With the evolution and proliferation of ecommerce and chip enabled credit cards, credit card fraud has been going through a metamorphosis over the past couple of years. As the tides change, smaller businesses in particular need to be paying attention and taking action. Without the proper precautions, small businesses are prime targets for fraudsters and hackers who can compromise sensitive data and send a crippling financial blow.
The Closing Window of Opportunity and the Opening of a New Window
As the US is slowly introduced to EMV chip credit cards, point-of-sale credit card fraud is expected to decline in the coming years. According to reports by Javelin Strategy and Research:
POS card fraud will become progressively less lucrative. Card counterfeiting will border on impossible, given the inherent security of EMV chip-cards… Additionally, merchants who use encryption or tokenization would effectively render data gained from compromised terminals useless for future POS transactions. These factors will largely restrict POS card fraud to lost or stolen cards… [which] are significantly more difficult to acquire and are more likely to be canceled shortly after compromise… [F]raudsters at brick and mortar stores face a closing window of opportunity.
But while physical credit card fraud may be on the decline, all indications point to a significant rise in online credit card fraud as the surge in ecommerce continues. According to Javelin Strategy and Research, online fraud in the U.S. is expected to nearly double to $19 billion by 2018 from $10 billion in 2014.
Though all businesses and organizations operating online are being affected by fraudulant activity, small businesses are the most vulnerable because many are unable to afford the systems to detect and prevent it. Moreover, when it comes to online purchases, the merchant is typically the one paying for the fraud. If for example, a fraudulent customer uses a stolen credit card to purchase a product, typically by the time the real cardholder discovers the charges, the fraudster already has possession of the items. While the real cardholders are often not liable for unauthorized transactions, retailers have no such protection. Thus, when the true cardholder eventually reverses the payment, the retailer must foot the bill- an amount that includes the cost of fulfilling the order, the lost revenue of the sale, and the fees associated with receiving the chargeback (which can easily reach 25% of the transaction amount)!
What Can Small Businesses Do to Prevent Online Fraud?
In order to prevent or at least reduce a small business’ exposure to credit card fraud online, there are three things that need to be in place: knowledge of safety compliance, technology, and good payment processing practices. We’ll briefly go through each one below.
1. Maintain PCI Compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information do so in a secure way. PCI is developed to proactively protect customer data, such as account numbers, names, addresses, and social security numbers. PCI compliance generally involves basic security precautions, such as maintaining a firewall between the business’ Internet connection and any system that stores credit card numbers.
2. Technology. There are various software applications out there that can help companies weed out fraudulant activity. Usually, these tools consider a number of potential red flags, such as whether the shipping and billing addresses match, whether the order is placed from an unfamiliar computer, device, or location, and whether the email address associated with the order has changed. Once suspicious activity has been identified, the business can then investigate further.
Another important element to consider is the ecommerce platform. Some of the most popular platforms actually do not offer so much fraud protection. So, this is something that should be researched before hand.
3. Payment Processing Best Practices. The best software in the world, however, won’t help a business that is careless with sensitive data. Businesses that are serious about data security will make the effort to routinely check that their fraud protection systems are working as they should. For example, business owners should check to see if all checkout URLs maintain a secure connection (“https”) during the checkout process. They should also set up system alerts that allow them to quickly and effectively screen out fraudulant activity, and make it a point not to store any more data than needed on customers and their transactions.
Bottom line: those businesses that process payments online need to be extra vigilant these days. Online fraud can easily ensnare a business, causing severe damage to a business’ reputation and its profitability. But, with the right knowledge, preparation, and tools, small businesses have the best chance of making it through unscathed.