What do you get when you take the best deals of the year, mix them with the spirit of the giving season and add in holiday wish lists a mile long? You get shopping malls, specialty shops, and websites for retail outlets across the country packed with eager customers. It seems nearly everyone is shopping this holiday season, even credit card fraudsters.
Yes, credit card fraudsters.
According to the National Retail Federation, the nation's largest retail trade group, sales during this winter holiday shopping season are projected to increase by 4.1 percent over last year. Furthermore, the 2012 Accenture Holiday Shopping Survey found that consumers will spend an average of $582 on gifts this season, and 52 percent of shoppers will increase their spending by at least $250. Many of those gifts will be purchased using credit cards. Thirty-three percent of shoppers plan to charge their gifts on a credit card, according to the Accenture survey.
The overall increase in credit card transactions during this time of year means hackers and scammers are working overtime to benefit from all the action. The following tips can help merchants ensure scammers don’t leave their mark on their business, or their customers, this holiday season.
If the Whos Had Been PCI Compliant, The Grinch Wouldn’t Have Stolen Anything – It’s vital as well as required that any business accepting credit or debit cards is Payment Card Industry (PCI) compliant. A very easy way to lose customers is to allow their payment information to be pilfered when shopping at your store or your online website. Maintaining PCI compliance helps plug security holes, plus serves to significantly dampen the effects of a breach.
Your Holiday Cards Don’t Need Encryption, But Your Payment Information Does- Whether your organization is PCI-compliant or not – and hopefully it is -- fully encrypting all points of payment is paramount to keeping vital company and customer information from being hacked. End-to-end encryption is the technical term for this practice, and it essentially boils down to scrambling the data sent from one device to another. A company’s mobile payment devices, credit card terminals, software applications, and online payment portals need built-in encryption functionality when transmitting customer information.
You Should Take In All the Holidays Have to Offer - Scammers frequently attempt to tamper with an organization’s credit card terminals in an effort to steal credit card information, often with a small piece of hardware attached to the actual terminal. Alert your employees to this possibility, and remind them to conduct regular visual assessments of all payment processing equipment. While these information-stealing devices can be concealed to look like a piece of the credit card terminal, attentive employees should be able to easily identify extraneous equipment.
Santa Isn’t the Only One Checking a List - Unfortunately, even with the best payment processing security, a breach can still happen. So, you should keep meticulous credit card sales records. If an issue does arise, it’s essential you have a means of retracing your steps in order to determine where the breach occurred, as well as to prevent any further theft. Not only will the ability to work backwards to determine the source of the breach allow your organization to plug any security holes and abate the possibility of additional customer information becoming exposed, but it can also often lead straight to the credit card fraudster.
Hopefully, this Sage advice will help ensure you and your loved ones enjoy truly happy holidays, while aspiring hackers receive only coal and handcuffs in their stockings.
Rob Bertke is senior vice president of research & development at Sage Payment Solutions, a division of Sage North America. Bertke has been in the commercial payments and business-to-business electronic commerce industry for 15 years. In 1995, he helped Wachovia Bank release its first commercial card products by creating a technology solution for card transaction GL (general ledger) coding and management information reporting. He left Wachovia in 1997 to join the American Express Technical Consulting team, where he was a member of the ANSI X12 committee developing card-specific EDI (electronic data interchange) transactions, and acted as product manager and technical consultant for key e-commerce initiatives.
Edited by Brooke Neuman