Page 33 - GS211002
P. 33
Education
What to do about payment terminal and begins authorizing refunds to an
account. Not only is it often days later that SMEs realize
fraudsters targeting what's happened, but these "refunds" also have been
known to run into the thousands (for an example, see www.
mirror.co.uk/money/shop-owner-left-out-pocket-16159962).
SMEs Protecting your business from fraud
The method just described represents only one way
fraudsters are hurting SMEs. Though completely
eliminating the various threats may never be possible,
there are practical steps businesses can take to protect
themselves:
• Ensure cashiers always monitor where payment
terminals are, make certain they are kept out of
reach of the public when not in use and retain
control of machines during transactions.
• If the refund option on your POS device is
protected by a PIN, contact your terminal provider
By Michael Ault and ask them to change the default PIN number to
UTP Group something more secure.
• If you need to take payments over the phone using
[Editor’s note: A version of this article was previously published by a POS terminal, verify the card security code on
Finextra.com on Sept. 16, 2021. Copyright © by UTP Group. Reprinted the back of the card and the cardholder address.
with permission.] • Consider using a virtual terminal solution for
hough it might have been hoped a decade ago phone-based payments. A virtual terminal will
that technological advances by the 2020s would have additional security checks that will give you
have all but wiped out the threat of fraud, this greater comfort that the cardholder is genuine.
T is not the case. Fraud isn't just on the rise; it's • Where available from your terminal provider use
reaching levels not seen before. Pay-By-Link, which will allow you to send an email
to a customer that contains a secure payment link.
Indeed, 2020 holds the record for being the worst year Clicking on the link will take the customer to a
to date for breaches with over 36 billion data records secure payment page that will utilize the latest
compromised, according to a recent Risk Based Security SCA security checks designed to ensure that a
survey. In this article, I'll look at a new type of fraud on cardholder is genuine.
the rise and general steps to take to protect your business.
• Only deliver goods to the address given by the
POS terminals and distraction fraud cardholder when performing the address check. Be
wary of orders to an address where the recipient
A weak link in the protective chainmail surrounding can't be identified as the cardholder. A fraudster
POS devices isn't in the technology but rather in user may have temporary access to a delivery address.
attitudes. Traditional cash tills, with their spring-loaded
money trays and familiar dinging noises, often command • When delivering goods, always use a reputable
a different level of respect, with cashiers demonstrating a carrier who can provide proof of delivery. If
higher level of vigilance around physical cash than they possible, see if your courier can photograph the
do around card-acceptance devices. delivery and include a date and time stamp.
• Be cautious if the customer decides they want to
Likely because there are no physical assets being collect the goods. In this circumstance, refund the
transferred when operating a card machine, cashiers allow original transaction and start a new one as a card-
a degree of complacency, and fraudsters are capitalizing in present chip and PIN transaction.
a number of ways.
• Never release goods to a third party (such as a taxi
So impressive has the evolution of payments technology driver or courier) who claims they were sent by the
been in recent years, it is hard to believe that a simple cardholder.
sleight of hand known as distraction fraud is harming so
many small and midsize enterprises (SMEs). Michael Ault is chief executive officer of UTP Group, a payment solu-
tions company with over 30,000 clients in the UK, Republic of Ireland
With this type of fraud, a scammer distracts a cashier with and Gibraltar. For more information, visit www.utpgroup.co.uk.
idle conversation while an accomplice commandeers the
33
