If your business makes a sale to a fraudster, you could lose the cost of the goods in addition to a charge-back fee. Know-how and technology make the best defense
The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.
The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.
Dear Your Business Credit,
I recently opened a gift shop and am accepting the major credit cards. I have one employee. What practices are most effective in avoiding credit card fraud? — Danielle
I’m glad you asked this question early in the life of your store. Many business owners don’t pay enough attention to fraud prevention — until it’s too late.
If your business makes a sale to someone who makes a fraudulent charge, you could lose the cost of the goods, according to Wells Fargo. There may also be charge-back fees to pay if the legitimate cardholder disputes the charge.
Some of your customers may not be happy to slow down long enough for you to scrutinize their cards, but if you explain that you check the cards to protect your clientele from fraud, they should understand. Personally, I am always grateful when a store scrutinizes my card and signature, because I know the employees would be likely to do the same if a criminal stole my card.
Occasionally, you may run into a card that says “See ID” on the stripe where the signature should be. The customer wants the cashier to look at their ID photo instead of comparing the signatures on the card and receipt — usually because they think they’re protecting themselves against forgeries. But Visa and MasterCard both stipulate that merchants should not accept unsigned cards. According to Wells Fargo, you may be liable for the charge if the customer has not signed the card.
If you’re considering asking for ID in addition to examining the card signature, be warned. Some card networks ban this practice, so you’ll need to check with them. Also consult your state attorney general’s office to make sure it’s legal in your state.
Be aware that credit card fraud isn’t always perpetrated by people we commonly view as criminals. A substantial amount is committed by family members of the victims, such as a teenage child or a relative with a drug problem, according to Experian. The victims don’t always report family members’ charges as fraudulent, but in case they do, it’s a good idea to stick with your credit card verification procedures for all customers and refuse to accept credit cards for a purchase from a family member who is not a cardholder.
There are some types of credit card fraud you need to tackle with technological solutions, because they involve the theft of consumers’ credit card information through your point-of-sale system. This kind of threat is growing. Verizon’s 2013 Data Breach Investigations report says more than 47,000 security incidents were reported by organizations around the world in 2012. Verizon was able to confirm that data was disclosed to perpetrators in 621 of the cases. Among those 621 cases, Verizon confirmed that the largest number, 193, happened at small firms with 1 to 100 employees. Among the confirmed breaches, 24 percent happened in retail environments and restaurants.
Point-of-sale fraud was one of the most common types of breaches among the 621 cases. A particular hazard to small business is what Verizon calls the “POS smash-and-grab.” It involves a combination of “brute force” password guessing attacks and malware. About 111 of the 621 verified attacks fell into this category.
There are many ways to prevent this type of fraud, according to Verizon. For instance, you probably hired an integrator to install your point-of-sale system. If you did not change the default password for your system, you should. For other suggestions, see Hackers up the ante for small-business data security.
Good luck with your business, and be safe!