Banking regulations do not necessarily provide the same protections for businesses as they do for consumers. To protect your business, begin with this checklist and read more as to why:
- Use a card reader that accepts EMV “chip” cards
- Don’t used wi-fi to transmit transaction data
- Never put outside thumb drives, data cards or discs into a computer on your network
- Have transaction alerts set up on your business accounts
- Restrict access to your company’s credit and debit cards
Loss prevention is a big concern for any business. And in today’s world — one where customers demand more diverse payment options and rarely carry cash — businesses must often balance payment options with fraud risk, including everything from simple credit card fraud to breaches in payment systems and data theft. Rapidly advancing point of purchase and payment technologies are also putting pressure on businesses to adapt quickly. New data breaches are reported frequently, and scam artists continue to get more sophisticated.
In many cases, it is entirely up to the business owners to protect themselves. All of this can be a little overwhelming, especially for a small business.
Fortunately, there is a lot you can do in terms of protection.
Invest in a Card Reader
Nearly all businesses now accept credit and debit cards, even very small mom and pop businesses can accept card payments using “over the counter” point-of-sale readers, such as Square, Shopify or Lightspeed.
If you use one of these types of systems to accept card payments, make sure to spend a little extra in order to get a reader that accepts EMV “chip” cards and contactless payment. Many card issuers have tighter rules placed on these types of card readers that help block fraudulent transactions up front. Using a chip reader on contactless payment provides much greater protection than using the old magnetic stripe swipe. Data from the chip or contactless payment cannot be skimmed like a swiped card. This creates less liability on the merchant side in the event of a system compromise.
Protect Your Network
Most big data breaches come from unauthorized access into a merchant’s network. Always make sure you are using a secure method to transmit your payment data to the card issuer.
It is generally ill-advised to use wi-fi to transmit transaction data, as wi-fi can typically be hacked by even novice fraudsters. Many merchants also make the mistake of using default passwords on their networks, which makes them easily accessible to data thieves.
Be Wary of Odd Communications
Using standard information security best practices can go a long way in protecting your business. Always be suspicious of outside emails or text messages and encourage your co-workers to be careful with unsolicited outside communications.
Links in texts and emails can create vulnerabilities that provide access to your network data or, at worst, allow your business to be held for ransom.
Check Your Physical System Space
Never put outside thumb drives, data cards or discs into a computer on your network unless you are certain it is safe. Data thieves often leave these drives intentionally in parking lots or on shelves, hoping some well-meaning or curious employee will pick them up and plug them in. Never walk away from a computer without locking it first, and never allow the sharing of network passwords.
If your business uses fixed location or remote card readers — like those you see at gas pumps and self-checkout lanes — you should inspect them frequently for skimmers, or a variety of small devices that data thieves place on the card reader mechanism allowing them to copy card data each time a card is swiped. Remember, skimmers do not work on chip or contactless transactions, but, as we said before, the magnetic stripe swipe is very weak.
Police Transactions
At minimum, you should have transaction alerts set up on your business accounts so that every transaction is instantly visible. Many financial institutions allow for at least some level of account activity notifications, so contact your credit union or bank to see what is offered. Be sure to bank with a financial institution that issues EMV chip cards, and make sure to use the chip or contactless options for extra security when you pay.
Limit Company Card Access
You should restrict who has access to your company’s credit and debit cards, and only issue cards to employees who you know you can trust. The best practice is to issue each authorized user an individual card with a unique number rather than sharing one card among multiple employees. This allows you to isolate suspicious activity and — in the event of fraud — shut off the compromised card without affecting your whole team.
If you do allow an employee or co-worker to use your card to make an online payment, make sure to remove the card from the merchant’s payment portal immediately so that the card information is not stored for future use.
Additionally, never write down your card information or allow it to be sent by text or email.
For businesses of all sizes, it is almost impossible to prevent all fraud. However, taking a few simple steps to improve your payment, data and card security is the best defense against thieves and scammers who could potentially cripple your business or disrupt your operations for you and the customers you serve.
Travis Vanlandingham is vice president of payment services for America’s First Federal Credit Union. He is a 25-year financial services industry veteran focused on finding solutions to help members better manage their time and money with AmFirst’s products and services.
