As payment processing technology continues to advance, so do the benefits for small business owners. Along with becoming more user friendly, technological advancements have resulted in credit card processing platforms that are more efficient and exponentially faster than their predecessors, which are ultimately beneficial to small business.
With all of the advancements taking place on the technology side of payment processing it is easy for small businesses to be lured into a false sense of security. However, it is important to note that despite all of the benefits these newer payment platforms offer, they still have their weaknesses, weakness that can are exploited by high-tech criminals whose methods are continually evolving.
Based off of data presented by LexisNexis it is estimated that the true cost of fraudulent transactions for the small business owner is on the magnitude of 310% for every dollar fraudulently charged. That is to say that for every $100 fraudulenty charged, the cost to the small business owner amounts to $310 dollars. Despite the decrease in total fraud cost between this year and last, as reported by LexisNexis, a 3:1 loss ratio still poses a huge risk for the small business owners of today.
The inherent risks of small businesses to the threats posed by the sophisticated criminals who continue to cost retail merchants over $100 billion in fraud costs demonstrate the necessity for small business owners to be vigilant in monitoring their credit card processing terminals for signs of tampering and possible fraud. In a recent interview with ISO & Agent Weekly data security expert Jose Diaz addressed the sophistication of fraudsters in regards to breaking terminals down and determining the most effect ways to capture payment card data. As a small business owner it is important to realize that although it will be impossible to completely prevent fraud, there are several things merchants can do as a means of prevention.
Having decided that the risks of an unsecured payment processor are indeed worthy of being addressed it can be overwhelming to try and figure out where to begin. In an effort to streamline this process for you I will address 6 main points of import which you should address when securing your payment processor.
The first step in securing your payment processor is to gather up as much information about your own processor as you possibly can. If you are going to secure the information contained and processed in your payment platform it is of the utmost importance that you understand exactly what you are securing. As my grandfather used to say, you can’t cook a chicken for dinner if you have no idea what a chicken should even look like. To do this you should contact the provider for your payment system and ask who, what, when, where, and how. What data is in your system, who has access to that data, when can users access that data, where is that data located, and finally how can users access that data.
Having gathered the important information regarding your specific payment processor you should now address how you use the information you have. Customer card information should only be used for payments. If that information is utilized for additional non-payment purposes, such as authentication, you only provide fraudsters with another target/
Access, access, access!!! In securing your payment processor determining and tracking who has access to your payment system is imperative. With almost half of all payment security issues stemming from employee’s misuse it is highly recommended that you implement specific procedures for accessing the system and use employee codes to track who is accessing your system.
Along those lines it is important to make sure that you perform a rigorous background check on all new hires. You wouldn’t let just anyone watch your kids, so why would you give someone access to your payment system without having fully looked into the individual.
Keep an eye out for transactions of a suspicious nature, especially if you deal in foreign markets and have to deal with foreign transactions. The majority of fraudulent transactions that occur typically originate from places like Eastern Europe and Asia and usually occur in large bulk orders primarily of a high priced item nature. There are several paid services which can provide verification of addresses and phone numbers in these cases.
The final step in securing your payment processor is to be regularly monitoring your processor for signs of criminal misuse. Depending on your flow of goods, a weekly to biweekly checking of your payment terminal could prove to be beneficial. In the long run it can also be cost effective to hire a security export for around $100 to perform monthly checks on your system.
Processing systems are continually evolving and it is important for the small business owner to not loose sight of his or her role in protecting the information of the consumer. Not only will being secure save you in fees, 310% on every fraudulent dollar charged, it will provide the consumers with an overall more pleasant experience in regards to their relationship with your business.