The battle against credit card fraud is never-ending, and as technology gets smarter, so do the criminals. However, many cases of fraud are down to simple carelessness or sloppy security.
There are two ways in which fraud affects retailers:
1) Transactions made with stolen or fake card details. As a merchant, you will lose your money for any transactions proved to be fraudulent, and you may end up being penalised further with higher transaction fees.
2) Customer data being stolen from your system. If you are proven to be negligent you could face considerable fines, as well as loss of reputation.
Remember: in the end, fraud affects everyone by reducing customer confidence, so it is up to all merchants to take responsibility for helping to keep the payment system safe.
Although Chip and Pin has helped to reduce credit card fraud in transactions where the card is present, there are still steps merchants need to take to protect themselves and their customers. Criminals will often attempt to steal card information by installing dodgy software on terminals, adding devices to read card data or even substituting your equipment with compromised terminals, so keeping your hardware secure and monitored is vitally important:
- Check your terminals, cabling and the area around them regularly for any suspicious devices such as hidden cameras, bugging devices or even a substituted terminal.
- Install pinpad shields on your terminals.
- Secure your pinpads with a lockable stand to prevent tampering or substitution.
- If your terminal uses a wireless network, make sure it is fully protected and install good firewall security on your main router.
- Only buy your terminal from an authorised retailer.
- Do not allow any unauthorised access to either the terminal or your point-of-sale system and verify the identity of any external engineers working on your syste. Be very wary of any engineer turning up without an appointment.
- Know your employees. Chip and pin fraud is often carried out by insiders with access to systems.
- Do not share POS logins between employees.
- Make sure that all staff are properly trained, and given regular refresher training, in how to operate the terminal, and that they know how to deal with exceptions such as transactions where the terminal requests further authorisation.
- If a card has to be read from the magnetic stripe instead of the chip, check that the customer’s signature matches the one on the card, and keep your signed copy of the receipt. Make sure that the card number matches the one printed on the receipt, and check the expiry date.
- Familiarise yourself and your staff with all the standard card security features, such as holograms and printed numbers.
Keep an eye on customer behaviour; be wary if a customer is buying high value goods without paying much attention to its details, or if a customer is simply buying large quantities. You know your business and your customers better than anyone, and you’re in the best position to judge whether buying behaviour is out of the ordinary.
If you are worried, call your payment provider and ask for extra authorisation.
Remember to follow your merchant provider's own fraud prevention procedures. We also recommend that you read the detailed guidelines published by the UK Card Association in the “merchants” section of their website.