Top Payment Security Oversights—and How to Fix Them

Pause for a second as you read this and think about how your customers pay your business for services. Now realize that you probably overlooking at least one security risk in those payments. Here are the top payment security oversights, both online and offline, that Caribbean small business owners make each day—and what you can do to prevent them.

You don’t have a solid chargeback process.

Payments accepted online and via phone are susceptible to chargebacks from the client. Make sure you have a clear process for documenting the identity information from the buyer to protect yourself in the event of a claim. If a claim is filed by a client, then ensure you have a structured, comprehensive and quick response process for addressing each claim. The successful counter to any chargeback establishes a clear track record for your business. Ensure you understand the burden of proof and the process for each payment company. Start by reviewing Mastercard’s guide for chargebacks.

Clients are not aware of security risks.

A huge security oversight is your own trusted customer. If they are tricked or scammed into fraudulent behavior, it is very difficult for you to protect against this once-trusted client. That is why it is important for you to educate your clients about risks they may face and how to be on the defensive. Educate them on how you will and will not contact them and what type of information you would ever ask from them via phone or email. This education reduces the risk of them being scammed and will reduce the number of fraudulent payments you receive.

Read more: How to Keep Customers Coming Back

Addresses for offline payments are not verified.

Many fraudulent payments occur with a valid credit card where the shipping address is different than the billing address.  This is especially true in the Caribbean, as items purchased fraudulently can be quickly shipped overseas for resale. Prevent these transactions by being vigilant for strange shipping addresses or a shipping address that varies greatly from the billing address. With Google Maps or Streetview you can look up details of a shipping address and see what type of building or neighborhood it is. Also always verify with the client their billing address. If it’s a fraudulent transaction, the client usually will not know the payment method’s billing address.

Your sales staff is not empowered.

When someone is trying to pass a fake card, use a stolen card or other payment scams, your staff, who serve legitimate clients all day, will generally have a sense that something is off. It can be the way the client is acting, their method of selecting items or the appearance of the payment method. Ensure your staff is trained to trust their gut, that they feel a personal responsibility to protect the business and also that the owner and management will support them in their decision. Be clear that it’s okay to delay the transaction or even take the card to a supervisor to call to verify the card details. A fraudster will generally not want the card to leave their possession and that delay tactic will force them to walk away from the transaction. A normal client will generally not have any issues with that extra level of verification since they know the payment is good. Align staff rewards with protecting the business and not just sales commissions.

Your business is not using the latest security tools.

For online payments ensure you have implemented additional layers of security from your provider, such MasterCard SecureCode. For example, MasterCard SecureCode is a private code that only the cardholder and the bank know. This measure has been implemented by over one million online merchants in 122 countries. Also work with your payment processor to ensure your systems use the latest encryption and techniques for card validation, for example the rollout of the chip technology across the United States.

Read more: Online Payment Processing in the Caribbean: What To Know

Your payment processor is not complying with PCI requirements.

Just because a digital service provider offers payment processing doesn’t mean they meet the current PCI requirements for credit card transactions. You must ensure you processor is compliant because if something goes wrong and customer data compromised, the blame will trickle down to the merchant and the fines can be as high as $50,000, even for a first offense.

As a small business owner you have the knowledge to rectify these six top payment security oversights. You also can evaluate your individual business to find more.

Follow Ian Haet on Twitter @IanHaet and learn more about his experiences with payment processing in the Caribbean.

Ajeet Khurana
Ajeet Khurana
Ajeet Khurana wears many hats: author, angel investor, mentor, TEDx speaker, steering committee of the NASSCOM Start-Up Warehouse, Director of Founder Institute, Venture Partner with the seed initiative of a top Venture Capital firm, and former CEO of IIT Bombay’s business incubator, among others. Before all this, he was entrepreneurial twice in the field of education and web publishing. As a lecturer at the University of Texas at Austin, he taught e-commerce back in 1993, when the term "e-commerce" had not yet been coined. An undergrad in computer engineering from the University of Mumbai, and an MBA from the University of Texas, Ajeet is presently an active name in the startup ecosystem. From starting two ventures as a solopreneur, to helping a large number of startups with their go-to-market, he has never shied from getting his hands dirty. At the same time he has helped dozens of startups raise investment. He truly believes that small business owners are driving change in the world, and need to be facilitated as much as possible. Innumerable small businesses have gained from his attitude, vast professional networks, financial acumen and digital mindset.

See all posts by Ajeet Khurana
  • All views expressed on the published articles at are those of each of the authors, and do not in any way represent the opinions of Mastercard International Incorporated or any of its affiliates (“Mastercard”). Mastercard is not responsible of the information contained in these articles.