Safeguard Your Card: Best Practices to Avoid Fraud
Electronic payments are a vital part of doing business in almost every industry. They are central to how companies interact with each other, their customers, and their vendors. But the speed and convenience of ePayments brings with it risks: identity theft, credit card fraud, or bank account fraud. To combat these risks, we would like to share with you some helpful tips to keep your financial information safe:
Tips for Customers:
- Monitor your credit card statements: Look for any suspicious transactions, even ones for small amounts. Thieves will sometimes run small transactions to verify a card still works. Report unusual activity to your card-issuing bank immediately to reduce the window of opportunity for fraud.
- Avoid using your card in suspicious car readers: Though most major banks and retailers are vigilant about the security of their card readers, the same cannot be said of all operators. Thieves have been known to compromise poorly secured ATMs, gas station pumps, etc. Before using your card, inspect the machine you are using. Most readers do not protrude from the machine they are in and are physically secured and integrated into the design of the machine. If they do not appear to match, seem to stick out from the machine, or can be easily unseated or removed, it's possible it may have been tampered with. Avoid using your card in any machine that shows signs of having been tampered with.
- Look for the lock: Whenever you use your card online, make sure the page you are using is protected for SSL/TLS. Most browsers, like Internet Explorer, Firefox, and Chrome, make this simple. Websites with SSL will show it in the address bar, usually in the form of a lock icon and a green logo. If you don't see the logo or there are red warning signs, your browser is telling you it is not safe to send your details.
- Never send your account number via email: Email is not guaranteed to be secure. You can never be certain that emails you send out have not been intercepted or copied. As such, you should never send sensitive information, like credit card numbers, through email.
- Never give your account info over the phone to someone calling you: A common ploy used by thieves is to call a victim and pretend to be a bank, the IRS, or some other well known institution.
- If they claim to be from a bank, they may claim to be investigating unusual activity and ask to verify your account info. Your bank will never ask for your account or credit card number over the phone.
- If they claim to be from the IRS, they may tell you that your taxes are behind and demand payment over the phone via credit card or gift card. The IRS will never call you for a phone payment and they don't accept gift cards. Ever.
- In any case like these, you should always hang up and call the institution back at a verified phone number, like to the phone number on your credit card for a bank, the number from the official site of the IRS, etc.
- Use Virtual Numbers: Many banks and card issuers offer a free service that will create virtual credit card numbers to use online or over the phone. These numbers are distinct from your main account number, will only work for a single merchant, and can optionally be set to expire after a certain number of transactions. These reduce the risk of fraud and protect your main account number in the case of theft.
- Remember, fraud can happen at any time: Just because you have not used a card in a long time doesn't mean it is safe from fraud. Thieves often sit on stolen credit card information before using it. And very often the person/group that had stolen your card is different than the one using it. Stolen credit card numbers are often bundled together and sold in bulk on the black market. This means a card collecting dust in your drawer for the last year might still be vulnerable. It also means the point at which it had been stolen might not be the last place it had been used. It is almost impossible for a customer to be sure where a theft had happened. That is why it's important to report fraud to your bank immediately for investigation. Only banks and processors have the visibility to see where stolen cards have been used and, by extension, find the point of theft.
Tips for Merchants:
- PCI-DSS Compliance: The most important step in avoiding credit card fraud is maintaining compliance with the Payment Card Industry Data Security Standard. (PCI-DSS). The PCI-DSS sets data security and accountability requirements for all merchants and service providers that accept credit cards. Merchants and service providers are contractually obligated to comply with the PCI-DSS. All merchants should be familiar with the PCI-DSS and know how it applies to their environment.
- Secure and inspect Points of Sale: Merchants and cashiers should take responsibility for the security of their Point of Sale environment. All credit card terminals should be regularly inspected for signs of tampering. Unauthorized modifications should be reported immediately and affected machines should be taken out of service. Additionally, the presence of unusual devices in the area, such as cameras or RF readers, should be investigated immediately.
- Keep system and security software patched and up to date: All systems that interact with sensitive data should be regularly patched and anti-virus solutions should be deployed and kept up to date. Zero-day vulnerabilities are a common vector used to gain access to sensitive systems. Updated software, while not a perfect solution, is the best defense against malicious infiltration.
- Remember that security is a process, not a product: Regardless of what you have been told, no single product can ensure the security of payments you take. Payment security requires diligence on the part of merchants and service providers to ensure that the entire payment process is protected. This includes physical security, computer & network security, and awareness training for anyone handling sensitive data.