Considering the slump the economy has been in the past several years, it’s no wonder thieves are getting more creative in their attempts to steal electronic payment information.
It may have been quite simple to get set up and processing with your merchant account provider, but keep in mind there are data security standards that must be adhered to in order to avoid potentially crippling fines if there were to be a data security breach at your company.
According to VeriFone, one of the largest manufacturers of processing equipment, “a single lost, stolen or compromised customer record costs your company $197.” Imagine how that cost can multiply if your security breach allows the hacker access to dozens of accounts! This threat is real and its repercussions have put many an honest entrepreneur out of business.
Also, don’t let the fact that you own a small business lull you into a false sense of security. Visa and MasterCard have stated on many occasions that over 80% of data compromises involve small merchants just like you. Most small businesses think they’re too small to target, and it’s just that kind of mentality that gets them into trouble (lack of security, old equipment, non-PCI compliance, etc).
So let’s go over some tried and true ways to help your business stay out of harm’s way and ensure your customers’ data safety.
Four Steps to Prevent Credit Card Fraud
- Use an Address Verification System (AVS)
This system is most often used in card-not-present and keyed-in transactions, like delivery or mail order. This system checks the billing address provided by your customer against the address the card’s issuing bank (the bank shown on the card itself) has on file. If the two addresses don’t match, the transaction declines due to the mismatch. AVS is available on many terminal models, so when picking out processing equipment, make sure your terminal comes with the AVS feature. There is a small fee per transaction to use AVS (usually about $.05), but it’s a small investment to keep yourself protected against fraud.
- Get the CVV Code! Card Verification Methods (Visa: CVV2, MasterCard: CVC2, American Express: CID)
Card verification codes are the three or four digit numbers imprinted directly onto the credit card that help merchants validate transactions. This numerical digit is not part of the card’s magnetic stripe nor does it appear on credit card receipts. When you take an order online or over the phone, ask for your customer’s CVV code. In doing so, you have a greater chance of taking payments from legitimate customers in physical possession of their cards versus a hacker who may have acquired the card’s magnetic stripe information nefariously.
- Don’t keep customer payment information on your premises
This tip speaks for itself. If your business physically houses customer payment information on a server/computer at your location, you give hackers a reason to attempt to breach your company’s existing security measures; it makes you a target. Also, consider eliminating the use of wireless networking on equipment used to process transactions. Although it offers convenience, it also offers hackers another point at which they can attempt to intercept data.
- Call your customer
If you've accepted a suspicious-looking payment via your website (think “big ticket item” or obscure country), take the initiative and call your customer to verify the information they've provided. Ask them to email or fax you a copy of their Driver’s License or State ID. Plus, while you’re on the phone, you can conduct voice verification. Does the person on the other end seem on-the-level? If not, don’t allow the transaction to go through.
If you’re interested in learning more about what you can do to keep your company safe from unscrupulous data theft attempts, read up on PCI DSS (Payment Card Industry Data Security Standards) or PCI Compliance. Along with the tips I reviewed above, they offer a wealth of information on how to stay compliant and use best practices when accepting electronic transactions.