Transaction fraud costs US merchants and banks an estimated $8.5 billion per year. For small businesses, fraud losses are especially painful.
Small merchants have unique vulnerabilities when it comes to retail and online card fraud. Since these business owners tend to wear many hats, they usually don’t have the time or expertise to pay much attention to fraud prevention. As a payment service provider, it’s up to you to educate your merchants regarding the threats they face. After all, they don’t know what they don’t know.
Retail Fraud Snapshot
First, the good news. As a result of the EMV shift, things are looking up at the cash register. Merchants using chip card terminals have seen a reduction of 39% in card fraud.
EMV-compliant terminals are the small merchant’s best defense, but participation still lags. As of July 2017, only half of US merchants were equipped for chip card transactions. It’s essential to encourage your merchants to upgrade their terminals to take advantage of chip security. A gentle reminder of the liability shift could be an effective motivator, as in 2016, US merchants found themselves on the hook for $5.8 billion in chargebacks.
Avoid EMV Scams
While EMV has seriously cut back on the incidence of card-present fraud, thieves have gotten a little more creative. Now, some fraudsters have produced cards with a fraudulent mag stripe and a sham chip. These chip cards look legitimate, but of course terminals can’t read them. After the chip “malfunctions” a few times, transactions are processed as mag stripe. While this is a clever scam, it’s actually pretty easy to stop. Merchants can simply train their cashiers to require additional identity verification, such as a driver license, before allowing a mag stripe transaction.
Cut Register Fraud
In fact, requiring additional credentials is an effective to way to prevent all sorts of retail fraud, from card fraud to refund fraud to discount abuse. Retailers may be hesitant to add in-person verification for fear of causing offense, but the returns can be well worth it.
Online Fraud Outlook
As EMV has reduced retail fraud, thieves have turned their attention to CNP channels. It’s estimated that online fraud will cost retailers $71 billion globally over the next five years. Without robust resources to navigate data security and online fraud, small merchants are an atttractive target for fraudsters.
Build a Strong Foundation
PSPs can help their merchants develop a secure ecommerce presence by making sure they start from a strong foundation. Choosing a PCI compliant e-commerce platform is a crucial first step. Beyond that, merchants need to take the proper steps to secure their TLS 1.2 certificates. It’s always a good idea to encourage merchants to participate in a trust seal program, such as Norton or Thawte. Other trust seals such as Verified by PayPal and TrustE can help by verifying that merchant sites are set up correctly.
To reduce online fraud, multi factor authorization is the small merchant’s best friend. It’s fairly easy to incorporate additional fields into a merchant’s order page. Requiring a CVN is one obvious step, but it’s just the starting point. Today’s MFA can use a variety of unique indicators such as biometrics, one-time cellphone codes and security tokens. MFA is a very effective way to prevent fraud. After all, a hacker may sell your card number, but they can’t match your fingerprint. What’s more, with a mobile-first audience, MFA is usually frictionless, so merchants shouldn’t suffer any hit to conversions.
Do Due Diligence
While large merchants have the ability to incorporate machine learning into their e-commerce sites, nothing replaces eyes on the street. Small merchants will benefit from a hands-on approach to online order checking. Encourage your merchants to verify order data and flag questionable transactions. For instance, merchants can make sure the IP address of the originating device matches the cardholder’s city and state. Merchants can also require data fields such as a telephone number, and verify that it matches the right area code. These low-tech steps are quite effective in stopping fraud.
To prevent fraud in all its insidious forms, securing transactions is only one half of the battle. Malware infections are a serious risk: stealing sensitive customer data, even extending to outright bank account theft. Social engineering scams are rampant. Remind your merchants that it’s crucial to keep all their software programs up to date and all their computers secured behind rigorous firewalls. This is especially important for merchants who may use the same tablet for both personal and professional needs. Many payment service providers can recommend an ASV service (PCI-approved scanning vendor) which essentially runs as an anti-virus program to check for data vulnerabilities.
It’s the truth: an ounce of prevention is worth a pound of cure, and nowhere is this more evident than fraud prevention. Fraud results in lost revenue, angry customers and damaged reputations. Fortunately, small business owners have a number of effective tools to fight back. As a payment service provider, it’s your responsibility to make sure your merchants know how to protect themselves.