Protect your small business; security and fraud tips

Learn more about payment security, and get fraud tips to help protect your small business.

It's important to protect your business from cyber criminals. The more informed you are about payment security, the more protected your business can be.

Florist accepting EMV chip-based technology from Bank of America Merchant Services

EMV® chip-based technology

Security standard adopted by card issuers

EMV is a technology standard that defines a set of requirements to ensure credit and debit cards are securely accepted on a common worldwide standard. This security standard is currently used by credit card issuers and merchants in most countries and in the U.S.

In most parts of the world, business owners can take advantage of the security chip by having cardholders “dip” their card into a card reader, where the card can be authenticated. When used with PIN codes, EMV chip cards provide retailers and banks greater confidence that the card user is the true owner by combining something the card’s real owner would have and something only they would know. Because EMV is not universally deployed, however, even chip cards continue to have magnetic stripes that are used to authenticate cards at a traditional point-of-sale device. To take full advantage of all that chip technology has to offer, U.S. retailers need to ensure they have chip readers in their point-of-sale devices.

The chip on EMV cards is a microprocessor that provides a unique code for each transaction, helping prevent card data from fraudulent reuse. Although more secure than a magnetic card stripe, EMV chips do not protect cardholder data once the payment method is validated or while the payment is processed.

Benefits include:

  • Improved security against credit card fraud through use of unique online cryptogram
  • Enhanced cardholder verification methods
  • Chip stores more information than magnetic stripe cards
  • Possibility for finer control of “offline” transaction approvals
Woman with Bank of America credit card making mobile payment on phone

Encryption and Tokenization

Helping protect card data from the moment of swipe

Encryption and tokenization help protect card data from the moment of swipe, when the card data is immediately encrypted and transmitted for processing and replaced with a token. This eliminates the need to store primary account numbers (e.g., 16-digit card number) in your data environment, reducing your liability for card data loss in the event of a data breach.

Five simple tips to help protect your business from point-of-sale fraud.

Change default passwords

Before using a new point-of-sale device or system, change the default password. Incorporate uppercase letters, numbers and symbols in your password, and avoid common easy-to-guess passwords. Change passwords every 60 to 90 days.

No browsing on point-of-sale systems

Do not allow associates to browse the internet on any point-of-sale system, as they could click a malicious link that downloads malware or viruses. This rule also applies to any device that connects to the point-of-sale environment.

Educate employees

Train employees to spot suspicious transactions, compare signatures on the back of the card used and the sales receipt to ensure they match, and obtain signatures on contracts and sales orders when appropriate.

Keep point-of-sale software and firewall systems up to date

Point-of-sale software and network firewalls are vulnerable to malware attacks when updates are not installed in a timely manner.

Maintain terminal safety

Regularly inspect all point-of-sale devices or systems for tampering. Should you suspect tampering, contact your merchant services provider immediately for assistance.

Take cards over the phone or online? Help protect your business from card-not-present fraud.

Validate and maintain PCI-compliance

All businesses that accept credit or debit cards must be PCl-compliant: they must meet the payment Card Industry’s Data Security Standards (PCI DSS).

You can learn more on the official PCI Security Standards Council website, where there is a section dedicated to small businesses.

Always request the security code

The security code is typically a three-digit number printed on the back or four-digit code found on the front of all major credit cards. This code acts as an additional security feature that verifies the customer. Ask for this code before processing any transaction.

Educate employees

The best employers teach workers how to spot possible fraudulent transactions. Possible fraud indicators for card-not-present transactions include:

  • Larger than normal orders
  • The purchase of several big ticket items within a short period of time
  • One small purchase followed immediately by several big ticket items
  • Orders that include several of the same item
  • The use of multiple cards from a single IP address
  • The use of different billing and ship-to information
  • Rush delivery requested
  • Shipping outside the country

Before you process any transaction:

Whether you are processing a credit card for the first time or managing a recurring payment, merchants should always verify the pertinent card information and receive a customer’s permission to process a transaction. If a customer does not consent, processing the transaction could lead to an “unauthorized purchase” and a chargeback for your business.

For more information on fraud, please consult your Bank of America Merchant Services business consultant.