By Adam Burroughs
Businesses face an ongoing fight against fraud.
Broad, innovative solutions such as EMV chip cards, one-time-use virtual credit cards, tokenization, and card encrypting point-of-sale terminals have helped dramatically reduce fraud, conferring greater protections against the compromise of consumer information. Still, businesses seek additional tools to fend off fraudsters and protect their companies.
How it happens
Commercial credit card data are typically stolen through merchant compromise. For example, if a merchant’s terminals can’t read EMV chip cards, data transmitted by swiping a card are much easier for someone to access, according to David Mussio, vice president and product group manager at Huntington.
Once stolen, data is sold to the highest bidder to create counterfeit cards or make online purchases. For companies, this can be particularly devastating, as commercial cards often have high limits.
On the receivables side, fraudsters are able to exploit human vulnerabilities. For example, an employee who clicks a link or attachment in an email that contains malware, says Stephanie Spencer, senior vice president, Merchant Services director, treasury management at Huntington. Once the malware is downloaded onto the company’s network, an intruder can steal cardholder data, an event that can be so damaging to a business that some merchants cannot recover.
“Smaller merchants often don’t have the bandwidth to recover financially from a data breach," Spencer says.
And even if they are able to recover financially, the resulting damage to their brand can be devastating, she says.
Selecting a provider
Because protecting receivables is critical, it’s important to choose a merchant services provider that offers the best possible solutions.
“Selecting a strong provider within the industry is a must,” Spencer says. “Businesses need a provider that offers value-added services to help protect, prevent, and detect fraud.”
To keep merchants safe from fraud, Huntington Merchant Services, for example, works with Fiserv to offer products such as contactless payments, tokenization, and fraud scoring tools.
“And that can help keep our clients off the front page of the news,” she says.
When a business decides to accept credit cards as a form of payment, they are responsible for keeping that cardholder data safe. One way businesses can deliver a full security assessment of their business is to follow the guidance of the Payment Card Industry Data Security Standard and validate their compliance. This includes a security questionnaire and a scan of their network. Quarterly scans of their network will help identify vulnerabilities within their systems. Once a vulnerability is found it then can be resolved.
On the payables side, Mussio also says it is critical to select a provider that has the tools to manage a business’s cardholders the way a business wants to—but it’s about more than just the product.
When choosing a card issuer, select one that will take the time to train you and help ensure you not only understand how to set limits but understand the data being generated to know who is transacting, where they are transacting, and what they are purchasing in order to identify potential fraud.
“It shouldn’t just be, ‘Here’s your online access, go do your thing,” he says. “It’s vital to get detailed training so you can closely monitor how employees are using your company’s cards.”
When it comes to commercial cards, Mussio says businesses can take full advantage of fraud mitigation tools with online applications and training to manage their commercial card program. These tools can be used to restrict where employee cardholders can shop, as well as how much can be spent and when cards can be used. Companies can apply specific expense policies to individual cardholders, giving program administrators a great deal of control and visibility.
“Employee misuse is always top of mind, so reporting tools allow them to monitor where transactions are taking place, who’s transacting, and when,” Mussio says. “That really helps them make sure that employees are transacting within the constraints of their policy.”
Virtual cards can provide an additional layer of protection. In a typical card transaction paying a vendor online, the vendor not only has your credit card number, but your expiration date, security code and address, as well. With a virtual credit card, a card number is randomly generated, and while it is associated with your actual credit card, the payee doesn’t have any associated information that could allow the card to be used for fraudulent purposes.
Companies can also take advantage of fraud alerts by notifying cardholders in real time through text and email when a transaction looks high risk, such as a transaction that doesn’t match the cardholder’s typical spend pattern. These two-way alerts allow employees to respond, verifying that they did or did not make the purchase. Cardholders can then decide if the transaction should be processed, or if it should be blocked and the card frozen.
Fraudsters are constantly adjusting their tactics to undermine protections in place for commercial cards and merchant services, and despite all precautions, there will never be zero risk. But Huntington continues to innovate to help stay one step ahead.
“Fraud isn’t going anywhere,” Spencer says. “Fortunately, we have a great support team, as well as value-added solutions to help customers combat fraud, whether it comes through their door or internet.”
For more information on how you can help protect your business, visit huntington.com/Commercial or reach out to your Relationship Manager.