Businesses face an ongoing fight against credit card fraud.
Innovative credit card security measures such as EMV (Europay, Mastercard, Visa) chip cards, one-time-use virtual credit cards, tokenization, and card encrypting point-of-sale (POS) terminals have conferred greater protections against the compromise of consumer information. Implementing these solutions has helped businesses reduce the risk of credit card fraud. However, mitigating fraud continues to be an ongoing battle.
How credit card fraud happens
Credit card data is often stolen through merchant compromise. For example, if a merchant’s terminal cannot read EMV chip cards, data transmitted by swiping a card is much easier for a bad actor to access, according to David Mussio, Commercial Credit Card Product Group Manager at Huntington.
Stolen data is sold to the highest bidder to create counterfeit cards or make online purchases. Since commercial cards often have high limits, this can be particularly devastating for companies.
Bad actors can also steal data from a merchant by exploiting human vulnerabilities through phishing attempts or business email compromise (BEC). An employee clicking a fraudulent link or opening an attachment in an email could download malware onto a company’s network, allowing an intruder to steal cardholder data.
“Smaller merchants often don’t have the bandwidth to recover financially from a data breach," says Stephanie Spencer, Treasury Management Product Manager at Huntington. “An event like this can be so damaging to a business that some merchants cannot recover.”
And even if a business is able to recover financially, the resulting damage to their brand’s reputation and operations can be devastating.
Select the right provider
Because protecting receivables is critical to a business, it’s important to choose a merchant services provider that offers the best possible solutions to help keep this information safe. “Selecting a strong provider within the industry is a must,” Spencer says. “Businesses need a provider that offers value-added services to help protect, prevent, and detect fraud.”
Huntington Merchant Services, for example, works with Fiserv to help keep merchants safe from fraud with products such as contactless payments, tokenization, and fraud scoring tools.
“And that can help keep our clients off the front page of the news,” she says.
When a business decides to accept credit card payments, they are responsible for keeping cardholder data safe. One method to better safeguard cardholder information is to follow the guidance of the Payment Card Industry (PCI) Data Security Standard and validate the merchant’s compliance. This includes a security questionnaire and a scan of the merchant’s network. Quarterly network scans can help identify system vulnerabilities. Once a vulnerability is found, it can then be resolved before a bad actor is able to exploit it.
On the payables side, Mussio also says it is critical to select a provider that has the tools to manage a business’s cardholders the way a business wants to—but it’s about more than just the product.
When choosing a card issuer, consider selecting one that will take the time to train you and help ensure you not only understand how to set limits but understand the data being generated to know who is transacting, where they are transacting, and what they are purchasing in order to help identify potential fraud.
“It shouldn’t just be, ‘Here’s your online access, go do your thing,” he says. “It’s vital to get detailed training so you can closely monitor how employees are using your company’s cards.”
Real-time tools
When it comes to commercial cards, Mussio says businesses can take full advantage of fraud mitigation tools with online applications and training to manage their commercial card program. These tools can be used to restrict where employee cardholders shop, how much can be spent, and when cards can be used. Companies can apply specific expense policies to individual cardholders, which will give program administrators a great deal of control and visibility.
“Employee misuse is always top of mind. Reporting tools allow businesses to monitor where transactions are taking place, who’s transacting, and when,” Mussio says. “That really helps them make sure that employees are transacting within the constraints of their policy.”
Virtual cards can provide an additional layer of protection. Typically, when you pay a vendor online, they not only have your credit card number, but also your expiration date, security code, and address. With a virtual credit card, a card number is randomly generated, and while it is associated with your actual credit card, the payee doesn’t have any associated cardholder information that could be used for fraudulent purposes.
Companies can also take advantage of fraud alerts by notifying cardholders in real time through text and email when a transaction looks high-risk, such as a transaction that doesn’t match the cardholder’s typical spend pattern.
Stay one step ahead of credit card fraud
Bad actors are constantly adjusting their tactics to undermine protections in place for commercial cards and merchant services, and despite all precautions, there will never be zero risk.
Paying attention to the latest fraud trends and understanding your bank’s protection services are crucial to mitigating risk. When you’re aware of the latest credit card fraud tactics, you and your employees can remain vigilant against fraud attempts and implement measures to help avoid them. Regular conversations with your Relationship Manager can help you stay on top of these trends.