The bad news is that payment fraud is growing, and it seems that criminals are coming up with ever more ingenious ways to perpetrate it. Small businesses may think they are too small to attract attention of criminals, but unfortunately, that’s not the case. A recent report from the Association for Financial Professionals (AFP) showed that 72% of all participants reported that their companies had been the victims of attempted or actual payment fraud.
The good news is, that Small Businesses can take steps to defend themselves, and that doing so is now easier and less costly than ever before. When combating fraud, a business has two concerns: prevent its systems from being used as part of a fraud scheme, and protecting its customers’ information from falling into the wrong hands. This may seem like a daunting task, but there is help for the small business. Many electronic payment processing systems automate key fraud prevention techniques and tactics to help the small business guard against its systems being used as part of a fraudulent scheme. For example, most systems offer AVS validation of credit cards (which checks that the billing address matches the address on file for the card), and CVV2 validation for credit cards (which helps ensure that the person authorizing the transaction has the card in hand). Another helpful feature is check verification, which enables a merchant to check whether funds exist to cover an echeck or ACH payment, and to determine if the account owner is on a list of known bad check writers. More robust systems enable the merchant to block transactions based on IP, country or email address, and provide functions such as multiple credit card blocking which prevents a criminal from using one of the businesses web payment forms to test large volumes of stolen credit card numbers in order to find one that still works.
The most important thing a small business can do to protect its customers’ data is to use only payment processing systems from PCI compliant companies. The PCI standard was developed by Visa/MasterCard to protect its cardholders, and certified compliance with its very stringent standards is a strong indication that a payment processing company will fully protect a business and its customers. Such a system ensures that all bank account and credit card numbers are stored encrypted and cannot be decrypted by anyone, and that they are routinely purged when not in use. There are many ways that customer information can be compromised, both from thieves inside or outside an organization. But, if all customer data is directly entered into a PCI Compliant system, such as PaySimple Solution 2.0, a business can be assured it has done all it can to protect its customers. Common sense comes into play too – educating customers to beware of phishing schemes attempting to steal their account numbers and passwords, educating employees to avoid viruses that capture keystrokes, and educating everyone about not leaving statements and account numbers in open view, can only help. But beyond that, using a PCI compliant payment processing solution that includes automated build-in fraud detection and robust data security features at no additional cost, can provide a small business with the protection it needs at a very reasonable cost.