Credit card fraud has become a big problem for businesses of all sizes and new research has found it is only getting bigger. In fact, credit card fraud has become a $6 billion problem for businesses, increasing by 87 percent since 2010.
As incidents of data breaches and credit card fraud continue to grow, businesses must be more aware in protecting themselves. To help businesses guard against such issues, Rob Bertke, senior vice president of research and development at Sage North America, offers the following tips to businesses of all sizes to help them stay protected.
- Immediately deal with any breach—It’s critical to understand that even if all cautious, conservative steps are taken, and the best payment-processing security is installed, a breach can still occur. If it does, you must have detailed credit card sales records to refer back to as a means of retracing your steps. This will help in determining when and where the breach took place and therefore mitigate the potential for additional losses. Furthermore, a proper assessment of the initial attack may ultimately provide a trail back to the source of the data breach.
- Maintain PCI Compliance— Not only is it against card brand regulations if you’re not Payment Card Industry (PCI)-compliant when accepting credit or debit cards, but it’s also an absolute must in today’s economic climate. Make certain your payment processing software security is current and is PA-DSS (Payment Application Data Security Standard)-certified, and that your business receives their PCI-DSS (Payment Card Industry Data Security Standard) certification. PCI certification provides a level of confidence and assurance that a processor has followed and passed a robust set of best practices for securing the information being processed when credit card payments are made.
- Use end-to-end encryption for all sensitive data— End-to-end encryption (E2EE) essentially boils down to scrambling the data sent from one device to another. It starts with your payment capture devices, and goes all the way to the transaction being authorized. E2EE technology prevents the card account data from being stolen electronically and lessens the cost and impact for your business to become PCI-certified. A company’s mobile payment devices, credit card terminals, software applications and online payment portals need built-in encryption functionality when transmitting customer information.
- Prevent tampering—Make certain all employees tasked with the responsibility of accepting credit and debit cards from customers have a working understanding of the looks and functionality of the payment processing equipment they’re using. Scammers often try to tamper with a business’s payment processing equipment in an effort to steal credit card information. Altered equipment usually consists of a small piece of hardware physically attached to the terminal itself. An attentive employee who knows what to look for should be able to easily identify an extra attachment to the device or oddly functioning software.
- Refrain from storing credit card numbers— To avoid one of the biggest PCI compliance risks, you should do everything in your power to not store credit card numbers. Look for a payments provider whose platform is designed so credit card information is never stored at your business site or on your business software. Your provider should be able to process the transaction and then store your customers’ card information in a secure vault in the cloud. They should provide you with an encrypted ID, so when you want to do another transaction for that same customer, your software can pass the payments provider the encrypted ID so your company never comes in contact with the stored credit card data.