Every year, small business owners lose millions of dollars to fraud. Between online, in-store, mail and phone scams, there are several ways fraudsters can target your business. Fret not! We’ve got you. Here are common signs to look out for and some easy steps you can take to prevent fraud on all fronts.
Ecommerce and card-not-present scams
With retail sales moving online in record numbers due to the pandemic, the physical checkout is no longer the main destination for payments fraud. Payments processed online, over the phone, or through the mail, known as card-not-present (CNP) transactions, are occupying a growing share of the total fraud reported in Canada each year.
The 3 E’s of card-not-present fraud prevention:
Remember to watch out for these three signs when processing transactions online, through the mail, or over the phone:
- Expensive: Take notice of purchases that include high-priced items or large quantities of the same item. If a good customer suddenly places an order that’s significantly higher than average, they may be a victim of credit card fraud.
- Express: Be wary of customers who request express, next-day delivery. Fraudsters may expedite shipping on fraudulent purchases to decrease the chances that a small business owner will manually review the order.
- Extra cards: Watch for customers who make purchases using multiple credit cards. Although it’s not unusual for customers to have more than one card, several cards—especially used at the same time—should be considered suspicious.
Other types of online scams
While credit card fraud is one of the most ubiquitous online threats for retailers, there are other online scams to look out for as well. If you’re not vigilant about protecting yourself as an individual, you could leave your business vulnerable.
Malicious software, or “malware,” has been around for a long time and involves a scammer trying to install software to infect your computer and access your personal information. It could come in the form of a link or pop-up message in a spam email or a fake website.
How to protect yourself against malware
The first and most obvious way to avoid malware is to install a trustworthy virus scanner to protect your computer. Make sure you keep upgrading to the latest version.
Here are some additional precautions you can take to protect yourself:
- To access a website, make a habit of typing it directly into your browser or using a saved bookmark link rather than clicking a link from an email.
- Be careful with websites offering “free” downloads. Always double-check the source and understand the risk of clicking on something if you’re unsure.
- Don’t click on pop-up ads! They may result in harmful programs being installed on your computer.
Phishing and smishing scams
“Phishing” and “smishing” use two different media to carry out the same scam. Phishing uses unsolicited emails that appear to be from a legitimate organization, like a bank, business, or government agency. Usually, they try to get you to provide your personal information, such as credit card data, passwords, or your social insurance number, by clicking a link. Smishing uses SMS messages to do the same thing.
How to protect yourself against phishing:
The messages in these scams often appear legitimate at first glance, using sender addresses, logos, and language that mimic the organizations they’re impersonating. It’s essential to keep some things in mind to avoid falling for these types of scams:
- Trustworthy organizations will never ask you to confirm or provide your personal information through email or text.
- Look for spelling or grammar mistakes, in either the message, email address, website URL, or logo—this can be a big tip-off.
- Never unsubscribe to a suspicious-looking message by replying to the message.
- Preview hyperlinks before clicking on them by hovering your mouse over the link.
- Do not use the phone number or email address displayed in a suspicious message. Only use the contact information you can get from a trusted website.
- Don’t accept friend requests on social media from people you don’t know.
While you can’t stop scammers from taking advantage, you can stay informed and take every preventative measure you can to keep your business safe. Having multiple tools that prevent fraudulent actions is great, but what if you could detect the fraud before it actually happens? Today, there are many predictive fraud prevention tools like Kount Essential, which monitor your
ecommerce site for suspicious activity (multiple transactions from a single card, unusual order sizes, etc.) and notify you directly so you can intervene early. These tools can also make fully automated order decisioning on your behalf.
In-store and card-present scams
Do you know how to spot potential credit card fraud when it’s happening in front of you? You often don’t know you have been a target until it’s too late. Follow these best practices and share them with your front-line staff to safeguard your business against fraudulent transactions before it’s too late.
The 3 C’s of card-present fraud prevention
Look for the three C’s when you’re presented with a credit card: customer behaviour, card entry and handling, and card acceptance best practices.
1. Customer behaviour- Be aware of suspicious customer behaviours. Keep an eye on customers who appear nervous or are making an unusual purchase from your business, such as several high-priced electronic items at a convenience store. Watch out for individuals loitering near an unattended device or individuals attempting to block an employee’s ability to see the device by placing large items on the counter, for example. Any of the following taking place could be an indicator of a customer attempting to make a fraudulent transaction:
- A customer seeming to randomly pick up merchandise for purchase without care
- A customer appearing nervous or in a hurry
- A customer taking their payment card from their pocket rather than their wallet
- The customer’s signature not matching the signature on the credit card
- A customer making a large, random, expensive purchase
2. Card entry and handling- If customers have Chip & PIN on their card, be aware of the number of times they are attempting to enter their PIN or re-inserting their card to try again. If they do not have Chip & PIN on their card, be sure to look for all the card security features. All cards are designed with special security features to deter counterfeiting and alteration. When you are presented with a card, look for the following elements:
On the front:
- Verify the match of print and embossing
- Valid date
- Compare account numbers
On the back:
- Signature panel
3. Card acceptance best practices- Always follow proper card acceptance procedures and use secure tap or Chip & PIN payments whenever possible, even curbside or on delivery. It can be all too easy to let procedures fall by the wayside when you’re processing so many in-store transactions a day. However, it’s more important than ever to ensure you and your employees are treating each transaction with attention and care to prevent fraud. Remember to never leave your payment terminal unattended and follow proper card acceptance procedures for all types of transactions to prevent fraud-related chargebacks. Avoid manually entering credit card numbers, which puts you at major risk for friendly fraud and use any of the following instead:
- Contactless transactions (also called tap payments) under a specified amount require no signature or PIN.
- Once the terminal displays the purchase amount, the cardholder will hold their contactless card up to the screen (closer than 4 cm) to complete the transaction.
- A transaction response will be provided within a few seconds.
- Unless the cardholder specifically requests it or the total transaction amount is above the prescribed limits, you do not need to provide a receipt to the cardholder.
- However, always retain a copy of the receipt for your records in the case of a dispute.
Chip & PIN transactions
- Ensure that the card remains inserted in the Chip & PIN terminal throughout the entire transaction.
- Once the terminal displays the purchase amount, the cardholder will be prompted to enter his or her PIN on the keypad.
- If the PIN is confirmed and the purchase approved, a receipt will be printed.
- View the receipt after the transaction to see if the cardholder’s signature is required in addition to the PIN. If so, request that the customer sign the receipt.
- Under certain circumstances, you may be asked to perform a swiped transaction, i.e. if a card’s chip is broken or dirty, or the terminal’s reader is obstructed, etc.
- Ensure that the card is swiped once in the direction of the arrow shown on the reader.
- If the purchase is approved, a receipt will be printed with a signature line.
- Compare the signature on the card with the signature on the receipt to ensure they match.
- If you receive a message of “Call” or “Call Centre” on your POS terminal, call the Moneris Authorization Centre at 1-866-802-2637.
Mail and phone scams
As a business owner, you should be aware of the many types of fraud targeting small businesses. These scams can involve any of the following, which may seem legitimate at first glance:
- Placing an order over the phone with a credit card and sending someone else to pick up the merchandise in order to avoid providing the physical card. The fraudster then reports a chargeback dispute to the card company saying they never received the merchandise.
- A letter or notice prompting you to renew your domain name or business listing.
- A call from someone claiming to be provincial government telling you that you need to replace first-aid kits or update health and safety training, and to act quickly.
- An office supply store billing you for an order you did not place.
- Door-to-door scams from someone pressuring you to donate, invest, sign up for maintenance, or purchase an appliance.
How to prevent mail and phone scams:
Manually entered transactions—whether card numbers are given over the phone or in person—are high-risk with zero protection from disputes. That’s why, whenever possible, businesses should either take tap or PIN & chip payment in-person at pickup or if they have a secure online payment portal. Here are a few tips to help prevent getting scammed:
- Advise the cardholder that in order to collect the merchandise, the card used for the payment must be presented.
- Carefully review notices you receive to ensure dates, URLs, and company names match up with your records.
- Make sure employees who answer phone calls, emails, or process invoices are informed and aware of potential scams.
- Ensure goods and services are ordered and received before paying invoices.
- Don’t give out sensitive information about your business unless you know what it will be used for.
- Approve business proposals in writing—not over the phone.
- Limit those who can approve plans in your business.
- Create internal procedures that limit scams, like asking specific questions, escalating suspicious situations, or getting more information when necessary.
You’ve worked hard to build your business, and you shouldn’t have to take a financial hit because someone has found a way to take advantage of you. Being aware of the types of scams that businesses can be targeted by can go a long way in keeping you protected. Taking the time to create a fraud prevention strategy can help protect your business from being a target for fraud and ensure you’re making the most out of every sale.