective in avoiding credit card
fraud? -- Danielle
I'm glad you
asked this question early in the life of your store. Many business owners don't
pay enough attention to fraud prevention -- until it's too late.
business makes a sale to someone who makes a fraudulent charge, you could lose
the cost of the goods, according to Wells Fargo.
There may also be charge-back fees to pay if the legitimate cardholder disputes
How can you
prevent this? Wells Fargo recommends training your employees to detect whether a
card is legitimate or not. One sign that a card is fraudulent is that it is
missing the magnetic stripe on the back. You or your employee should also check
to makes sure that the card is not expired and that the signature on the
receipt matches the signature on the back of the card.
Some of your
customers may not be happy to slow down long enough for you to scrutinize their
cards, but if you explain that you check the cards to protect your clientele
from fraud, they should understand. Personally, I am always grateful when a
store scrutinizes my card and signature, because I know the employees would be
likely to do the same if a criminal stole my card.
you may run into a card that says "See ID" on the stripe where the signature
should be. The customer wants the cashier to look at their ID photo instead of
comparing the signatures on the card and receipt -- usually because they think
they're protecting themselves against forgeries. But Visa and MasterCard both
stipulate that merchants should not accept unsigned cards. According to
Wells Fargo, you may be liable for the charge if the customer has not signed
If you're considering
asking for ID in addition to
examining the card signature, be warned. Some card networks ban this practice,
so you'll need to check with them. Also consult your state attorney general's
office to make sure it's legal in your state.
that credit card fraud isn't always perpetrated by people we commonly view as
criminals. A substantial amount is committed by family
members of the victims, such as a teenage child or a relative with a drug
problem, according to Experian. The victims don't always report family members'
charges as fraudulent, but in case they do, it's a good idea to stick with
your credit card verification procedures for all customers and refuse to
accept credit cards for a purchase from a family member who is not a cardholder.
some types of credit card fraud you need to tackle with technological solutions,
because they involve the theft of consumers' credit card information through
your point-of-sale system. This kind of
threat is growing. Verizon's 2013 Data Breach Investigations report says more than 47,000 security incidents were
reported by organizations around the world in 2012. Verizon was able to confirm
that data was disclosed to perpetrators in 621 of the cases.
Among those 621 cases, Verizon confirmed that the largest number, 193, happened
at small firms with 1 to 100 employees. Among the confirmed breaches, 24 percent happened in retail environments and
Point-of-sale fraud was one of the most common types of breaches among the 621 cases. A
particular hazard to small business is what Verizon calls the "POS smash-and-grab."
It involves a combination of "brute force" password guessing attacks and
malware. About 111 of the 621 verified attacks fell into this category.
many ways to prevent this type of fraud, according to Verizon. For instance,
you probably hired an integrator to install your point-of-sale system. If you
did not change the default password for your system, you should. For other
suggestions, see Hackers up the ante for small-business data security.
with your business, and be safe!
See related: Should we charge our customers to use credit cards?, What merchant information is required on receipts?
Meet CreditCards.com's reader Q&A experts
Vexed by a personal finance problem?
CreditCards.com's Q&A experts answer questions from readers every weekday. Ask a question, or click on any expert to see their previous answers.
Published: September 16, 2013
Three most recent Your Business Credit stories:
- Don't travel? Opt for other business rewards – If you don't travel much for business or pleasure, there's no point in getting a small-business credit card that specializes in travel rewards. Instead, look for a cash-back card or one that earns rewards you can use ...
- Will an ITIN help me get a business card without a personal guarantee? – Avoiding use of a Social Security number when applying for a small-business credit card is difficult. A few people may be able to use an individual taxpayer identification number, but most Americans can't get one ...
- Can I pass on charge-back fees to my customers? – When a customer disputes a charge directly with the card issuer, the merchant gets hit with a charge-back fee. Technically, you may be able to pass that on to the customer but it's probably not good business practice ...