BACK

Ridofranz / iStock / Getty Images Plus

Business

How entrepreneurs can protect themselves from credit card fraud

Strategies to keep your business safe no matter its size

Summary

Small companies may not have a lot of resources at their disposal to fight credit card fraud. But whether you have one employee or 100, card fraud can hurt you. Here are some ways that you can lower your risk.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

Large businesses typically have hefty budgets to spend on fraud prevention, but if you’re self-employed or the owner of a small mom-and-pop shop, you may not have a lot of resources at your disposal.

However, there are some steps businesses can take to protect themselves from credit card fraud no matter what size they are.

The gig economy has led to an explosion of entrepreneurs attempting to hang their own shingle, with one 2018 study from accounting software provider FreshBooks projecting that the number of self-employed individuals will triple by 2020.

However, many small business owners underestimate their risks. Forty-eight percent of owners of small and mid-sized businesses (SMBs) don’t believe their businesses are big enough to be targeted by fraudsters, according to a study by fraud protection company Emailage. However, small companies with 10 to 49 employees reported the highest losses due to fraud, averaging $37,258 per incident, the same study found.

Whether you have one employee or 100, credit card fraud can hurt you.  Here are some ways that you can lower your risk.

See related:  Is it safe for merchants to accept new digital payment forms like PayPal, Venmo, Zelle?

Protect your point-of-sale system

“When it comes to point-of-sale fraud, what businesses are most likely to run across is card skimming,” says Jason Glassberg, a cybersecurity expert and co-founder of Redmond, Washington-based Casaba Security.

This could be physical, such as when a chip is inserted into the POS device by a local criminal, or it could be digital, where the POS system is infected with card number-stealing malware. There is also the relatively new threat of shimmers, which are devices that can capture card data from EMV chip cards.

To combat this threat, provide as much physical security to your POS system as possible, Glassberg suggests.

“That means locking up POS devices during closed hours so they can’t be accessed by anyone except a manager,” he said.

Also, inspect POS devices at least a couple of times a week, “looking for anything out of the ordinary such as loose housing, exposed wire, bulky fitting or anything that seems out of place on the device,” Glassberg advises.

Finally, stay up to date on any software updates to your POS system.

See related:  Gas pump and ATM skimmers: How to spot and avoid them

Be vigilant online

The internet allows pretty much anyone to become a merchant since you don’t have to worry about real estate fees and other overhead that a brick-and-mortar store would require.

However, doing business online comes with its own set of risks. Card-not-present (CNP) fraud occurs when someone fraudulently uses a credit card number online, over the phone or in another manner where they don’t have to show you the physical card. According to Juniper Research, retailers could lose as much as $130 billion from CNP fraud between 2018 and 2023.

One of the best things you can do as a business owner to prevent CNP fraud is to require the user to have the card verification value (CVV) number for the card, whether the order is placed over the phone or online, says Glassberg. This three- or four-digit number can typically be found on the back of the card.

“You can also ask for the ZIP code associated with the card to weed out many of these fraudulent attempts,” Glassberg says.

See related:  Shielding business accounts from levy by personal creditors

Get third-party help

Even if you don’t have money to hire a cybersecurity staff, you don’t have to shoulder all the risk alone. There are companies such as NoFraud and Signifyd that specialize in fraud detection to help online merchants identify a possible risk before the sale goes through.

Dave Hermansen, CEO of e-commerce training company Store Coach, depends on such services to give incoming orders a “pass” or “fail” grade based on advanced algorithms, order histories tied to email addresses and other fraud detection methods.

“If an order gets a ‘pass,’ any loss you incur due to fraud is covered by [the fraud detection service],” Hermansen says. “If it is labeled, ‘fail,’ it’s up to you whether or not you want to ship the order – you will not be covered for fraud on those orders.”

Hermansen says his firm immediately cancels and refunds any orders that are marked “fail.”

See related:  How to protect your small business from a data breach

Prevent fraud through training

If you have employees, their habits can put your business at risk. Make sure employees are aware of threats and train them on what to do and what not to do, says Yair Levy, professor of information systems and cybersecurity at Nova Southeastern University in Fort Lauderdale, Florida.

Let employees know the potential consequences of downloading an attachment from an unknown source or logging onto the company network from a public Wi-Fi connection since their actions can make it easier for malware to infect your company’s networks.

Make the move to mobile

As consumers increasingly use their smartphones to shop, there’s a security benefit to small business owners choosing to upgrade their equipment to accept mobile payments. If you can accept payments from mobile apps like Apple Pay, there is no credit card to be inserted into the payment terminal, which can cut down your risk of fraud, Glassberg says.

See related:  Are mobile card readers safe for small businesses?

Consider cyber insurance – and a vulnerability test

As fraudsters and scammers are constantly changing their tactics and evolving, no business is 100 percent safe. A cyber insurance policy could save your small business from potential bankruptcy since it would pay for legal fees, customer notifications and other costs incurred if you do experience a data breach.

“As an added measure, if you have the means to do so, I would also highly recommend hiring a cybersecurity firm to carry out a ‘penetration test’ of your business network and POS system, to see how vulnerable you really are to an attack,” Glassberg says.

An ounce of prevention could not only protect your customers, but it could save your business.

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Business

How to dispute chargeback for services not received

If there’s a service you were charged for but never received, you’re entitled to a refund. But if the company won’t abide, you can contact your credit card issuer and request a chargeback.

See more stories
Credit Card Rate Report Updated: March 25th, 2020
Business
14.34%
Airline
16.33%
Cash Back
16.55%
Reward
16.49%
Student
16.51%

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.