Accept your mission: Credit card fraud protection
You may be cool, but you’re not James Bond cool. And that’s okay, because odds are, if you’re reading this article, you’re not an international spy with a cache of high-tech secret weapons either. But that doesn’t mean you don’t have a huge responsibility to protect your customers and your business against a multi-billion dollar, international cybertheft industry. You do.
You’re probably thinking, “…who me? Little old me, with my small local business? Surely I can’t be held responsible for the $36,000 per minute fraud industry.” But unfortunately, you are responsible for fraud and data security at your business if you accept credit cards. It's in the fine print of your merchant agreement, regardless of which payment processor you use.
Credit card fraud protection is a big responsibility. But with some knowledge and the right support from your payment processor, you can become part of the defense team instead of an unwitting accomplice. Read on to learn more about the risks and consequences of fraud and data theft and how to put a stop to it.
The risks of a data compromise
Fraud is generally the result of data theft. It all starts when a thief steals the sensitive data and cardholder information from a payment card. Sometimes, this happens by stealing the actual card itself. But more often, it happens by stealing the sensitive data when it’s exposed during or after a payment transaction. This is known as a data compromise.
There are several ways to steal card data and thieves are constantly working to improve their craft, so their methods change with high frequency. But in general, thieves hack into or install malware on a vulnerable payment system and create a secret virtual doorway where they can extract the data being pushed through the system during transactions. The length of time that doorway is left open and the volume of cards the business is processing determines how many records are stolen. The longer it takes the merchant to realize they have been compromised, the more damage occurs. The now infamous Target data breach of 2013, for example, took place over the course of 17 days and resulted in about 110 million compromised cards.
Other popular methods of stealing data include installing skimmers at ATMs or gas stations so that when a payment card is swiped, the data is collected and copied to a hacker’s database or data repository.Additionally, some older payment solutions store sensitive data in the system to be used for future transactions like tip adjustment or recurring transactions. That data is vulnerable to theft as well, and could be stolen long after the transaction was made.
Once the hacker has the data, it is either sold raw on the black market to other fraudsters, or used by organized crime rings to operate large scale fraud operations to create counterfeit cards, steal merchandise, and/or create fake identities. Regardless of who ends up with the data, the end result is usually fraud.
Fraud is the theft of actual goods and services as opposed to data. But like data theft, fraud takes many different forms, is constantly evolving, and is often highly organized and funded by large crime rings.
The consequences of data theft
The consequences of data theft are many, starting with public embarrassment and loss of consumer trust, and oftentimes ending with the closure of the business. In fact, research suggests that 60 percent of small businesses close within six months of a data breach, in part because 69 percent of consumers are hesitant to do business with a breached organization. With the other part owing to the devastating fines, fees, and penalties involved in a data breach.
While a small business won’t suffer the same magnitude of financial loss as a major retailer like Target, with their $39 million settlement, they don’t usually have the sheer volume and market penetration needed to overcome such a loss either.
The cost of a data breach largely depends on the industry, the cause of the breach, and the number of records stolen. The longer it takes to detect a breach, the greater the cost. The 2016 Ponemon Institute Data Breach Study found that a breach costs an average of $158 per stolen record, and more specifically, $172 per record for the retail industry. If you consider how many transactions you ran during the same time period that Target was compromised, 17 days during the biggest shopping season of the year, you might start to get an idea of how deeply a breach could affect you. But don’t forget to take into account that Target has massive IT infrastructure and detected the breach themselves—a scenario unlikely for most small businesses that tend to experience breaches that go undetected for significantly longer periods.
Fraud also has a major financial impact on small businesses. Up until October 2015, card issuers had liability for fraudulent transactions. But since then, a new card processing technology was adopted in the U.S. called EMV (Europay, MasterCard, Visa) and the card brand networks shifted liability from issuers to merchants for in-store fraud involving a chip card. Today, if a merchant doesn’t process a credit or debit card that has a data chip using an EMV-enabled terminal, and the transaction ends up being fraudulent, the merchant pays in the form of lost goods and/or services, plus the chargeback and related fees. And since the majority of cardholders now have at least one chip card in their wallets, merchants processing these cards without EMV terminals have a high likelihood of seeing a sharp increase in chargebacks.
The potential fraud losses of a business without EMV technology depends on the volume of business they transact and the average ticket price of their merchandise or services. The LexisNexis 2016 fraud report found that every dollar of fraud costs U.S. merchants $2.40, and that fraudulent transactions happen up to 206 times per month on average.
The payment fraud solutions
Now that we’ve discussed the various fraud and security threats to small businesses and their possible consequences, we can get back to the discussion of how to outfit your business with security tools that would put a smile on James Bond’s face.
Fighting fraud and data security threats requires a four-part strategy: maintaining compliance with PCI data security standards to help prevent a data breach; protecting sensitive data with encryption and tokenization technology while processing transactions; processing chip cards with EMV-enabled terminals; and investing in a breach protection solution to help cover the costs if a breach does occur.
But the part that will put a smile on your face is that Vantiv takes care of all of that for our merchants. We put all of those tools and technologies into one affordable service so that you don’t have to moonlight as a secret agent in order to avoid the pain and aggravation of fraud and data compromise.
Not a Vantiv merchant? Ask your payment provider about their security offerings to see if they stack up. Or, contact us for more information about how we can help your business get and stay secure.