Online transactional security has garnered scrutiny over the past decade, given its booming popularity and subsequent risks.
But brick-and-mortar businesses aren’t in the clear as the extra attention to online security almost serves as a helpful distraction for low-tech criminals looking to steal card information the old fashioned way, at the point of sale.
If retailers become lax in their in-store payments security, they jeopardise the sensitive information of the millions of UK shoppers who prefer to shop in-store.
Traditional defence methods against fraud are still critical. Fraud losses on face-to-face purchases on the UK high street increased by 13% in 2018 to £69.8 million.
Use these seven tips to stay ahead of in-store fraud and reduce the risk of card fraud liability at your retail business.
1. Regularly check unattended payment terminals
The global Europay Mastercard and Visa (EMV) standard has significantly decreased counterfeit card fraud since 2008.
Counterfeit card losses totalled £16.3 million in 2018, a decrease of 33% compared to 2017 and 90% lower than its peak of £169.8 million reported in 2008 as published in the UK Finance’s research.
The decline doesn’t mean hackers have stopped looking for ways to infiltrate card readers.
Criminals commonly attach concealed or disguised devices to the card reader slots of ATMs and unattended payment terminals (UPTs), such as self-service kiosks at grocery stores, ticket machines at railway stations, cinemas, and car parks.
Regularly monitoring your UPTs means you’re more likely to spot anything that seems suspicious. Even further, updating your terminals to support contactless payments can reduce the risk of card skimming.
Contactless cards have a built-in security feature that occasionally prompts the cardholder to enter their PIN to prove they are in possession of their card.
2. Don’t accept physically damaged cards
Be alert if a customer lets you know right away that their card has trouble reading. One common fraud scheme is getting the cashier to enter card details manually to bypass the anti-fraud features.
Cards that can’t be read by a mag-stripe or chip reader are a red flag. Instead, ask for another form of payment or decline the transaction.
3. Use smart reporting to spot red flags
Your payment processor continually monitors your business’ transactions for fraudulent activity using the power of data to detect suspicious transactions. Those that fall outside the norm are flagged as a potential fraud risk and investigated for validation.
This extra surveillance can help you locate suspicious activity over time as well like frequent returns and chargebacks.
If you know you will need to perform a transaction that is out of character for your retail business, advise your payment processor first to prevent a legitimate purchase from being flagged.
4. Build safeguards against card-not-present fraud
Card-not-present (CNP) fraud quickly became the most common type of card fraud in the UK with a reported £506.4 million stolen in 2018. Mobile wallets and NFC payments have, coupled with the surge in online shopping to create new opportunities for fraudsters to use stolen card information to make purchases.
This form of payment presents a specific challenge to retailers in being able to verify who the actual cardholder is, and consequently being able to authenticate their payment effectively.
Regulation is helping with this as the EU has mandated Strong Customer Authentication (SCA) under PSD2. SCA requires the customer to present two of three forms of identification:
- Something you know, such as a PIN or password
- Something you have such as card information
- Biometric identification, such as a fingerprint
When putting together your SCA strategy, the key is balancing security and convenience for your customer. Authentication through knowledge is the most widely used method.
However, banks encourage a security question along with a PIN or password, which can be hard for customers to remember.
Possession authentication through one-time passwords (OTP) is also a common practice, but these can be extremely inconvenient for your frequent customers.
Biometric authentication is growing in popularity as most smartphones now include integrated fingerprint biometric readers. Retailers and banks are leveraging this feature to make online and mobile commerce transactions more secure.
5. When in doubt, call your bank
If you have suspicions about a credit or debit transaction, your bank is a lifeline you can use if you suspect fraud, especially if someone presents you with a card that has missing or altered security features or any of the red flags mentioned earlier.
Your bank can help you to confirm the legitimacy of a card transaction without confronting the customer.
6. Educate your staff
Your staff can be one of the most significant vulnerabilities or one of the best safeguards against credit card fraud depending on how well you train them.
It’s up to you to empower your employees by teaching them about preventing fraud and implementing best practices to make security the norm. Your staff likely handles most of the sales and interactions from customers.
Educating them to recognise potential fraud can help reduce the risk of it happening significantly.
7. Technology as the solution
Upgrading your POS system can quickly fill some of the gaps in your security efforts:
- Accepting a range of payment methods means you can take advantage of newer security features that have slowed down card fraud.
- A high-performing payment gateway quickly authorises card payments and reduces the amount of time required to process card transactions.
- Newer POS systems are simpler and easier to use, which makes it easier to identify abnormalities and prevent fraud attempts.
Providing secure payments is part of excellent customer service. Our rush to provide frictionless customer service can unknowingly expose us to card fraud.
Following these best practices can help to protect you and your customers from in-store fraud. Learning to spot the red flags of card fraud is a small investment that can pay off big in reduced chargebacks from fraudulent returns.