2 minute read
Hints & Tips to help protect your business
Fraudsters have many ways of targeting businesses, whether anonymously online, posing as a customer or in your employment. This guide aims to provide you with some popular hints and tips for identifying potential fraud to help you protect your business.
If it sounds too good to be true, it probably is. Always approach deals/new business opportunities/transactions with an open, enquiring and questioning mind.
Know your business inside out
By having a thorough understanding of your business, it’ll ensure that you know:
How it operates
The staff you employ
The products and services it provides
Your target market and your business obligations, both legal and regulatory
All this will help you detect when something isn’t right.
Know your customers and suppliers
Understanding who you do business with will help you identify occasions where a seemingly ordinary business request or transaction looks out of the ordinary for that customer or supplier and may be potentially fraudulent. It’s important that you conduct due diligence using a risk-based approach – verify the legitimacy of the customer/supplier details you have stored on file/record as well as online searches.
Identify areas where your business is vulnerable to fraud
Take time to imagine how a fraudster may target your business, internally and externally, and consider testing the systems you’ve put in place to reduce your exposure to fraud/risk. Train your staff on those systems and review them on a regular basis.
Develop a strategy and talk about fraud
Consider a prevention strategy that details controls and procedures to prevent and detect fraud that’s adequate and appropriate for your business. Staff will look to you for guidance as to what behaviour is acceptable. Talk about fraud with your staff, suppliers and any other contacts. Your staff should understand the risks and impact of any losses on the business and on themselves.
Take extra care with all things cyber
With increasing threats from cybercrime, make sure that your business technology/website is adequately protected against attacks. Make sure that you back up your systems in case they go wrong.
Understand your finances
Understand how money leaves your business/bank account. For example, methods of payment, who has the authority to make those payments and who checks that those payments are legitimate. Always check your bank statements!
Secure and protect your property
This includes laptops/computers, smartphones and intellectual property. Consider obtaining business insurance to cover these items if they’re compromised and/or stolen. Using and maintaining inventories can also protect your business.
Develop an action plan
You should consider where you might need professional or legal advice. While prevention is better than the cure, it’s important for you and your business to be prepared for the worst. Having an action plan in place will help limit your losses to fraud and help ensure that your business doesn’t suffer damaging losses.
Checking cards – when the customer is present
When customers are paying by card, whether debit or credit card, check the following:
That the printed digits above or below the first four embossed card numbers are the same. This security measure features on both Mastercard and Visa cards. With counterfeit cards, these four digits are often missing or rub off if you run your finger over the digits. On payment cards that have been counterfeited, they might not match the embossed details.
Check card receipts to make sure that the number on the card matches the number on the receipt.
If you’re accepting a non-chip and PIN card payment, keep hold of the card while the person is signing. This is so a fraudster can’t easily copy the signature.
If you’re at all suspicious of any of the above and you believe that your customer checks have failed, you should contact the Global Payments Customer Care Centre.
Know your staff
Employee fraud poses a serious risk to your business and, if your business is small, it can have a greater impact on the success of the business. Be aware of possible indicators:
A new member of staff resigned shortly after joining
Staff with financial difficulties
- Staff with a sudden change in lifestyle – cars/holidays etc.
- A pattern of customer complaints
- Change in behaviour by a staff member, for example, retracting from others
- A drop in performance
- Suppliers/contractors insist on dealing with one individual
- Staff on sick leave but working elsewhere
- Abuses of flexible working time systems
- Computer misuse
- False references or false qualifications used to secure employment
- Check the End of Day totals – ensure any refunds are for genuine customers/known transactions
Members of staff/customers have been known to process refunds to their own card(s):
Make sure that you control who has access to the supervisor/refund PIN
Change the generic PIN that comes with a new card processing terminal
Ensure that this is changed regularly, particularly upon staff leaving
Ensure that you have processes in place to help you spot unusual refund activity
If anyone calls your business purporting to be a card processing terminal engineer, from Visa or Mastercard or even your card processing terminal provider/acquirer, asking for card details of the most recent transactions processed, don’t give them any information and alert your card processing terminal provider/acquirer. A variation on this is where the caller will state that there’s a fault with your terminal and that they need to test it by asking you to process a card transaction using one card and then a refund using a different card. Don’t process these transactions, as your business will suffer a financial loss equal to their value. Alert your card processing terminal provider/acquirer.
A fraudster may attempt to distract you when they’re entering their PIN into the card processing terminal. This is so they can enter a dummy/false authorisation code. Be wary of a customer that holds onto the card processing terminal for longer than is strictly necessary.
Occasionally, when completing a card transaction on your card processing terminal, you may receive a message: ‘CALL AUTH CENTRE’ on the terminal screen. This is because the card issuer wishes to undertake further verification of the customer/cardholder. Should this occur, contact the Global Payments Customer Care Centre and never accept an authorization number from the customer or from a caller claiming to be from the cardholder’s bank. Such codes aren’t genuine and may result in a financial loss to your business.
Be wary of where you leave your terminals and train your staff to keep them out of sight when not in use. Fraudsters can easily steal these and process refunds onto their own cards. Upon receipt of your terminal, ensure that you amend the supervisor’s code for refunds so that it isn't set at the default; this can be easy for the fraudster to guess or research online.
Removing the ability to take CNP transactions
If you know that your business doesn't need to take card-not-present (CNP) transactions, then ask to have this functionality removed from your terminal. This reduces the risk of unauthorised payments going through your facility.