Credit card fraud is bad news for any business, but for small businesses especially, the financial impact of shipping out merchandise for which you will never be paid can be devastating. The combination of lost money with the possibility of being blacklisted by payment processing companies when they learn of the fraud can be enough to sink a business entirely.
Along with preventing your business from being the victim of fraud, there’s another important and directly related consideration to take – the security of your customers’ financial information as it passes through your systems, both during and after a transaction. Whereas a huge company like Target may be able to ride out the bad PR nightmare of having millions of their customers’ credit and debit card numbers stolen by hackers, a smaller business would likely never recover.
If you’re running an online business, these two considerations are paramount.
Here are six easy ways to protect yourself, and your customers:
1) Maintain PCI Compliance
The Payment Card Industry Data Security Standard pertains to all companies that accept credit card payments, and is specifically designed to protect both you and your customers’ sensitive data. Make sure you understand which standards apply to your business model, as there are differences.
According to the PCI Security Standards Council, there are 12 requirements to achieve security:
- Maintain a firewall to protect cardholder data.
- Use only unique and secure passwords created by your company.
- Protect stored data.
- Encrypt transmission of cardholder data across open, public networks.
- Use appropriate anti-virus software.
- Develop and maintain secure systems and applications.
- Carefully restrict access to cardholder data.
- Assign a unique ID to every person with access to important information.
- Restrict physical access to cardholder data.
- Track all access to cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that pertains to information security.
2) Use End-to-End Encryption
Encryption is good, end-to-end encryption (E2EE) is better. While encryption allows for anyone with authorization to access information (which makes it more susceptible to cyberthreats), E2EE only allows access to the sender and recipient. You should speak to your IT department about installing encryption tools that will take care of the issue.
3) Don’t Store Credit Card Information Locally
Any time you store a customer’s financial information in a database, you’re exposing it to anyone who happens to gain access to that database. Hackers aren’t your only concern here – employees with access to databases may abuse their privilege by gaining restricted information. Therefore, it’s best to simply not store credit card information at all after a transaction is completed.
4) Be Wary of Different Shipping and Billing Addresses
When the shipping and billing addresses on an order are different, you have no guarantee that the one ordering the merchandise and the cardholder are the same person. The best way to protect against being defrauded in these types of situations is by simply asking the online purchaser to verify other kinds of information that an identity thief would be very unlikely to know. Security verification codes on the reverse side of credit cards are one common example.
5) Strengthen Your Website’s Security Measures
Some of the most common ways fraudsters gain access to your information are actually not high-tech at all – they are through lackadaisical password practices.
- Use a password manager – Many businesses will reuse passwords because they are so hard to remember. A password manager works by generating strong passwords and storing them under encryption.
- Use two-step authentication – Two-step authentication gives you an extra layer of security by demanding two pieces of information for every login attempt. You can do this via a single-use authentication code received via SMS.
6) Have a plan for when fraud does happen
Your business will need a procedure for when someone attempts to defraud you, and for when you determine that you shipped goods to a recipient who turns out to be posing as someone else.
If you have employees, make sure they are aware that if a purchaser fills out information incorrectly or incompletely, it is possible that they are not the true cardholder. Employees should be instructed to flag any purchase they aren’t sure about until it can be reviewed by you. If there’s any question about the veracity of the information, you can quickly contact the card issuer to see if the card has been lost or stolen.
If you are dealing with goods that have already been sent out, you should call the company that issued the card as well as the police department that is local to the recipient’s address.
Credit card fraud is actually on the decline overall, but that’s mostly thanks to the new embedded chips making it harder to counterfeit physical cards. Online merchants should continue to do everything they can to protect themselves from bad transactions, while making sure that their customers’ sensitive information stays private and protected.
About the Author
Maricel Tabalba is a freelance contributor for Credit.com who is interested in writing about personal finance advice for Millennials and college students. She earned her Bachelor of Arts in English with a minor in Communication from the University of Illinois at Chicago.