by Adam Carlson, CEO of Soar Payments
If you’re starting a business you’ll likely want to accept credit cards, and to do so you’ll need a merchant account. Credit cards are, of course, a convenient and popular way for your customers to pay, but unfortunately they’re also a key vulnerability point through which fraudsters and hackers can target your small business.
In this article we’ll cover 3 steps your small business can take to minimize the risk of fraudsters accessing your merchant account:
1. Require CVV and AVS Match.
Unfortunately, there is a thriving black market for stolen credit card data, and the buyers often try to use the stolen credit cards at small businesses to purchase goods or services. The reason they target small businesses is that they often have less robust real-time fraud detection tools than larger businesses, so the fraudster is more likely to get away with the purchase before the fraud is noticed.
Thankfully, most stolen credit cards that are purchased on the black market do not have the customer’s address or the three digit code on the back of the card (CVV) included. Therefore, by enabling address verification system checks (AVS) and requiring that the CVV code match before a phone order or eCommerce transaction is processed, you can drastically limit this type of fraud. The downside, is that some legitimate customers will improperly enter their address or CVV code and thus have their legitimate transaction declined, however, in most cases the benefits outweigh the costs.
2. Switch to EMV Chip Technology.
If you plan to accept credit card payments in person (called “retail”) then you should make sure that you make the switch from the old magnetic stripe readers to the new EMV or chip card technology readers. Chip cards are dramatically more difficult to recreate for fraudsters than the old plastic cards with the magnetic stripe, so the rate of retail fraud transactions falls significantly with EMV enabled merchants.
Another significant benefit to making the switch to EMV, is that if you continue to use the magnetic strip card technology and you do face fraud, you as the merchant will be liable for the fraud, whereas if you use chip card technology and a fraudster somehow slips a fraudulent card past you, the card brand (Visa, MasterCard, AmEx, Discover, etc.) will be responsible for the fraud.
3. Enable Tokenization.
Another point of vulnerability in a small business’ credit card processing is the transmission over internet or phone lines of the customer’s card data. That is, fraudsters can hack into your internet or Wi-Fi and grab your customer’s transaction data as it’s processed.
Tokenization helps minimize the risk of having your customer’s sensitive information by encoding your customer’s credit card information into a unique one-time use code that is only decoded once it reaches the credit card processor. Thus, even if your small business’ wifi is compromised, the card data that the hacker could grab is encoded and thus cannot compromise your customer’s data.
As a small business owner you need to accept credit and debit cards in order to enable your business to reach the broadest range of customers. Unfortunately, doing so exposes you to some additional fraud risk. Thankfully, by taking some of the steps outlined in this article, requiring AVS and CVV matching, using tokenization, and switching to EMV technology, you can go a long way to reducing your customers and indirectly your business’ risk of credit card fraud.
Adam Carlson is the CEO of Soar Payments, which provides high risk credit card processing services to small businesses such as eCommerce and phone sales businesses. You can learn more about Soar Payments via the company’s Facebook page.