Fraud. Data breaches. Account takeovers.
These are important words to be aware of as a consumer, but they are critical to know if you’re a business owner. After all, the security of your business and customer data can affect your bottom line.
Security issues can be costly and time-consuming, leading to compromised accounts or payment disputes. And because your customers trust you with their information every day, data breaches and fraud represent a threat to your business’s reputation as well.
But it’s hard to keep your customers safe and your bottom line healthy if you don’t have a solid understanding of the risks faced by every business in this day and age. We put together a list of the terms you should know and how they could apply to your business.
Fraud occurs when someone deceives a person or institution to obtain money, goods, or services illegally.
Small businesses typically encounter fraud when transacting with their customers. For example, a customer might attempt to use stolen credit card information to make a purchase, in order to get that product or service free. If the real cardholder realizes their card is being used by someone else, they’ll likely file a dispute. (More on that below.)
eCommerce businesses are particularly vulnerable to fraud. Since purchases don’t take place in person, it’s harder to confirm that the purchaser is actually the legitimate cardholder. This is the perfect environment for a fraudster to try and purchase goods or services without detection.
A payment dispute occurs when a cardholder contacts their bank and asks for a transaction to be reversed. The bank then reverses the transaction by issuing a dispute and debiting your business’s account for the disputed funds. (You might have heard this called a chargeback.)
There are a number of reasons a cardholder might file a dispute. They might be dissatisfied with their purchase or maybe they never received it. Their credit card could have been stolen or their information could have been compromised by a data breach and then used to make purchases.
Whatever the reason, a cardholder has the right to initiate a dispute with their bank for any reason, which is why it’s important to follow best practices when you accept credit cards.
3. Account takeover
When your accounts — whether that’s an email account or a bank account or something else — aren’t secure, people with bad intentions can take them over.
When hackers engineer a data breach on a website, they’re often looking for login information (like your email address and password) that you’ve saved on your account on that site. Then they sell it on the dark web to fraudsters, who use that information to access your accounts elsewhere.
They can also pose as a legitimate business (called “phishing” or “social engineering”) to get you to give them your information freely. Once they’ve logged into your account, they may change your login information to prevent you from accessing your account or — if it’s a bank account — transfer your funds to their bank account.
One way that account providers try to combat account takeovers is by adding an extra layer of security like two-step verification. This is fairly common with banks: You enter your username and password, then you get a text or email with a code that you need to submit to access your account.
4. Data security
Data security is composed of practices and techniques that keep data from being accessed by hackers. It can come in the form of proprietary software or hardware (like firewalls) that detect suspicious activity as well as secure payment devices and constant monitoring of transactions.
To make sure business owners keep their customers’ data secure, credit card companies have come up with a series of regulations called the Payment Card Industry Data Security Standard, or PCI DSS.
Its aim is to ensure companies that accept, process, store, or transmit credit card information maintain a secure environment so cardholder information does not fall into the wrong hands. Compliance means adhering to the set of security standards that all five major payment brands (Visa, Mastercard, Discover, American Express, JCB) have set up through their organization, the PCI Security Standards Council.
If you accept credit card payments and are found noncompliant, you could end up spending thousands per year in fees. Most payment processors leave it up to sellers to manage their compliance, which is time consuming and expensive. But there are payment processors that will handle PCI compliance for you.
5. Data breaches
A data breach is when private information is compromised by and released to malicious actors.
One type of data breach occurs when a criminal hacks through a business’ security and reaches the confidential information stored on its servers. In many cases, this is the personal data of consumers who have interacted with the business, like email addresses and credit card numbers. The criminal can then sell the private information on the dark web for others to use for fraudulent transactions.
This is what makes information security so important. When a company takes steps to protect itself, it’s also protecting whatever customer information it might have stored.
Encryption is translating information into a code that only those with a special key can read.
End-to-end encryption only allows the device sending information and the device receiving information to decrypt it. The servers and networks used to pass the information from place to place can do only that: pass the encrypted information. They can’t read it.
For example, whenever a credit card is dipped into a Square chip reader, the data is encrypted by the reader and then securely sent to Square before the payment is even processed. Once the payment is processed, Square encrypts the data again before it reaches the banking institution.
So, let’s say that you use a Square chip reader, and your business’s Wi-Fi network is compromised by someone with malicious intent. All the data (credit card numbers, billing information, etc.) that went through your Square chip reader is already encrypted and unusable to the would-be criminal.
Hacking is when a criminal uses a computer to obtain private data, typically for illegal use. Hacking methods include websites that install malicious software, sites that mimic other legitimate sites in an attempt to trick you into giving out information, and a number of email-based scams.
Email-based scams are often called “phishing.” It’s a technique criminals use to manipulate people into giving them private information like passwords and account numbers. This practice creates a false sense of trust between you and the criminal.
For example, a criminal may try to access your bank account by sending out an email that appears to be from your bank. The email might ask you to log in to your account to check the details of a certain transaction, or tell you there is a problem with your account and ask you to log in for verification.
Criminals use these techniques to access confidential or personally identifiable information, such as passwords, credit card numbers, names, and email addresses. When this private information is compromised and released to other malicious actors, it is known as a data breach.
If you’re concerned about your business’ security, make sure to educate yourself on data security best practices. When you’re researching vendors and partners that would hold your data, make sure you ask questions about their security practices. And only work with partners like Square that put as much value on protecting you and your customers as you do.