Three ways to help your merchants avoid credit card fraud
When it comes to payment security issues, educating your customers is critical, but with so much information out there it is difficult to know where to start. Along with adhering to PCI compliance, here are three things to focus on that can make a huge impact in keeping your merchants secure.
1. Secure remote access entry points
Remote access in and of itself does not present a threat. It’s the practice of leaving the window open for remote access when a vendor is not conducting work, that presents an issue because it provides an additional entry point to the network and leaves the network vulnerable to hackers.
Fraudsters are constantly pinging networks looking for behaviors and trends with multiple access points, and frequently use opened pathways as an indicator of a network with compromised security.
The following steps should be taken to secure remote access points:
- Disable remote access accounts when no longer needed
- Use the latest version of remote management product
- Limit the number of people using remote access
- Reboot the software daily when applicable, to clear volatile memory
- Use two-factor authentication and complex passwords
2. EMV is only part of the solution
There is a misconception permeating the marketplace that chip and signature is the industry’s primary answer to all fraud deterrence, but it is a very small piece of the puzzle to protect merchants and their customers. Implementing EMV-enabled technology to help decrease card present fraud is certainly a step in the right direction, and we have seen the effectiveness of EMV adoption in other countries. For example, the UK has seen an 80 percent decrease in card present fraud since EMV was rolled out in 2004.
Best practices certainly include processing credit cards on an EMV capable solution, but as we move further way from the liability shift of 2015, network breaches are increasing at an alarming rate. Merchants need to understand that EMV does nothing to protect them from a breach. An EMV enabled solution is merely one step toward moving from the chip and signature protocol to the chip and pin that makes the fraudulent card all but useless without the pin.
3. A secure network is critical
The value in fully encrypted and tokenized networks cannot be understated. Both of these protocols help reduce payment fraud by making it more difficult, if not impossible, to mine intact credit card numbers from a breached network.
With a fully encrypted and tokenized network, credit card data is protected in transit across the larger network, as well as at rest. It is important to note that best practices call to encrypt card information from the swipe point all the way to the issuing bank and back to the terminal (referred to as point-to-point or end-to-end encryption), as mag swipe readers are as susceptible as any part of the network.
Understanding these three points along with maintaining PCI compliance gives merchants an advantage when considering their security options in the current environment.
As the industry is complex, it is up to us as credit card processors, VARs and ISV’s to educate and evangelize these solutions.
Ultimately, that’s what protects both us and our valued clients.
Vantiv OmniShield Assure assists with PCI compliance and protects against the four major threats affecting businesses -- fraud, data compromise, PCI non-compliance and financial loss. For more information, please contact Vantiv Integrated Payments at 800-846-4472
Venture Partnership Manager
Jim Sperry has collaborated with Vantiv partners for 6 years. He has 14+ years of sales experience in the tech industry, working with software developer and re-seller partners to drive revenue and secure networks in both the indirect and direct sales models. His professional passions are partnerships that lead to joint success, product innovation and simplifying what others see as complex.