The consequences of credit card fraud can be disastrous for small businesses. Aside from the legal ramifications, the damage to your firm’s reputation could lead to a vast loss of earnings.
But does this mean you shouldn’t accept credit card payments over the phone?
Using the phone to process credit card payments carries risk.
In country’s that have adopted EMV chip technology, card-not-present (CNP) fraud is the most prevalent type of credit card fraud. For merchants taking payments over the phone, where it is not possible to see the card itself, the transactions are particularly at risk.
However, there are ways to minimize the risks.
Ensure your company has strong data security practices by employing trustworthy staff, following industry-recognized security practices, and using the latest third-party technologies can all but eliminate security breaches.
It is imperative that the employees taking credit card payments over the phone are fully-trained.
Breaches of data can come from something as innocuous as being overheard, or carelessly storing cardholder data. Annual security awareness training will ensure all staff members that handle credit card data are trained and aware of the best practices for taking payments over the phone.
Better trained staff will also be in a stronger position to flag any payments that appear suspicious.
Provide your staff with an action plan of what to do if something seems strange about the payment and make security a priority when handling card payments over the phone.
A thorough recruiting process will also help prevent security breaches.
Consider conducting background checks on individuals who will be taking card payments over the phone. People who seem trustworthy may have a criminal past that makes them unsuitable for the position.
A lot of payment security breaches boil down to inefficient processes, for example, storing data inefficiently, or not providing individual login accounts to staff.
Card numbers and security codes should never be written down, either physically on paper or electronically in a document.
Anything printed with customer’s information should be cross-shredded.
Also, if you can give staff separate login accounts, it will be much easier to trace a security breach back to the source and take appropriate recovery measures.
Primarily, any technology your business uses to process transactions and store cardholder information should have strong, robust antivirus protection.
Investing in a payment terminal with an added level of fraud protection may be something to consider.
Some terminals have an address verification system (AVS) which matches the address provided with the address the card issuer has for that cardholder. This can help eliminate cases of fraud.
Another way of protecting your company against credit card fraud over the phone is by placing your card payments under the control of a third party.
Third party companies, like the Internet, have software which allows the customer to enter their own credit card number into the phone. This means your staff do not hear the number and removes the risks of both human error and data breaches.
Not only does using a third party mitigate the risks involved, it also takes your network out of the scope of the PCI DSS.
This means that, because your business is not processing the card transactions, it does not have to be PCI compliant, eliminating the costs of security scans and audits.
Is accepting card payments over the phone secure? It absolutely can be. If you invest in your staff, develop good practices, and maintain up-to-date and modern technology, taking credit card payments over the phone can be secure.
For an even stronger level of security, contact a third party and let them handle the payments securely.