As a small business owner, you know that accepting credit card payments is pretty much a necessity. It's probably a routine daily activity you don't think much about. However, overlooking some simple security risks could be a costly mistake leading to stolen customer information, lost revenue, fines, and even having your credit card acceptance privileges revoked.
In fact, when it comes to processing credit card transactions, small businesses must follow The Payment Card Industry (PCI) Security Standards. These rules make sure that all companies that process, store or transmit credit card information maintain a secure environment to protect customer credit information.
Whether you own a restaurant, store or another brick-and-mortar business, here are five things to keep in mind if your business accepts face-to-face credit card transactions.
[Related: See our reviews of the best credit card processing services.]
As a busy small business owner, you may not even realize that you and your staff don't know how to properly handle a credit card transaction. This leaves your business vulnerable to fraudulent transactions and the possibility of legal action.
“Make sure you and your employees know the rules of how to handle credit card data, said Vikas Bhatia, founder and CEO of cybersecurity firm Kalki Consulting.
"Protecting your customers' personal data is not only good business, it's the law," he said.
Not noticing fake credit cards
When you have a long line of customers it's easy to overlook things about the credit card that indicate it's a fake.
"Look closely at the card itself," said Joseph Palko, chief marketing officer of 3dcart Shopping Cart Software. "Much of the fraud happening today is being done with cards that are being made by the person committing the fraud."
Palko said criminals use a stolen a credit card number or purchase one on the black market to create their own card with their own magnetic strip.
"Criminals will often times scratch or damage the magnetic strip to force a cashier into entering in the credit card manually if they were unable to encode the credit card information on the magnetic strip," Levin said. If this occurs, he says to ask for proper identification before completing the transaction.
How do you identify a fake credit card? By getting to know the appearance of real ones, according to Palko.
"Be familiar with what the different types of cards look like," Palko said. "If it looks as if you have a fraudulent card in your possession, call the bank phone number that is listed on the back of the card."
Levin said another clue to a fake card may be in the appearance of the numbers.
"Oftentimes credit card criminals use poor equipment to create fraudulent credit cards resulting in cards that visually appear irregular," Levin said. He noted that if the numbers don’t line up and are crooked, it's likely this is a fake credit card.
Matching signatures, names on cards, and ID
Another often overlooked security issue when accepting credit cards is a missing signature.
"For purchases with a card present, always check for the signature on the back of the card," Palko said. If there's no signature, request identification, he said.
Phillip Parker, founder of CardPaymentOptions.com, said it's a good idea to ask for identification when taking face-to-face credit card payments.
"Don't accept a card payment from someone who can't produce a photo ID, or if the name doesn't match the card," he said.
Storing customer credit card data to charge later
Do you store credit card data for later charging? If so, you could be violating the Terms of Service of your merchant account, Parker said.
"Credit card data is only allowed to be stored in very specific and secure ways," he said.
"Allowing this data to be compromised can put you in great financial risk of both fraud liability and stiff fines."
Kalki says one important tip for staff is "don't write down credit card numbers."
According to Will Black, the CEO of Meridian Merchant Services, today's software helps secure customer data. When businesses use software for customers to enter their own credit card data (via a tablet or a portable credit card machine a staff member hands to a customer), something called a data lockout occurs.
"Once entered, the employee cannot pull the credit card number fully back up," Black explained. This prevents employees from accessing customer credit card information. "They may be able to see the last four digits to verify it, but the data should be locked out."
Cash refunding vs. refunding the card
Do you accept returns of items first paid for on a credit card? If credit card returns aren’t processed properly, your business could lose money.
"Many businesses allow a customer to make purchases on a card, and then return the item for cash as opposed to refunding it back to the card," Black said. The original purchase may be completed using a stolen credit card, with the fraudsters then returning the items to get the cash.