Small companies may not have a lot of resources at their disposal to fight credit card fraud. But whether you have one employee or 100, card fraud can hurt you. Here are some ways that you can lower your risk.
The gig economy has led to an explosion of entrepreneurs looking to start their own businesses. In fact, QuickBooks’ 2020 State of the Self-Employed report found 28.4% of U.S. adults identified as self-employed at one point or another during 2019.
One incredibly important aspect of running your own business is security and fraud prevention. Yet, unfortunately, many small business owners underestimate the risk of bad actors and thieves targeting their establishments – whether it be cyberattacks (43% of all data breaches include small businesses, according to a recent Verizon study), cash theft, shoplifting or credit card fraud (an estimated 27% of online sales with merchants were found to be fraudulent transactions in a 2019 American Express survey).
While large businesses typically have hefty budgets to spend on fraud prevention, as a self-employed person or the owner of a small mom-and-pop shop, you may not have a lot of resources at your disposal – especially at the tail end of a global pandemic. However, there are some steps you can take to protect your business from credit card fraud no matter its size and lower the risk of fraud overall.
Protect your point-of-sale (POS) system
“When it comes to point-of-sale fraud, what businesses are most likely to run across is card skimming,” said Jason Glassberg, cybersecurity expert and co-founder of Redmond, Washington-based Casaba Security, in a previous interview.
This could be physical, such as when a chip is inserted into the POS device by a local criminal, or it could be digital, where the POS system is infected with card number-stealing malware. There is also the ever-present threat of card skimmers and shimmers, which are devices that can capture card data from EMV chip cards.
To combat this threat, provide as much physical security to your POS system as possible, Glassberg said.
“That means locking up POS devices during closed hours so they can’t be accessed by anyone except a manager,” he said.
Also, inspect POS devices at least a couple of times a week, “looking for anything out of the ordinary such as loose housing, exposed wire, bulky fitting or anything that seems out of place on the device,” Glassberg noted.
Finally, stay up to date on any software updates to your POS system.
See related: How small businesses can safely store card details
Be vigilant online
The internet allows pretty much anyone to become a merchant since you don’t have to worry about real estate fees and other overhead that a brick-and-mortar store would require.
However, doing business online comes with its own set of risks. Card-not-present (CNP) fraud occurs when someone fraudulently uses a credit card number online, over the phone or in another manner where they don’t have to show you the physical card. In fact, a study out of Javelin Strategy found that CNP fraud is 81% more likely to occur compared to POS fraud. Further, retailers could lose as much as $130 billion from CNP fraud by 2023.
One of the best things you can do as a business owner to prevent CNP fraud is to require the consumer to have the card verification value (CVV) number for their card, whether the order is placed over the phone or online, said Glassberg. This three or four-digit number can typically be found on the back of the card.
“You can also ask for the ZIP code associated with the card to weed out many of these fraudulent attempts,” Glassberg said.
Also, be on the lookout for potential “friendly fraud,” or credit card chargebacks initiated by customers looking to reverse a charge on their account for fraudulent purposes, in turn hurting the business they purchased from. In genuine circumstances, a customer can dispute a purchase if their bill was incorrect, the item is damaged, etc. For more information on what to do in these situations, consider reading the following expert business credit column on false disputes.
Get third-party help
According to Keeper Security’s 2019 SMB Cyberthreat Study, 60% of small business owners said they “do not have a cyberattack prevention plan” and 25% “don’t even know where to start with cybersecurity.”
Even if you don’t have money to hire a cybersecurity staff, you don’t have to shoulder all the risk alone. There are companies, such as NoFraud and Signifyd, that specialize in fraud detection to help online merchants identify a possible risk before the sale goes through.
Dave Hermansen, CEO of e-commerce training company Store Coach, depends on such services to give incoming orders a “pass” or “fail” grade based on advanced algorithms, order histories tied to email addresses and other fraud detection methods.
“If an order gets a ‘pass,’ any loss you incur due to fraud is covered by [the fraud detection service],” said Hermansen in a previous interview. “If it is labeled, ‘fail,’ it’s up to you whether or not you want to ship the order – you will not be covered for fraud on those orders.”
Hermansen said his firm immediately cancels and refunds any orders that are marked “fail.”
Prevent fraud through training
If you have employees, their habits can put your business at risk (especially as many employees have transitioned to a work-from-home environment sans an in-office security team, guaranteed VPN or in-person “phishing 101” lectures). Make sure employees are aware of threats and train them on what to do and what not to do, said Yair Levy, professor of information systems and cybersecurity at Nova Southeastern University, in a previous interview.
Let employees know the potential consequences of downloading an attachment from an unknown source or logging onto the company network from a public Wi-Fi connection since their actions can make it easier for malware to infect your company’s networks.
Make the move to mobile
As consumers increasingly use their smartphones to shop, there’s a security benefit to small business owners choosing to upgrade their equipment to accept mobile payments.
If you can accept payments from mobile wallets like Samsung Pay, Apple Pay and Google Pay, there is no credit card to be inserted into the payment terminal, which can cut down your risk of fraud, Glassberg said.
Consider cyber insurance – and a vulnerability test
As fraudsters and scammers are constantly changing their tactics and evolving, no business is 100% safe. A cyber insurance policy could save your small business from potential bankruptcy, considering it would pay for legal fees, customer notifications and other costs incurred if you do experience a data breach.
“As an added measure, if you have the means to do so, I would also highly recommend hiring a cybersecurity firm to carry out a ‘penetration test’ of your business network and POS system to see how vulnerable you really are to an attack,” Glassberg said.
An ounce of prevention could not only protect your customers, but it could save your business as well.
The bottom line
With the tips provided above, you can take the steps to protect your small business from fraud of all kinds, including credit card fraud, and ensure your information (and that of your patrons) is protected.
Should you ever experience other security threats related to your business (think: if your business credit card is stolen) be sure to contact your credit card issuer immediately, place a hold on the card and file a dispute if necessary; you should be able to easily contact your issuer using the number of the back of the physical credit card.