Businesses face an ongoing battle against commercial credit card fraud. Attempts to stay one step ahead of bad actors have led to innovative security measures such as tokenization, one-time-use virtual cards, and card-encrypting point-of-sale (POS) terminals. These solutions have established greater protections against consumer information compromise and helped businesses dramatically reduce fraud.
However, as credit card security solutions evolve, so do fraud tactics.
Commercial credit cards can be compromised through phishing attacks, social engineering, and nearly every step during a sale. With so many possible avenues for fraud to occur, it’s prudent to understand the additional tools and strategies businesses can use to fend off bad actors and manage potential risks.
Today’s most common commercial card fraud tactics
Credit card payment data is typically stolen through merchant compromise. For example, suppose a merchant’s terminal cannot read EMV (Europay, Mastercard®, Visa®) chip cards. This leads to a greater risk of compromise because data transmitted by swiping a card is much easier for a bad actor to access, explains David Mussio, Commercial Credit Card Product Group Manager at Huntington.
Stolen data is sold to the highest bidder to create counterfeit cards or make online purchases. Since commercial credit cards often have high limits, this can be particularly devastating for companies.
Bad actors can also steal data by exploiting human vulnerabilities through phishing attempts or business email compromise (BEC). An employee clicking a fraudulent link or opening an attachment in an email could download malware onto a company’s network, allowing an intruder to steal cardholder data.
“Smaller merchants often don’t have the bandwidth to recover financially from a data breach," says Stephanie Spencer, Treasury Management Product Manager at Huntington. “An event like this can be so damaging to a business that some merchants cannot recover.”
And even if a business can recover financially, the resulting damage to its brand’s reputation and operations can be devastating. Below are three ways to help prevent commercial card fraud.
1. Choose a merchant services provider that offers additional data protections
“Selecting a strong merchant services provider within the industry is a must,” Spencer says. “Businesses need a provider that offers value-added services to help protect, prevent, and detect fraud.”
Because protecting receivables is critical, businesses should choose a merchant services provider that offers the best possible solutions to keep this information safer.
Huntington Merchant Services, for example, works with Fiserv to help keep merchants safe from fraud with products such as contactless payments, tokenization, and fraud scoring tools.
“And that can help keep companies off the front page of the news,” she says.
Businesses accepting credit card payments are responsible for keeping cardholder data safe. One method of safeguarding cardholder information is to ensure your merchant services provider follows the guidance of the Payment Card Industry (PCI) Data Security Standard and validates their compliance. This includes a security questionnaire and a scan of the merchant’s network. Quarterly network scans can help identify system vulnerabilities. When a vulnerability is discovered, it can be resolved before a bad actor is able to exploit it.
2. Use real-time tools to detect fraud
When it comes to commercial cards, Mussio says businesses can take full advantage of fraud mitigation tools with online applications and training to manage their commercial card program.
“Employee misuse is always top of mind. Reporting tools allow businesses to monitor where transactions are taking place, who’s transacting, and when. That data really helps them make sure that employees are transacting within the constraints of their policy.”
David Mussio
Commercial Credit Card Product Group Manager, Huntington Bank
With these real-time tools, companies can set spending limits and restrictions on employees’ commercial credit cards. They can also apply specific expense policies to individual cardholders, which offers program administrators a great deal of control and visibility.
Companies can also take advantage of fraud alerts† by notifying cardholders in real time. When a transaction looks high-risk, such as a purchase that doesn’t match the cardholder’s typical spending pattern, they can inform the customer via text and email. These two-way alerts allow cardholders to verify if they made the purchase or if the transaction should be blocked and the card frozen.
3. Reduce credit card fraud risk with a virtual card
Virtual cards can provide an extra layer of protection. Typically, when you pay a vendor online, they have not only your credit card number but also your expiration date, security code, and address. Virtual cards, on the other hand, use randomly-generated, single-use card numbers that become invalid after a transaction.
While this single-use credit card number is associated with an actual credit card account, the payee doesn’t have any associated cardholder information that could be used for fraudulent purposes. Using a virtual card can help keep private data secure in the event of a breach.
Stay one step ahead of credit card fraud
Bad actors are constantly adjusting their tactics to undermine protections in place for commercial cards and merchant services, and despite all precautions, there will never be zero risk.
Paying attention to the latest fraud trends and understanding your bank’s protection services are crucial to mitigating risk. When you’re aware of the latest credit card fraud tactics, you and your employees can remain vigilant against fraud attempts and implement measures to help avoid them. Regular conversations with your Relationship Manager can help you stay on top of these trends.
Reach out to your Relationship Manager to learn more about the risks posed to your business and fraud mitigation options.
† Message and data rates may apply.
The information provided in this document is intended solely for general informational purposes and is provided with the understanding that neither Huntington, its affiliates nor any other party is engaging in rendering tax, financial, legal, technical or other professional advice or services or endorsing any third-party product or service. Any use of this information should be done only in consultation with a qualified and licensed professional who can take into account all relevant factors and desired outcomes in the context of the facts surrounding your particular circumstances. The information in this document was developed with reasonable care and attention. However, it is possible that some of the information is incomplete, incorrect, or inapplicable to particular circumstances or conditions. NEITHER HUNTINGTON NOR ITS AFFILIATES SHALL BE LIABLE FOR ANY DAMAGES, LOSSES, COSTS OR EXPENSES (DIRECT, CONSEQUENTIAL, SPECIAL, INDIRECT OR OTHERWISE) RESULTING FROM USING, RELYING ON OR ACTING UPON INFORMATION IN THIS DOCUMENT OR THIRD-PARTY RESOURCES IDENTIFIED IN THIS DOCUMENT EVEN IF HUNTINGTON AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF OR FORESEEN THE POSSIBILITY OF SUCH DAMAGES, LOSSES, COSTS OR EXPENSES.
Lending and leasing products and services, as well as certain other banking products and services, may require credit approval.