How to protect your business from fraud until your EMV terminal arrives
Since so few merchants were truly prepared for the Oct. 1 EMV chargeback liability deadline - only 301,000 out of 6 million business owners - more companies are now in the process of making the shift. The transition requires new hardware that is able to read the chipped credit cards. Some businesses are experiencing delays with this implementation, as the influx of orders has many technology providers backed up. As organizations wait for their new equipment, they shouldn't let fraud protection become a lesser priority. Instead, they should use the following four ways to protect their business in the meantime:
1. Become PCI compliantThe Payment Card Industry frequently releases updated Data Security Standards, which provide steps for merchants to take to protect their customers' sensitive information from hackers. The guidelines are not mandatory under any federal regulations, similar to EMV, but entrepreneurs face costly penalties if counterfeit purchases continue to occur on their non-compliant equipment. The most recent version of the PCI DSS went into effect on Jan. 1, 2015, and included new rules for merchants to follow. While it's important to note that PCI compliance is an ongoing process that requires companies to stay updated on changed standards, there are 12 actions they should take for basic adherence. They are as follows:
- Install and maintain firewall software.
- Do not use vendor-supplied defaults for system passwords and other security purposes.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open and public networks.
- Install, use and maintain antivirus software.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data on a need-to-know basis.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for all employees.
2. Use proper online validationAs a result of the introduction of EMV, more fraudsters are going online to make their counterfeit transactions. This is a growing problem business owners must be aware of when protecting their ecommerce sites. Since hackers may find it easier to make fraudulent purchases on the web, companies must take extra precautions to ensure consumer information is secure. To validate that the credit card data matches the person making the purchase, businesses can ask customers to send in copies of both sides of the card, as well as the person's state-issued identification card . With this proof, enterprises can make sure the transaction is not fake.
Merchants should also be wary of different "bill to" and "ship to" addresses, as this can be a sign of counterfeit credit card use. Requesting telephone numbers for each location is a smart step organizations can take to verify the information is not fraudulent.
3. Take a closer look at large purchasesMost people have had the experience of having their credit card frozen if their transactions are large and seem suspicious to the card provider. Merchants should implement this strategy as well to avoid counterfeit purchases. When they see an order containing many expensive items, businesses should flag it to verify the details of the interaction are actually real. Since thieves often try to make as many purchases as possible before a credit card is reported stolen, quick action by merchants could stop the fraudster in his or her tracks.
Hackers may also use a false address but likely add their own phone number to the order. Organizations should request a courtesy call from the credit card provider to the contact information listed to verify the buyer. If the data doesn't match up, the issuing bank or the credit card company can automatically freeze the account and alert the business that the transaction is fraudulent.
4. Educate employeesEmployees can be a business's largest vulnerability if they aren't properly trained on the signs of fraud and actions to take when they suspect a fraudulent transaction. Merchants should make sure to hold regular educational sessions to keep people updated on current counterfeit trends and the steps to take when they suspect something. (5) Businesses should also have a policy in place for reporting these instances and guidelines for handling customers' sensitive information. With the proper preparation, businesses can ensure employee behavior is not causing any additional problems for clients.
Because of high demand, many businesses are facing delays in the delivery of their EMV-enabled equipment. While waiting for this new hardware to arrive, merchants should focus on keeping consumer information secure. They can do this by becoming PCI compliant, holding fraud education training for employees, implementing stronger online validation processes, and flagging large, and possibly fraudulent, purchases. By taking these actions, merchants are in a better position to protect themselves from counterfeit transactions and all the associated headaches.