Small companies may not have a lot of resources at their disposal to fight credit card fraud. But whether you have one employee or 100, card fraud can hurt you. Here are some ways that you can lower your risk.
However, there are some steps businesses can take to protect themselves from credit card fraud no matter what size they are.
The gig economy has led to an explosion of entrepreneurs attempting to hang their own shingle, with one 2018 study from accounting software provider FreshBooks projecting that the number of self-employed individuals will triple by 2020.
However, many small business owners underestimate their risks. Forty-eight percent of owners of small and mid-sized businesses (SMBs) don’t believe their businesses are big enough to be targeted by fraudsters, according to a study by fraud protection company Emailage. However, small companies with 10 to 49 employees reported the highest losses due to fraud, averaging $37,258 per incident, the same study found.
Whether you have one employee or 100, credit card fraud can hurt you. Here are some ways that you can lower your risk.
Protect your point-of-sale system
“When it comes to point-of-sale fraud, what businesses are most likely to run across is card skimming,” says Jason Glassberg, a cybersecurity expert and co-founder of Redmond, Washington-based Casaba Security.
This could be physical, such as when a chip is inserted into the POS device by a local criminal, or it could be digital, where the POS system is infected with card number-stealing malware. There is also the relatively new threat of shimmers, which are devices that can capture card data from EMV chip cards.
To combat this threat, provide as much physical security to your POS system as possible, Glassberg suggests.
“That means locking up POS devices during closed hours so they can’t be accessed by anyone except a manager,” he said.
Also, inspect POS devices at least a couple of times a week, “looking for anything out of the ordinary such as loose housing, exposed wire, bulky fitting or anything that seems out of place on the device,” Glassberg advises.
Finally, stay up to date on any software updates to your POS system.
Be vigilant online
The internet allows pretty much anyone to become a merchant since you don’t have to worry about real estate fees and other overhead that a brick-and-mortar store would require.
However, doing business online comes with its own set of risks. Card-not-present (CNP) fraud occurs when someone fraudulently uses a credit card number online, over the phone or in another manner where they don’t have to show you the physical card. According to Juniper Research, retailers could lose as much as $130 billion from CNP fraud between 2018 and 2023.
One of the best things you can do as a business owner to prevent CNP fraud is to require the user to have the card verification value (CVV) number for the card, whether the order is placed over the phone or online, says Glassberg. This three- or four-digit number can typically be found on the back of the card.
“You can also ask for the ZIP code associated with the card to weed out many of these fraudulent attempts,” Glassberg says.
Get third-party help
Even if you don’t have money to hire a cybersecurity staff, you don’t have to shoulder all the risk alone. There are companies such as NoFraud and Signifyd that specialize in fraud detection to help online merchants identify a possible risk before the sale goes through.
Dave Hermansen, CEO of e-commerce training company Store Coach, depends on such services to give incoming orders a “pass” or “fail” grade based on advanced algorithms, order histories tied to email addresses and other fraud detection methods.
“If an order gets a ‘pass,’ any loss you incur due to fraud is covered by [the fraud detection service],” Hermansen says. “If it is labeled, ‘fail,’ it’s up to you whether or not you want to ship the order – you will not be covered for fraud on those orders.”
Hermansen says his firm immediately cancels and refunds any orders that are marked “fail.”
Prevent fraud through training
If you have employees, their habits can put your business at risk. Make sure employees are aware of threats and train them on what to do and what not to do, says Yair Levy, professor of information systems and cybersecurity at Nova Southeastern University in Fort Lauderdale, Florida.
Let employees know the potential consequences of downloading an attachment from an unknown source or logging onto the company network from a public Wi-Fi connection since their actions can make it easier for malware to infect your company’s networks.
Make the move to mobile
As consumers increasingly use their smartphones to shop, there’s a security benefit to small business owners choosing to upgrade their equipment to accept mobile payments. If you can accept payments from mobile apps like Apple Pay, there is no credit card to be inserted into the payment terminal, which can cut down your risk of fraud, Glassberg says.
See related: Are mobile card readers safe for small businesses?
Consider cyber insurance – and a vulnerability test
As fraudsters and scammers are constantly changing their tactics and evolving, no business is 100 percent safe. A cyber insurance policy could save your small business from potential bankruptcy since it would pay for legal fees, customer notifications and other costs incurred if you do experience a data breach.
“As an added measure, if you have the means to do so, I would also highly recommend hiring a cybersecurity firm to carry out a ‘penetration test’ of your business network and POS system, to see how vulnerable you really are to an attack,” Glassberg says.
An ounce of prevention could not only protect your customers, but it could save your business.