Partner with a payments provider to protect cardholder data

Small businesses are increasingly offering multi-channel experiences for their customers – online ordering at restaurants, Buy Online Pickup in Store (BOPIS)*, digital invoicing for services and more. While this can boost customer satisfaction and spurs business growth, it also exposes small businesses to new fraud risks by bad actors. From emerging digital fraud threats to gaps in your operational processes, there are many opportunities to boost data security and protect your customers from risks. Here’s what you need to know.

Keep track of emerging fraud threats

The Visa Biannual Threats Report* shows that fraudsters are employing new, sophisticated tactics to steal cardholder data from vulnerable merchants.

• Enumeration attacks*: Submitting fraudulent card not present transactions into the payments ecosystem to get valid payment information.
• Prepaid fraud*: Using prepaid cards to make fraudulent transactions or launder money through seemingly legitimate purchases.
• Purchase-Return Fraud*: Purchasing items from a retailer or ecommerce store with the intention of using it temporarily or fraudulently manipulating the return process (e.g. altering receipts, returning a fake item, etc.)
• Digital skimming*: Masking URLs in phishing attempts or planting malware on legitimate websites to steal cardholder data.

It is important to work with your payment processing provider to stay updated on evolving fraud threats and understand areas of data security improvement for your business to protect you and your customers.

Upgrade your payment solution to boost data security

In the fight against cybercriminals, your payment solution should be the foundation of your data protection strategy. Whether you operate across many storefronts or have a robust online presence, your business needs seamless payment acceptance across all touchpoints with customers – particularly, with the right balance of convenience and security. Robust point-of-sale solutions and ecommerce platforms include layers of data security technologies to make it difficult for bad actors to compromise your systems; data encryption, card tokenization, multi-factor authentication, and PCI DSS compliance  validation are several of many tools your payments processing provider can help you use to protect your business.

Develop consistent business processes to protect your operations and train staff to confidently implement

With the right tools in place, you can then develop operational practices that build a resilient culture of data security in your small business.

Before a customer makes a purchase:

• Keep your payment device secure. Don’t leave checkout stations or handheld terminals unattended. Lock up devices or log out of POS terminals when not in use.
• Enable the built-in security prompts on your payment device. Be prepared to the use the Address Verification Service (AVS) and Card Verification Value (CVV2) on card-not-present transactions.
• Only use your device for transactions related to your business. Do not run transactions for another person's business for any reason.

During the purchase process:

• Make sure you have transaction authorization. Before you ship orders to your customers, check that you have received a valid authorization code from your customer’s card issuer.
• Authorize and provide refunds to the same credit card as the original sale. This will create a clear paper trail in case there are any disputes.
• Run the transaction for the exact amount of the sale. Do not split transactions across many payment methods or make manual changes to the transaction.
• Ensure staff are asking critical questions during the sale:
• Beware of customers who place bulk orders, especially those being shipped to apartments or self-storage units.
• Monitor customers who provide many card numbers for the same purchase, especially if the last few numbers of the card numbers differ only slightly.
• Check why customers need overnight or rush delivery without regard to cost increases.
• Push back on customers who request immediate order processing and want their shipment tracking information unusually soon.
• Be cautious about requests to send orders to addresses other than the card billing address.

After transactions are complete:

• Check your batch before you settle. If you see a transaction or refund that seems out of place for your business, analyze your sales receipts to verify if it's legitimate.
• Review transaction data for unusual patterns, like customers ordering large quantities of certain products, frequent refunds or chargeback attempts, and other indicators of potential fraud targeting your business.

Partner with your payments processor to help identify and stop fraud attempts

The fraud landscape can feel difficult to navigate – but you don’t have to go it alone. Your payments provider is a critical partner for identifying, preventing, and remediating fraud attempts that target your business. Your payments partner can help with numerous security services, including:

Code 10 Authorization:

Code 10 Authorization* is a preventive tool used to verify more information on a suspicious transaction and applies to both card present and card-not-present transactions. It is available as an added layer of prevention that you can use when suspicious behavior or unusual requests are evident with a payment transaction. You can start a Code 10 at any time, but preferably before you ship or deliver a product.

For example, we recommend using this tool when customers place orders via relay calls. A relay call is an operator-assisted telephone call, usually used by someone who is hearing impaired. While this is a valid service, criminals also use the service to place fraudulent orders.

Loss prevention:

Data security and fraud prevention involves complex layers of behind-the-scenes technology solutions, processes, and personnel at your payments provider that are dedicated to protecting you and your customers. At Elavon, we use the Global Risk Tool to identify risky transactions; we also dedicate more than 80 staff to investigate suspicious activity and protect the integrity of authorized purchases. This combination of cutting-edge fraud-detection models and highly skilled support personnel help mitigate potential losses for our clients each year.

Chargeback management:

No matter your efforts, there is still a chance that customers will file chargebacks with their card issuers. Whether a customer has a legitimate concern – like unfulfilled orders – or is attempting misuse of the chargeback processes, your payments provider can help you navigate these challenging situations. From streamlined case management software to dedicated customer support, your business can tackle every phase of the chargeback resolution process with peace of mind and transparent action steps.

There are countless opportunities to grow your business this year with innovative digital-first customer experiences – but before you make the leap, be sure to bolster data security practices at your small business and train staff to consistently protect cardholder data. From upgrading your payment solution to partnering with a trusted payments provider, you can confidently improve the buying process for your customers while keeping malicious actors at bay.

* By selecting this link, you will leave Elavon content and enter a third-party website. Elavon is not responsible for the content of, or products and services provided by this third party, nor does it guarantee the system availability or accuracy of information contained in the site. This website is not controlled by Elavon. Please note that the third-party website may have privacy and information security policies that differ from those of Elavon.