The rules have changed, and the onus for credit card fraud is on you.
Ok, maybe not completely, but with the advent of the EMV chips in credit and debit cards in the United States, the liability for fraud has now shifted. Now, whoever between the merchant (you) and the financial institution is less-EMV compliant is liable for the fraud. Which means if you’ve been lacking in your POS technology, you might be opening yourself up to some pretty serious losses.
But lucky for you, technology is always advancing, and new ways to protect yourself and your business against fraud are continuously coming onto the market. So what are the latest and greatest? And how do you keep track of what’s out there? We talked to an IT expert and got some tips.
“At the end of the day, there are really only three things ways you can protect against fraud,” says Matt Gallo of United Data Technologies, a company that specializes in IT management for small business. “Check ID’s to verify the transaction, move to chip/pin machines, or use machines compatible with Apple/Samsung Pay. Keep your focus on best business practices and definitely on limiting your liability on the backend.”
Gallo makes a great point: Before getting into the fun new toys you can use to protect yourself against fraud, you need to master the simple stuff. Because even the most advanced credit card in the world can still be swiped, dipped, or scanned by a thief.
It seems like a no-brainer, but think about it: When was the last time YOU were asked to show ID when paying with a credit card? This simple step – and requiring it of all employees – is as reasonable as asking for ID when a customer orders alcohol, yet for some reason it’s all too uncommon. The extra five seconds it takes for a customer to produce ID isn’t going to ruin anyone’s day. And the few customers you might lose because they “forgot” to bring ID (please) will be minimal compared to your potential losses from fraud.
Further, upgrading your POS systems to accept EMV chips, is the next logical step to protecting yourself. By 2018, according to The Strawhecker Group all U.S. cardholders will have EMV chips, so the sooner you’re compliant, the better. And typically the new readers won’t cost you more than $100-$150, with smart phone squares running as little as $49. For more on how to become completely EMV compliant take a look here.
Samsung and Apple Pay are the brand names used by the smart phone manufacturers for their digital wallet services that allow customers to pay with their phones.
Common sense might tell you paying with a phone that can be easily hacked or tapped into seems a pretty risky endeavor. But believe it or not, Near Field Communications (NFC) technology is as secure as the EMV chips. Customers add their debit and credit card accounts to a digital wallet on their smartphones, then hold the phone up to the “reader” when making a purchase. Apple Pay not only leverages the iPhone’s fingerprint technology (Touch ID) but it also features multiple layers of data encryption. Despite these transactions being relatively secure, it is still worth asking for ID with the payment.
Much like anything involving technology in the past 15 years, what’s new today will be obsolete next year. So even if you upgrade all of your POS systems to be EMV compliant and hyper-secure, hackers will find ways to break it. And credit card companies will find ways to stop them. It’s an endless cycle, and one you may not have time to keep up with.
“The challenge most small businesses have is they may only have a single IT person whose role is really to just keep the lights on,” says Gallo. “While that’s definitely important, a connected managed IT service company can bring in the right people to solve these problems.”
Does that mean outsourcing your IT needs to a third party is the solution for you? Not necessarily, but it’s an option many small businesses don’t know exists, and it can help keep you up to date while you focus on other aspects of your business.
Gallo also suggests working with vendors to ensure they’re keeping you up to date on the latest technology. It’s a big reason why using a local payment processing company will be a huge advantage for you, even if it might cost a little more. You might think the relationship you have with your POS vendor isn’t nearly as important is your vendor for, say, meat or beer. But when it comes to fraud protection they can be your biggest asset.
But beyond the risk of transaction fraud, exposing your customers’ credit card data can also be a big concern.
“The biggest area where companies can get in trouble, more than fraud, is exposed credit card data,” says Gallo. “Every client we work with that handles credit card transaction becomes at risk of accidentally storing this information and often, they don’t even know that they are at significant risk.”
Even giant companies like Target have fallen victim to this, and it’s another item to bring up with your POS vendors.
While you will never be able to protect yourself completely against credit card fraud, technology is always making it easier. Whether you do it yourself or outsource, it’s vitally important you stay on top of the latest advances to minimize your risk. Remember, the crooks and the credit card companies are always trying to stay one step ahead of each other. And if you don’t keep up with them, you’re putting yourself at serious risk.