Get All Access for $5/mo

9 Crucial Tips to Protect Your Small Business From Credit Card Fraud Vigilance and readily available security tools can keep fraud losses to a minimum.

By John Rampton Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

TEK Image/Science Photo Library | Getty Images

Processing credit cards for your small business is pretty much a given these days. Unfortunately, cyber-criminals are well aware of the increase usage of credit card payments. Nielsen expects that by 2020, credit card fraud will result in over $31 billion in losses.

In short, credit card fraud is a very real threat to both your bank account and reputation. Thankfully, you can avoid credit card fraud from damaging your small business by following these nine tips.

Related: 25 Payment Tools for Small Businesses, Freelancers and Startups

1. Use an Address Verification System.

An Address Verification System (AVS) is a tool used by banks and credit card associations. The AVS are able to compare the numerical part of a customer's address to the information on file. The issuing bank can then verify when a merchant makes an authorization request.

For example, if the cardholder's name and address is Mr. John Smith, 123 Main Street, Realtown, USA 09876, the system will verify 123 and 09876. Once this info is sent, the merchant will receive one of six codes: full match, partial match address, partial match zip code, no match, international, and unavailable. Receiving a full match for AVS assures you that there is less risk processing this payment.

However, don't solely rely on AVS. There could be instances, like when a customer moved and hasn't updated their address yet. Also, AVS is only available from banks and not payment software or gateways.

Related: Online Debit, Credit Fraud Will Soon Get Much Worse. Here's Why.

2. Upgrade to chip readers.

Counterfeit cards are one of the most common types of fraud in brick-and-mortar stores in the U.S. There's a good explanation: we're behind on implementing EMV.

If you haven't already, it's past time to upgrade to chip readers. An EMV is more theft-resistant than swiping the magnetic stripes of credit cards. Additionally, merchants who are using chip readers aren't liable if credit card fraud does occur.

Related: 38 Crucial Tips to Prevent Card Fraud (Infographic)

3. Keep an eye out for unusual customer behavior.

If you accept credit cards in-person pay particular attention to the cardholder for warning signs including:

  • Pulling their credit card out from their pocket, instead of a wallet or purse.
  • Purchasing a large number of expensive items.
  • Purchasing an unusual variety of items, such as clothing in multiple sizes.
  • Rushing to complete a checkout at a closing time.
  • Telling you not to insert or swipe their card because it doesn't work.
  • Handing you their phone when they claim that they're talking to their bank.

A customer who does any of these actions isn't automatically guilty of credit card fraud but these are some some of the tricks fraudsters use. Trust your gut when a customer seems suspicious.

Related: Mobile Fraud a Blind Spot for Ecommerce Merchants

4. Process online payments safely and securely.

What if you process payments online or over-the-phone when you don't handle the credit card? You can process online payments safely and securely.

Reviewing the following before processing a payment:

  • Orders that have several of the same items - especially when it wouldn't make sense to purchase multiples. I mean how many iPhone 7 chargers does a customer really need?
  • Orders consisting of "big-ticket" items, such as TVs.
  • Multiple same day purchases.
  • Multiple purchases coming from the same IP address.
  • "Rush" or "overnight" orders.
  • Orders that have failed AVS (Address Verification Service) or CID (the three-digit value on the back of the card).
  • International orders from countries that you usually don't have customers in.
  • Orders that are shipped to a single address, but made on multiple cards or using multiple billing addresses.

Since 45 percent of all credit card fraud involves card-not-present transactions, make this a priority for your small business.

Related: Online Criminals Are Tricking Entrepreneurs Into Doing Their Dirty Work

5. Secure network access.

Secure your network by utilizing encryption, limiting employee access to sensitive data, using updating the latest versions of any software that your business is running, and using separate devices for your personal and business use since this can decrease the threat of cyberattacks like phishing.

Also, please remember to use anti-malware software.

"Cybercriminal use all types of malware, including Trojans, Man-in-the-Middle, Man-in-the-Brose, and keyloggers, to get what they want, including personal data and payment details," says Due co-founder Chalmers Brown. "Continue updating your tools to detect malware that may be present. You may also need to invest your time in understanding how malware is used in terms of patterns used by cybercriminals. Focus on using malware detection solutions that can work in the background rather than relying on those options that involve user downloads or registrations."

Embrace layered security measures like generating strong, complex passwords that contain numbers, upper and lower case letters, and special characters, as well as two-factor authentication.

Related: Passwords Are Slowly Becoming a Thing of the Past

6. Use tokenization.

In layman's terms, tokenization replaces numbers with a token. This is a mathematical representation of a number.

If you accept payments through Apple Pay or Samsung Pay you're already using tokenization. These services aren't actually transmitting the customer's real credit card number.

Related: Your Security Concerns About Using Mobile Payment Are Valid

7. Report fraud immediately.

No matter how prepared you are and the security measures that you've taken, you can't completely prevent credit card fraud. If you suspect that an instance of fraud has happened, then you need to act immediately. Quickly call the card issuer's authorization center. You say that you have a "code 10 authorization request." Hold onto the card itself, if possible.

If the card is not present, and you suspect fraud, don't hesitate to call your credit card processor, bank, and even the local authorities.

Related: 8 Security Tips for Small Businesses Accepting Online Payments in 2017

8. Follow PCI Security Standards.

These are security standards established by the Payment Card Industry. The standards have been designed to guide small businesses. They instruct how to securely accept, transmit, and store cardholder data. Becoming compliant is one of the most effective ways to thwart credit card fraud.

Becoming PCI compliant is your responsibility. Thankfully, you can read all about these PCI Security Standards online. Reviewed this resource and implement the recommended security measures and frequently test your framework.

Related: The 15 Most Popular Online Payment Solutions

9. Continue educating yourself on credit card (and other types of) fraud.

Always remember that credit card fraud is constantly evolving. Cybercriminals are diabolical and will use the latest technology to commit acts of credit card fraud. In other words, the advice listed above may not be relevant in the future.

Make sure that you frequently stay updated and informed on the latest credit card fraud tactics. Stay current with the best ways to protect both your business and customers.

Additionally, don't neglect other types of fraud that target small businesses. These include:

  • Invoice fraud where you're tricked into paying a fake invoice for advertising, domain name renewal, office supplies, or directory listings.
  • Overpayment scams where a "customer" overpays for an item, and then asks for a "refund."
  • Malware where you accidentally install software on your device that gives scammers access files or track your activities.
  • Ransomware is malicious software that will block access until you make a payment.
  • Whaling or spear phishing are when criminals attempt to obtain confidential information.
  • Scammers posing as a boss, client, or another authority figure and then demand an employee transfer money to a bank account.
  • Some disgruntled or nefarious employees will use business credit cards for their own personal use or purposely leak sensitive information.
  • Government imposters where criminals pretend be from a government agency, like the IRS, demanding an immediate payment.
John Rampton

Entrepreneur Leadership Network® VIP

Entrepreneur and Connector

John Rampton is an entrepreneur, investor and startup enthusiast. He is the founder of the calendar productivity tool Calendar.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Side Hustle

At 16, She Started a Side Hustle While 'Stuck at Home.' Now It's on Track to Earn Over $3.1 Million This Year.

Evangelina Petrakis, 21, was in high school when she posted on social media for fun — then realized a business opportunity.

Health & Wellness

I'm a CEO, Founder and Father of 2 — Here Are 3 Practices That Help Me Maintain My Sanity.

This is a combination of active practices that I've put together over a decade of my intense entrepreneurial journey.

Business News

Remote Work Enthusiast Kevin O'Leary Does TV Appearance Wearing Suit Jacket, Tie and Pajama Bottoms

"Shark Tank" star Kevin O'Leary looks all business—until you see the wide view.

Business News

Are Apple Smart Glasses in the Works? Apple Is Eyeing Meta's Ran-Ban Success Story, According to a New Report.

Meta has sold more than 700,000 pairs of smart glasses, with demand even ahead of supply at one point.

Money & Finance

The 'Richest' U.S. City Probably Isn't Where You Think It Is

It's not located in New York or California.

Business News

Hybrid Workers Were Put to the Test Against Fully In-Office Employees — Here's Who Came Out On Top

Productivity barely changed whether employees were in the office or not. However, hybrid workers reported better job satisfaction than in-office workers.