Did you know that North America is the largest target of credit card breaches in the world? In fact, we account for about 72% of breaches. Drill that down to the US of A, where card theft is a whopping 47% of all worldwide fraud, but we only account for around 24% of worldwide credit card processing volume. So why is our ration of transaction to fraud so high? Most experts think it has to do with the lag time in adopting the EMV standards. We know it can be a little annoying because it’s slower, but how much more annoying can it be when your card data is compromised and you go through the motions of closing cards and getting replacements?!? Aren’t those extra few seconds worth it for more peace of mind?
Just because we have now adopted the EMV standards doesn’t mean card fraud still does not happen. It is reported that small businesses take about a 5% annual hit in revenues for just fraudulent activity. In face-to-face business, or swiping, fraud is decreasing. But that means other avenues are increasing exponentially. Even before the new standards were instituted, card-not-present fraud accounted for almost 50% of ALL fraudulent activity. Here are some tips and recommendations, both by experts and through our personal experience, to help protect your business AND your customer from credit card fraud.
- Trust your gut. Always, in all ways. If it doesn’t feel or look or sound right, it probably isn’t. If you are questioning something, get in touch with your rep immediately to ask for their direction.
- Check ID in face-to-face situations. Always. It doesn’t matter who it is. If you do not have a personal relationship with the person standing in front of you and the one listed on the card, check the ID.
- Keep the credit card terminal out of customer reach. PIN pads are fine to be customer-facing, and necessary. But the actual terminal is where your files are stored and your program is built; protect it.
- Do not leave customer card data laying around. Ever. If there is any reason it is written on a piece of paper, keep it under lock and key with very limited employee access. Once inputted into your terminal, shred the paper.
- For phone or web orders, capture AVS data and the CVV code. Also get the full shipping address and phone number, and call the customer at that phone number when items are ready to ship. DO NOT SHIP until you speak to that customer at that phone number. If information is omitted or customer refuses to give you a portion of address or a contact number, refuse the sale.
- Be alert for orders and store transactions that far exceed the average transaction amount for your business.
- If you are not yet EMV compliant, you need to be. And stat!
- And this is worth repeating: TRUST YOUR GUT. ALWAYS, IN ALL WAYS.
Feel free to contact us with questions about protecting your business against fraud!