Print

Top Payment Security Oversights—and How to Fix Them

Pause for a second as you read this and think about how your customers pay your business for services. Now realize that you probably overlooking at least one security risk in those payments. Here are the top payment security oversights, both online and offline, that Caribbean small business owners make each day—and what you can do to prevent them.

You don’t have a solid chargeback process.

Payments accepted online and via phone are susceptible to chargebacks from the client. Make sure you have a clear process for documenting the identity information from the buyer to protect yourself in the event of a claim. If a claim is filed by a client, then ensure you have a structured, comprehensive and quick response process for addressing each claim. The successful counter to any chargeback establishes a clear track record for your business. Ensure you understand the burden of proof and the process for each payment company. Start by reviewing Mastercard’s guide for chargebacks.

Clients are not aware of security risks.

A huge security oversight is your own trusted customer. If they are tricked or scammed into fraudulent behavior, it is very difficult for you to protect against this once-trusted client. That is why it is important for you to educate your clients about risks they may face and how to be on the defensive. Educate them on how you will and will not contact them and what type of information you would ever ask from them via phone or email. This education reduces the risk of them being scammed and will reduce the number of fraudulent payments you receive.

Read more: How to Keep Customers Coming Back

Addresses for offline payments are not verified.

Many fraudulent payments occur with a valid credit card where the shipping address is different than the billing address.  This is especially true in the Caribbean, as items purchased fraudulently can be quickly shipped overseas for resale. Prevent these transactions by being vigilant for strange shipping addresses or a shipping address that varies greatly from the billing address. With Google Maps or Streetview you can look up details of a shipping address and see what type of building or neighborhood it is. Also always verify with the client their billing address. If it’s a fraudulent transaction, the client usually will not know the payment method’s billing address.

Your sales staff is not empowered.

When someone is trying to pass a fake card, use a stolen card or other payment scams, your staff, who serve legitimate clients all day, will generally have a sense that something is off. It can be the way the client is acting, their method of selecting items or the appearance of the payment method. Ensure your staff is trained to trust their gut, that they feel a personal responsibility to protect the business and also that the owner and management will support them in their decision. Be clear that it’s okay to delay the transaction or even take the card to a supervisor to call to verify the card details. A fraudster will generally not want the card to leave their possession and that delay tactic will force them to walk away from the transaction. A normal client will generally not have any issues with that extra level of verification since they know the payment is good. Align staff rewards with protecting the business and not just sales commissions.

Your business is not using the latest security tools.

For online payments ensure you have implemented additional layers of security from your provider, such MasterCard SecureCode. For example, MasterCard SecureCode is a private code that only the cardholder and the bank know. This measure has been implemented by over one million online merchants in 122 countries. Also work with your payment processor to ensure your systems use the latest encryption and techniques for card validation, for example the rollout of the chip technology across the United States.

Read more: Online Payment Processing in the Caribbean: What To Know

Your payment processor is not complying with PCI requirements.

Just because a digital service provider offers payment processing doesn’t mean they meet the current PCI requirements for credit card transactions. You must ensure you processor is compliant because if something goes wrong and customer data compromised, the blame will trickle down to the merchant and the fines can be as high as $50,000, even for a first offense.

As a small business owner you have the knowledge to rectify these six top payment security oversights. You also can evaluate your individual business to find more.

Follow Ian Haet on Twitter @IanHaet and learn more about his experiences with payment processing in the Caribbean.

Ian Haet
Ian Haet
Ian Haet was the CEO and Co-Founder of the Startup Stock Exchange (SSX) headquartered in Curacao, Dutch Caribbean until he sold it in April 2016. He has started and operated numerous online businesses in the Caribbean and Latin America. He is an expert in business development, digital marketing, and startup operations. He is currently focused on building his next business in LATAM.

See all posts by Ian Haet

Leave a Comment

Your email is never published nor shared. Required fields are marked *
Please see our Comment Policy that applies to all comments.