With data theft, cyber criminals and fraudsters always seem to be one step ahead. But if the recent hack of the Sonic Drive-In chain teaches us anything, it reminds us that merchants must try to keep up.
This past September, Sonic announced it had become the latest US business to be targeted by payment card data thieves. According to reports, cybercriminals used a variety of techniques to steal data belonging to 5 million cards – and worse, sold the card details on a cybercrime marketplace to be used to carry out fraudulent transactions.
Criminals and identity thieves stole an estimated $16 billion from consumers in 2016, but it also cost US businesses. Businesses lost 1.47 percent of their revenue to fraud last year. And with that amount on the rise, it’s important to take a look at what business owners can do to protect themselves. Here are a few tips:
Upgrade your payment terminals to be EMV compliant
If your business hasn’t yet adopted chip – or EMV – technology, it’s long past due to upgrade your terminals. EMV chip readers prevent “card present” fraud – that is, when someone uses a fraudulent card in person at the point of sale (POS). Because chip cards generate a new security code each time they are used, they’re nearly impossible to counterfeit.
And as of October 2015, the stakes for failing to adopt EMV technology got a lot higher – the US Fraud Liability Shift went into effect. According to the liability shift, the merchant is now liable for counterfeit transactions carried out with chip cards if terminals are not EMV compatible – or if the card is run without using a EMV reader, even if one is on hand.
So making your card-readers chip compatible won’t just protect you from fraud, but doing so will also protect you from being liable if the worst does happen. And while a full migration to chip readers might seem costly, it’s an investment that will pay for itself – Visa reported a 52 percent decrease in counterfeit fraud for merchants using EMV payments.
If paying to overhaul your POS system simply isn’t feasible however, consider third-party hardware or software that integrates with your current POS. Platforms like eThor – which sits on a POS system and sends customer data automatically to a mobile EMV device – achieve an EMV upgrade without breaking the bank.
Follow your network’s guidelines, and train your employees on how to do so
Adopting chip technology may safeguard you from the costs of fraud in the majority of scenarios, but you’re still running the risk of being held liable if you fail to follow your payment network’s specific card acceptance guidelines.
Card acceptance guidelines may require you to retain sales receipts for a given period, to use chip-and-pin technology versus chip-and-signature, to get the buyer’s signature, and/or to get authorization from the card issuer for all transactions. Check out requirements for Visa here, and those for Mastercard here.
Familiarize yourself with your network agreement – but most importantly, train your employees to follow the guidelines and use chip readers correctly. If you still aren’t using EMV terminals, teach your clerks to ask for photo I.D. and to compare receipt signatures against those on the backs of cards.
Improve your ‘card not present’ security
Online shopping is becoming the norm for goods of all types. Therefore chances are, you’re also vulnerable to ‘card not present’ fraud – i.e., fraud occurring through transactions where the buyer is not physically present.
To cover yourself on this front as well, improve your ‘card not present’ security by requiring customers to supply their CVV for ‘card not present’ transactions and by using an address verification service (AVS) that cross-checks the billing address a customer provides, with the address the card issuer has on record.
Combat the issue of fraud at its source
Beyond measures that guard against fraud and liability, you have a responsibility to safeguard your customers’ data from being hacked. Preventing cyber criminals from obtaining card data stops them from supplying that data to fraudsters online – thus keeping your customers safe.
So keep abreast of the newest technology to prevent data theft. End-to-end encryption (or point-to-point encryption), for example, is currently one of the best safeguards against data breaches. It immediately encodes data received by your POS system at the “point of swipe,” rendering any data obtained from your system by a cybercriminal unreadable. Or, another cutting-edge method involves using tokenization instead of encryption – in this case, a “token” consisting of non-valuable data is used to authorize a transaction rather than personal card data.
Cybercriminals won’t sleep. So protect your business against fraud and your system against the breaches that leave everyone vulnerable to fraudsters’ latest tricks. Upgrade to EMV readers, follow network guidelines, and stay up to date with the newest measures for preventing data theft. The more you drag your feet, the more you’ll be kicking yourself when the next security breach occurs.
Drew Sementa is CEO of Tidal Commerce, a merchant solutions and payment processing company that focuses on helping small and medium sized businesses grow