A Guide to Credit Card Fraud for Businesses

By: Brooke Tajer


The September 2017 announcement of an Equifax breach, which exposed the sensitive personal information of more than 143 million Americans, plus other breaches like the October 2017 data breach at fast food chain Sonic, has American consumers and businesses concerned about all types of fraud that can put their data at risk. Hackers and thieves can attack businesses in several types of ways, from using stolen cards to make purchases in stores and online, to stealing consumer information that is stored by a business.

Identity theft and credit card fraud is at an all-time high, according to the 2017 Identity Fraud: Securing the Connected Life study by Javelin Strategy & Research and LifeLock. Fraudsters stole $16 billion from victims in 2016. The average cost of a data breach to a business is $7 million, Business Insider reports, which makes some breaches absolutely debilitating to small businesses.

Here is what to know about credit card fraud that affects businesses, how to prevent credit card fraud, and how to deal with it when it happens.

What Types of Credit Card Fraud Are Businesses Vulnerable To?

If your business accepts any type of credit cards in any way, it is essential to be aware of the types of fraud you may be susceptible to. Generally, fraud occurs in a couple different ways:

  • In-store credit card fraud, which means the person who is purchasing an item is using a stolen credit card or has counterfeited a card and is using one that is not valid
  • Card-not-present credit card fraud, which occurs during online or phone purchases, when the merchant is not directly handling a credit card but the card information being used is stolen

Besides using stolen information to complete purchases, a hacker may steal vulnerable consumer credit card information from a business. Fraudsters can then use this information to make purchases elsewhere or create counterfeit cards.

How Can Your Business Prevent Credit Card Fraud?

Businesses that accept credit cards provide a service that today’s customers want. As we previously covered, global trends are increasingly moving toward the desire for a “cashless society,” which makes credit card acceptance a feature that keeps your business competitive. Accepting credit cards means your business needs to have proper security measures in place to protect the data of your customers and thwart off potential attacks to your company.

Here are some tactics to keep in mind, depending on how you accept credit card payments for your business.

Employ Multi-Factor Authentication

Considering fraud can occur easily with a simple stolen card number and expiration date, asking consumers for additional information when processing credit cards can help prevent fraud. This includes asking for another form of identification during in-store processing, whether the signature strip says, “ask for I.D.” or not. Signatures should be compared and verified during in-store processing, as well. During online and over-the-phone payments, asking for identifying information such as a billing address and the card verification value (CVV) can also help to prevent fraud. When online transactions occur, you can require a phone number, and before completing the transaction, call the number to talk with the customer and verify the legitimacy of the transaction.

Use Encryption to Protect Consumer Information

Credit card processing should use encryption to protect personal data while purchases are being processed. This means that potential thieves are not able to see the actual identifying information. Instead, tokenization creates random identifiers to represent the transaction, should it need to be accessed again in case of a return or another business need. Customer information is not stored, nor made vulnerable to hackers.

Use Machines That Accept EMV Chip Credit Cards

EMV chip credit cards help reduce fraud by generating a unique code during a transaction that prevents duplication. If credit card fraud occurs with EMV chip credit cards, and your business does not use point-of-sale devices that accept EMV chip credit cards, you are held liable for the fraud. Learn more about EMV chip credit card fraud liability here.

Only Give Company Credit Cards to Employees You Trust

Fraud that occurs on company credit cards can severely impact your business. When you hand out company credit cards, your business is held liable for purchases that are made. The wrong employees who have control of these cards may make fraudulent purchases or wipe out your account by making non-approved purchases.

Use Merchant Services That Are PCI Compliant

PCI compliance means your business meets the Payment Card Industry Data Security Standard (PCI DSS) that is mandated for any business that accepts credit card payments. The credit card processing company you use to process credit cards with must follow PCI compliance, which helps protect your business by using a secure network, encrypting data, using anti-virus software, regularly monitoring and testing networks, and restricting cardholder data access.

Preventing fraud can take extra time and additional monetary investments, but compared to losing customer trust and taking a financial hit when credit card fraud occurs, it is more than worth it to your business.

What to Do If Your Business Experiences Credit Card Fraud

Once your business decides to accept credit cards, you should create a credit card fraud procedure that outlines what your employees should do if they suspect fraud. These guidelines can include actions such as asking for additional identification, calling an authorization center to verify the purchase, or declining the card.

If you use North American Bancard and suspect credit card fraud, contact us immediately so we can look into the situation for you. If a breach does happen, you’ll want to:

  • Investigate the fraud and all potential systems you have that may be affected
  • Stop the breach from spreading by rerouting network traffic and migrating critical data to a new network
  • Contact consumers who have been affected as soon as possible, and be honest and transparent about what you know and steps your business is taking to contain the breach and prevent it from happening again in the future

Knowing the risks you face now and taking steps to prevent them can save your business from a significant financial hit and a public relations nightmare. For more information on credit card fraud awareness, view our resources.