Resources to help small businesses combat fraud
People who commit fraud and identity theft are smart about the businesses they go after. They target companies with the fewest resources for stopping these crimes, and small businesses are No. 1 on the list. The Association of Certified Fraud Examiners (ACFE) reports that small businesses lose money to fraud more than larger corporations, roughly $155,000 a year.
These crimes are committed in a number of ways. An employee might steal payment information from a business or its customers, or cyberthieves may tap into a merchant's network to steal credit card numbers. Whatever the means, fraud is a serious problem for small businesses. Let's take a look at ways you can help protect your business from fraud.
Guard your company’s financial information
Protecting company credit cards and bank accounts is the first step toward reducing fraud. Separate your personal and business bank accounts to ensure that if someone gains unlawful access to one, the other will be safe.
Limit credit card access strictly to trusted employees who need the card to do their jobs. You should also do your company banking online and make sure the mailbox you use for sending and receiving bills is protected from theft.
In addition to protecting proprietary business information, you also need to secure customer data. If personal customer information is stored anywhere on-site, make sure you know who has access to it and when.
Enforce a security policy among your employees
Security is a serious matter. The future of your business depends on it, and employees should know that. If you train them on how to prevent, identify and report fraud, you are reinforcing the expectation that maintaining security is everyone’s job, not just yours. It’s also important to remember the company security policy. Discuss it during staff meetings and evaluations, and update your training practices as needed. When security is at the forefront of everyone’s minds, it will empower them to help you protect the business and make anyone with bad ideas think twice about stealing from you.
Find a secure payment processor
Most cybercriminals steal data by striking at vulnerabilities in the payment processing system. Many POS systems now come with a full range of security options that add protection during the data transfer process, including the following.
EMV chip card technology
EMV cards use embedded microchips to store personal payment data. These chips are much more secure than the magnetic strips found on most payment cards today. As of October 1, 2015, merchants who have not made the investment in chip-enabled EMV acceptance technology may be held financially liable for in-store fraud that could have been prevented with the use of a chip-enabled acceptance device.
Encryption and Tokenization
Some POS systems use encryption and tokenization to help protect cardholder data. Encryption encodes the information with non-readable text, and tokenization replaces the customer’s data entirely using a “token” while the real information is whisked away into a highly secure vault. When used together, encryption and tokenization can significantly increase card data security.
Protect your internal network
Businesses that accept online orders and reservations are vulnerable to cyberthieves who sneak in by sending unauthorized messages into your system. A good firewall can block these, but you will also need a DMZ (demilitarized zone) to act as a buffer that validates legitimate incoming messages. A DMZ adds an extra protective layer to your cardholder environment and helps you meet PCI security standards.
Staying educated on fraud prevention is the most important step people can take to protect their businesses. You can use several online resources to stay current, including services offered by the U.S. Department of Treasury and other government agencies. The Federal Trade Commission is now taking a proactive role in helping businesses combat fraud. In September 2015, the organization is launching a new initiative called “Start With Security,” an ongoing education program focused on data security. When small businesses, security companies and government agencies work together, we can share the knowledge and tools it takes to keep fraud perpetrators out of business accounts and customer wallets.