Protecting sensitive payment data is as beneficial to your business’s financial health as that of its customers.
Data reported by Javelin Research reveals that nearly 60 percent of small businesses have experienced some form of payment fraud.
Further, Javelin’s experts explain that smaller businesses tend to be more financially impacted by such events than mid- to large-size businesses, even with fraud liability protection plans and insurance-related reimbursements.
While you may not be able to eliminate fraud, you can take preventative measures aimed to minimize its likelihood, and limit the extent of damage if it does occur.
Here are some simple tips for fraud management any business can put into place for a more secure environment.
Incorporate Account Verification Tools Into Your Processes
Identity thieves have become adept at creating counterfeit versions of driver’s licenses, employment badges and fraudulent cards that were once considered reliable ways to verify identity. Fraud management now requires more sophisticated fraud detection capabilities, especially when selling online.
Invest in technology designed to test account information for validity and spot inconsistent and irregular information, such as an unusual volume of products shipped to one address. Today’s identity verification tools use statistical modeling to predict suspicious behaviors that many human processes cannot, and can ensure your fraud detection methods are aligned with the latest techniques used by criminals.
Learn From Other Breaches
Take note of the details behind well-publicized breaches to improve your fraud management strategy. In Target’s 2013 data breach, for example, the issue reportedly originated using log-in credentials assigned to an HVAC vendor who had access to sensitive information in Target’s database. If you allow vendors to access your systems, instill controls for how you will manage their access.
Network World reports that the hack of health insurer Anthem resulted in the breach of 80 million personal records originated by hackers figuring out an administrator’s password, while a hack at Premera, another major health insurer, began with an email phishing scheme that lured employees into downloading malware.
Your internal processes play a significant role in your ability to manage fraud, including protocol for how employees establish and protect their passwords, and use their company email.
Related Article: Lock It Up: How to Ace Email Security in 2016
Audit Your Point-of-Sale Systems Consistently
Data thieves commonly use skimming devices to obtain customer data from cards inserted into an ATM or payment terminal. Include audits of all point-of-sale hardware and mobile payment devices to confirm that there has been no evidence of tampering as part of your business’s daily opening and closing procedures.
Educate your staff on the appearance of skimming devices to make it easier for them to spot suspicious equipment: Some skimming devices are razor thin, while others look similar to a small microphone.
Educate Your Customers and Team on Payment Security
Educate your customers on the importance their actions have on fraud management. For example, very few people take the precaution of covering their typing hand to prevent detection of the data when entering a PIN number at the point-of-sale or to withdraw money from an ATM.
While many credit and debit cards now include a magnetic strip on the back of the card and an EMV chip on the card’s front (your point-of-sale may accommodate both), EMV chip card terminals provide a more secure payment experience. In fact, the United Kingdom decreased its payment fraud rates by nearly 20 percent just one year after it transitioned to EMV chip cards, according to First Data.
However, EMV chip cards provide more security only when customers change their habit of swiping at the point of sale. Educate them on the reasons they’ll benefit from using their EMV chip card. For example, EMV chip cards use a process called tokenization in payment processing.
Related Article: Internet of Things: Security, Compliance, Risks and Opportunities
The “token” is a randomly assigned set of numbers that replaces the customer’s sensitive information for enhanced fraud management. If cyber criminals intercept a transaction, the token data they’ll access can’t be used to identify the customer or initiate further fraudulent transactions.
Any business that handles sensitive data, including various forms of customer payment, is a potential victim of a breach, hack or similar form of identity theft. With proactive fraud management processes, your business can reduce the likelihood of a fraudulent event, and manage the financial implications of the fraud, if it does occur.