The Green Sheet Online Edition
October 10, 2021 • 21:10:02
What to do about fraudsters targeting SMEs
Though it might have been hoped a decade ago that technological advances by the 2020s would have all but wiped out the threat of fraud, this is not the case. Fraud isn't just on the rise; it's reaching levels not seen before.
Indeed, 2020 holds the record for being the worst year to date for breaches with over 36 billion data records compromised, according to a recent Risk Based Security survey. In this article, I'll look at a new type of fraud on the rise and general steps to take to protect your business.
POS terminals and distraction fraud
A weak link in the protective chainmail surrounding POS devices isn't in the technology but rather in user attitudes. Traditional cash tills, with their spring-loaded money trays and familiar dinging noises, often command a different level of respect, with cashiers demonstrating a higher level of vigilance around physical cash than they do around card-acceptance devices.
Likely because there are no physical assets being transferred when operating a card machine, cashiers allow a degree of complacency, and fraudsters are capitalizing in a number of ways.
So impressive has the evolution of payments technology been in recent years, it is hard to believe that a simple sleight of hand known as distraction fraud is harming so many small and midsize enterprises (SMEs).
With this type of fraud, a scammer distracts a cashier with idle conversation while an accomplice commandeers the payment terminal and begins authorizing refunds to an account. Not only is it often days later that SMEs realize what's happened, but these "refunds" also have been known to run into the thousands (for an example, see www.mirror.co.uk/money/shop-owner-left-out-pocket-16159962).
Protecting your business from fraud
The method just described represents only one way fraudsters are hurting SMEs. Though completely eliminating the various threats may never be possible, there are practical steps businesses can take to protect themselves:
- Ensure cashiers always monitor where payment terminals are, make certain they are kept out of reach of the public when not in use and retain control of machines during transactions.
- If the refund option on your POS device is protected by a PIN, contact your terminal provider and ask them to change the default PIN number to something more secure.
- If you need to take payments over the phone using a POS terminal, verify the card security code on the back of the card and the cardholder address.
- Consider using a virtual terminal solution for phone-based payments. A virtual terminal will have additional security checks that will give you greater comfort that the cardholder is genuine.
- Where available from your terminal provider use Pay-By-Link, which will allow you to send an email to a customer that contains a secure payment link. Clicking on the link will take the customer to a secure payment page that will utilize the latest SCA security checks designed to ensure that a cardholder is genuine.
- Only deliver goods to the address given by the cardholder when performing the address check. Be wary of orders to an address where the recipient can't be identified as the cardholder. A fraudster may have temporary access to a delivery address.
- When delivering goods, always use a reputable carrier who can provide proof of delivery. If possible, see if your courier can photograph the delivery and include a date and time stamp.
- Be cautious if the customer decides they want to collect the goods. In this circumstance, refund the original transaction and start a new one as a card-present chip and PIN transaction.
- Never release goods to a third party (such as a taxi driver or courier) who claims they were sent by the cardholder.
Editorial Note: A version of this article was previously published by Finextra.com on Sept. 16, 2021. Copyright © by UTP Group. Reprinted with permission.]
Michael Ault is chief executive officer of UTP Group, a payment solutions company with over 30,000 clients in the UK, Republic of Ireland and Gibraltar. For more information, visit www.utpgroup.co.uk.
Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
