Make sure you’re taking credit card security seriously in 2016
It seems you can't turn on a news program or read your favorite news website without hearing about a large data breach or compromised customer data. Security breaches against retailers are growing so frequent they are almost commonplace.
Consider these findings from the Association for Financial Professionals' 2016 Payments Fraud and Control Survey:
- 73 percent of companies were targets of payments fraud last year.
- 42 percent of survey respondents reported that the incidents of fraud attempts increased in 2015.
- Though checks continue to be most often subject to fraud, there is an increase in fraud via wire transfers and corporate/commercial credit cards.
- More than 50 percent of respondents foresee transactions in which cards are not present will be exposed to greater fraud activity.
It's important for all merchants to take preventive measures to protect themselves and their customers from credit card fraud. Protecting credit card data requires a comprehensive approach that incorporates people, processes and technology. Let's look at each individually.
Your employees are the first line of defense against credit card fraud. Employees should understand that credit card fraud doesn't only happen at the POS and that their own activities could inadvertently compromise cardholder data. The following strategies can reduce the likelihood of fraud:
- Educate employees on current payment fraud practices and how to spot suspicious activity, whether that be in person, on the phone or online.
- Train employees on best practices for protecting cardholder data.
- Educate employees on phishing scams, proper password protocols, and your company's information security standards.
- Be aware of card issuers' guidelines for fraud prevention and discuss these with your employees, especially cashiers and those on the front line.
Another way to increase credit card security is to become PCI compliant - which is also not an optional task for any merchant that accepts credit and debit cards. PCI Security Standards include security controls for ensuring that customers’ card data is kept secure throughout the entire transaction process, not just when the card is swiped. PCI Security Standards also protect cardholder data during online or telephone payments. You can find the twelve detailed PCI requirements here.
In addition to maintaining PCI compliance, consider these additional best practices:
- Develop a solid information security strategy for your company.
- Tightly control downloads, software installations, the use of thumb drives and public Wi-Fi connections on computers used for payment card processing.
- Ensure all employee manuals are kept current and detail proper handling of sensitive information, including cardholder data.
- Confirm all of your third party vendors are properly implementing and maintaining security controls, as a breach to their systems can compromise your own.
- Have a response plan ready that outlines the specific steps you'll take should you experience credit card fraud.
There are a variety of tools available to boost your credit card security. Consider the following steps:
- Upgrade credit card POS swipers to accept EMV and chip cards.
- Investigate technology such as Vantiv's OmniShield Assure to safely accept payments and dramatically reduce your fraud liability.
- Install advanced firewalls, malware and spyware detection software and anti-virus software.
- Update all technology as required. It's not effective if it isn't current.
- Consider tokenization technology to encrypt credit card information.
There is no silver bullet to stopping credit card fraud, but by taking a comprehensive approach to credit card security you can significantly reduce your vulnerability to internal and external threats.