Retail businesses are getting hit hard with the Covid-19 pandemic, and this is especially true for independently-owned shops and stores who are working with limited cash flow. As we approach the holiday shopping season this year it may look and feel very different. More online shopping is a given, and small business owners take the risk with the reward.
Credit card fraud is an ever-present threat for businesses, especially what’s called a Card-Not-Present, or CNP for short, transaction. Of the various types of CNP transactions you may be surprised to hear that it's not just the online variety that are being targeted. The reality is, transactions done over the phone or by mail are heavily exploited by fraudsters because there are gaps in security for those types of transactions that are well known by criminals.
A recent article published in the Washington Post says that “While microchips in credit cards have sharply reduced fraud in transactions that take place in stores, mobile and online transactions have become the low-hanging fruit of criminal opportunity.”
It goes on to state that “‘Card-not-present’ credit, debit and prepaid card fraud has ballooned in the United States in the last few years, reaching $4.57 billion in 2016, up 34 percent from the year before, according to the most recent Federal Reserve Payments Study.”
To help all the small business owners out there, I’m going to provide you with 4 tips on how to keep you and your customers safe from fraud this holiday season.
Perform a PCI DSS compliance audit on your business. The PCI Security Council provides a thorough set of guidelines and documents to help you find any gaps in security throughout your transaction process. Information on the process as well as downloadable documents can be found on the PCI DSS website here.
Verifying address and personal information at time of transaction. This one seems obvious but many employees may be unaware. Remind your staff to verify information when possible.
Don’t write down customer’s credit card information. We’ve all done it - we take an order over the phone and the customer asks “can I just give you my number over the phone?”. It’s tempting but it’s also a breach of PCI security standards. Instead, use a virtual terminal to allow for entering credit card information directly into your merchant provider’s system. Most banks and providers have an online, secure portal that can be used for transactions. Talk to your bank for more information.
Use a PCI compliant tool to help you process transactions over the phone. There are several on the market, but look for ones that are cost effective and can easily integrate into your systems. They should not be expensive, and they may also offer additional security through voice bio-metrics, encrypted tokens, or pass codes.
Do whatever you can this season to make sure the money you do earn stays in your account and doesn’t get lost to charge-backs from your bank. #TechnologyTuesday
No comments:
Post a Comment