According to the Breach Level Index, more than 9.24 million data records have been lost or stolen since 2013, and while the introduction of EMV chip cards has caused a drop in counterfeit card fraud, US Payments Forum says “card not present” (CNP) fraud is on the rise. “The United States is especially vulnerable to CNP fraud,” the group says. “It leads the world with the highest percentage of e-commerce sales, with 77 percent of U.S. merchants selling online.”
In fact, the report from US Payments Forum predicts EMV implementation – which has made counterfeit card fraud exceedingly difficult – will lead to an increase of CNP fraud in the U.S. from $3.1 billion in 2015 to more than $6.4 billion in 2018. That means data security and fraud protection are more important than ever for businesses and their customers. So what can be done to help?
To start, processors and payment companies can continue to increase efforts to educate businesses on the importance of fraud and data protection. North American Bancard (NAB) takes credit card fraud seriously and believes that education and awareness go a long way when trying to stop fraud in its tracks.
Here are some basic tips you can share with businesses to help them protect against CNP fraud:
- Network Security. Merchants should make sure that only those who absolutely need it have access to their systems and customer information. If a merchant doesn’t need remote login support, they should deactivate it. They should also make sure all of their computers and servers are up to date with the latest program versions and security patches. Use firewalls and other methods to restrict access to their networks.
- Data Storage. Merchants shouldn’t store data they don’t need or shouldn’t have. If they don’t need a full card number, they shouldn’t keep it. Don’t store PIN or card verification numbers for any reason or length of time. If merchants can, they should use data encryption and/or “tokenization” for all sensitive information they accept, transmit or store. Tokenization was first introduced to merchants in 2001 by EPX, a North American Bancard company, and replaces account numbers with values that are meaningless to fraudsters.
- Use qualified service providers/vendors. If merchants are outsourcing for the payment acceptance and processing part of their ecommerce business, they need to make sure the company they partner with is doing everything right. They can do this by checking to see if they are registered as a “Qualified Integrator Reseller” (QIR). This is now a requirement with most of the Card Networks. It’s also important that merchants, and the equipment they use, are PCI compliant. What does PCI mean? The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies that process, store, or transmit credit card information maintain a secure environment. If a business is not PCI compliant, there is a good chance the owner will incur additional fees through the payment processor to get them to comply with the requirements.
- Don’t be afraid to reject an order. Merchants should make sure that every piece of information asked for when customers place orders is provided. If something is missing, merchants need to reject the order.
- Look into discrepancies. If there is a difference between the billing address and the shipping address, merchants should be cautious. While it could be that the order is a gift, if there is anything that raises red flags, they should call to confirm the information or just cancel the order.
For more information on how you can help NAB’s 350,000 satisfied merchants continue to grow and protect their businesses, while helping yourself to some of the biggest bonuses and most rewarding residuals in the payments industry, visit www.gonab.com or call (888) 229-5229.