If you’ve had a personal credit card stolen or been the victim of fraud, you know how stressful and potentially devastating the financial damages can be. But as harmful as personal credit card theft is, when you’re running a business, a stolen business credit card poses an even greater threat—it impacts the financial well-being of the business and all employees, not just an individual. That’s why it’s important to learn about business credit card fraud prevention tactics when you start a business.
As a reminder, business fraud is a broad category that includes business identity theft and business credit card fraud, which can be difficult for small business owners to catch without the benefit of an accounting department. A successful scammer can cause tens of thousands of dollars in damage before being detected, a loss many small businesses aren’t able to bounce back from. Card-not-present payments in particular have seen a boom in fraudulent activity over the past few years.
That said, there are a few simple steps you can take when it comes to credit card fraud prevention for businesses. But in the event of a stolen credit card, the most important thing to do is to be proactive about identifying the fraudulent charges or accounts, and alerting the appropriate bank and authorities.
Credit card information is vulnerable to threats both on and offline, which can make credit card fraud prevention for businesses tricky. In the current data security landscape, you might not have total control over your financial data online—including your business credit card information—but you are capable of preventing long-term damage.
With these nine tips, you’ll learn how to prevent credit card fraud for business.
A basic tenant of credit card fraud prevention for businesses is protecting the physical card itself. Take care to only use your business credit cards outside your home or office when necessary, which can prevent compromising your information due to human error.
But the nature of your business might require you to have a business credit card with you all the time. In that case, it might be worthwhile to invest in a wallet or pocketbook designed specifically to protect against illegal strip-readers and card theft.
There’s a good chance you’re aware of criminals using a device to capture credit card information when you swipe your card at a cash register or credit card reader. Data is stolen from the magnetic strip on a card during a seemingly legitimate transaction, like giving a waiter your card, or using an ATM. (This is often referred to as “skimming.”)
Now that most credit card companies don’t require signatures, debit and credit cards are usually enabled with EMV microchips. These are then inserted into the terminal, instead of the traditional method of swiping and signing for cards. With EMV compliance laws, the chip uses a one-time transaction code, which can’t be used to fraudulently duplicate your card.
Unfortunately, EMV cards can’t prevent online credit card theft, but they do significantly lower your risk of unknowingly swiping your banking information into the wrong hands and are an easy business credit card fraud prevention measure to enact.
This tip may seem obvious, but it’s one of the surest ways to protect your business’s information online, as well as being a top digital security concern. You should always be trying your best to make it difficult for someone to hack into your account.
If you’ve used the same pet’s name as your password for a decade, it might be time to challenge yourself to come up with a difficult-to-guess password for each account you use for your business finances. Remember, it’s easier to reset a forgotten password than it is to recover thousands of dollars in fraudulent charges.
Most online logins require a passcode with some sort of special character, number, or capitalization, but don’t just use “password1!” to secure your accounts online. It’s a best practice to use a different password for each account.
And you don’t need to remember those tricky passwords on your own. Use a secure application like 1Password to manage and store login credentials, which can help streamline accounts, and make it easier for your team to gain the access they need without compromising security. If regularly changing your passwords isn’t already part of your administrative routine, make an effort to refresh old passwords every six months.
If you do end up getting hacked, methodically go through all business accounts—even those that weren’t compromised—and do a full sweep of your passwords. When it comes to credit card fraud prevention for your business, make a schedule to change passwords for banking accounts and other proprietary information every six months.
Unfortunately, the first sign that your credit card information has been stolen is often the fraudulent charge itself. Ideally, of course, you’ll detect business credit card fraud before any transactions occur, but the next best thing is to catch fraud ASAP. You can do this by adopting two steps:
Regularly checking your business credit card statements is a great business credit card fraud prevention tactic (and useful for tracking business spending in general). If you’re not already using your bank’s online portal or another banking software, start now! These tools make monitoring your credit card purchases extremely user-friendly.
Try to make time every week to look over credit card spending from the previous week—that way, it’s more manageable to review each charge carefully, rather than letting them pile up over time. And if you notice any strange account activity, contact your card issuer ASAP.
An accountant or other financial professional can help make sure your records and accounts are in order, and alert you to any discrepancies that might indicate fraud. And if you’re especially concerned about fraud, enlist the help of a specialized forensic accountant. They’re trained to review financial records for exactly this purpose, and can help you detect and prove fraud when it happens.
If you’re the sole proprietor of your business, or the only person with access to the business credit card, there’s less of a likelihood of employee fraud and misuse of company funds. Fewer cards linked to your account also reduces the chances of compromising your financial information due to a lost or stolen card.
Of course, it’s not always feasible to have one card for your business. If you do need to delegate spending to your employees, ensure that you’re only giving out cards to your most trusted staff members, and make sure they return their cards as soon as they’ve completed their purchases.
Business credit card fraud prevention doesn’t just happen by protecting your card, but also by spotting those who try to make fraudulent purchases at your business. In order to detect in-person cardholders who may not be who they say they are, look for the following warning signs:
For online transactions, you cannot detect these warnings signs. But it’s important you put other kinds of business credit card fraud prevention practices in place, especially because the vast majority of fraudulent purchases occur online. If you accept payments online, here are some warning signs of fraudulent purchases:
It’s also a smart idea to require online customers to provide a card verification value (CVV) number to complete an online transaction, and to use an address verification service (AVS) to ensure the credit card matches up with the billing address.
For both online and in-person transactions, none of these warning signs guarantee fraud, but several at once should raise a red flag.
In-person credit card fraud will happen at the point of sale. In order to protect your POS system from fraudulent credit card purchases, make sure you lock it up when it is not in use, add user-based permissions, and inspect your POS multiple times per week for things like loose wiring and damaged hardware. Keep in mind that a common way cyberhackers will tamper with your POS is by infecting your credit card reader with malware.
Another business credit card fraud prevention tactic is to encourage customers to pay using an eWallet like Apple Pay or Google Pay. In order to do so, you’ll need to invest in a credit card reader that accepts NFC (aka near field communication) payments. However, this investment will be well worth it, as you won’t have to worry about a fraudster using a stolen credit card.
To protect against fraudulent online purchases, as well as infected credit card readers, invest in cyber insurance. Cyber insurance can protect your business from revenue loss due to fraud by covering your legal fees and other costs resulting from a data breach. Other types of insurance, like commercial property insurance have also evolved to cover data breaches. A comprehensive BOP, or business owners policy, may also be able to provide coverage.
Many business credit cards give business owners control over employee spending, like setting spending limits on employee cards and generating automatic expense reports. But for a really effective business credit card fraud prevention tip, you can distribute prepaid business debit cards to your employees instead.
In particular, the Bento for Business debit card has some of the most comprehensive employee controls we’ve seen in a business debit card: You can set spending limits, track card activity via a mobile app or web dashboard, automatically integrate expense data into your bookkeeping software, and more. And because the Bento for Business card isn’t technically a credit card, any negative card activity won’t hurt your credit score.
The bank calls about an odd charge, your card is unexpectedly declined, or you notice something missing from your pockets—many of us are familiar with the sinking feeling of losing a credit card. If your business credit card fraud prevention efforts fail, and you think your information is lost or stolen, here’s what you can do to assess the problem, control the damage, and regain some peace of mind.
Many banks allow you to place a temporary hold on your card while you examine fraudulent activity or look for a misplaced card. This function might even be accessible from your online banking account, so you don’t have to alert your bank until you’re sure there’s been a security breach.
When you can’t find your business credit card, or know for a fact that it’s been stolen, log into your online banking portal and look for any new or unusual charges. Call the credit card company directly if you’re not able to view your recent purchases online.
As long as there aren’t fraudulent charges visible on your account statement, it’s okay to take some time to look for a misplaced card before going forward with a cancellation. But after a few hours, the safest choice is to alert your credit card company and freeze the account.
And if there haven’t been suspicious charges to your account, double check that your card isn’t simply “hiding” in your pockets, car, or desk drawer (it happens to the best of us).
When you suspect your card has been stolen, or that your account has been hacked, you should talk to your banking representative immediately. They will most likely ask you to verify some recent purchases, and it can be helpful to view your statement online so you’re prepared.
Another reason to contact your bank and potentially cancel your credit cards is if a data breach targeting customer information occurs at a retailer you’ve used or that has your financial information.
Once you’re positive that your card has been stolen, submit a complaint to the Federal Trade Commission (FTC) and file a report with local police. If you are a victim of fraud, you can request that a credit reporting bureau set up a fraud alert, which actively alerts authorities to potential fraudulent activity on your account.
Every business with a credit card is susceptible to business credit card fraud, and small businesses are no different. Business owners put themselves at risk for fraud by being complacent, so even if you have tricky passwords and store your card securely, it’s smart to continually work on ways to improve security and optimize business credit card fraud prevention.
The more aware you are of credit card security, the less likely you are to be caught off guard by a stolen card. Take proactive measures, like securing your information and physical card, to protect you from hacking and theft. And a regular review of your credit card statements ensures that you’ll respond quickly if a breach does occur.
If you do suspect any fraudulent activity, don’t hesitate to contact your credit card issuer to freeze or cancel your card. In fact, throughout the process, it’s imperative to stay in close contact with any authority involved in you case—whether it’s the IRS, a credit card company, or police—because it’s the best way to seek recourse if you’re defrauded.
No single defense will prevent business credit card fraud altogether, but actively protecting your card and staying alert will deter potential threats, and help you minimize the damage of business credit card fraud.
Matthew Speiser is a former staff writer at Fundera.
He has written extensively about ecommerce, marketing and sales, and payroll and HR solutions, but is particularly knowledgeable about merchant services. Prior to Fundera, Matthew was an editorial lead at Google and an intern reporter at Business Insider. Matthew was also a co-author for Startup Guide—a series of guidebooks designed to assist entrepreneurs in different cities around the world.