Consumer behavior has changed. Do you have the tools on hand to adapt?
Once a newfangled feature only offered by long-time established enterprises, mobile payment options are now a de facto necessity for businesses of all sizes. As the economy continues shifting towards a digital economy, customers will expect you to have the tools on hand to accommodate their chosen way to pay.
However, entrepreneurs, small business owners, and mom-and-pop proprietors might not have prioritized those capabilities at launch. It’s a pivot that is often considered to require a heavy investment in tech — and frankly, with the small pool of money they have on hand, they likely believed that their capital could best be spent elsewhere.
Recent shifts in the economy have shown us, however, that having a secure way for customers to pay from their mobile devices is no longer just an option. The customer is always right — and if they’d rather use their Apple Wallet to pay for your goods and services than a tangible piece of plastic, they’ll shop at places that meet that need.
But how can you provide those capabilities without compromising on security or breaking your budget? This brief guide will teach you how to identify potential security hazards, which security tools are likely to provide the most value, and how you can keep your network protected.
The first step is to know your enemy. You have to be aware of the tricks cybercriminals use to cheat you out of payment for goods and services, gain control of your network, and compromise company data.
While customers highly desire the convenience of remote payment options, it also has vulnerabilities that cybercriminals can exploit. There is the possibility of your technology being compromised by typical means, such as malware, online scams, and phishing attempts; however, the most prevalent threat will be attempts at payment fraud.
Be on the lookout for:
- Signs of skimming. Skimming is when a cybercriminal plants a device on your payment receiver to read, copy, and co-opt your customers’ card information. While skimmers are conventionally attached to card slots at gas stations, grocery stores, and the like, some skimmers can attach to contactless readers and POS systems. Check your tech daily; if you discover anything that looks like it’s been tampered with, cease using the device and inform the authorities immediately.
- Card-not-present fraud. Card-not-present fraud is difficult to discover, as cybercriminals will use card information they obtained through illegal means to make mobile purchases. However, there are tools that you can use that detect signs of card-not-present fraud, such as multi-factor authentication. Keeping ahold of customer records and clearly communicating a fraud/refund policy can be excellent measures to take as well.
- Chargeback fraud. Accidents happen, and customers may accidentally be charged for goods and services they didn’t receive. But a chargeback fraudster will receive the goods in question, and then report to their bank that your business made an illegitimate charge. Staunch record-keeping is your best friend here, and if you have a security system that records customers using the mobile payment device, all the better.
All forms of contactless payment are somewhat vulnerable to these kinds of tricks. However, knowing what they are and how they work allows you to proactively insulate yourself from risk, employing tools that seal those windows of opportunity.
Instituting Security Measures
Now that you know what you’re up against, what types of tools should you invest in? We won’t tell you that a complete technological overhaul is necessary — in fact, the most expensive component you’ll need to order is something you likely already have. POS systems are commonplace across businesses nowadays, being a critical piece of equipment for employees to handle transactions.
Not all POS systems are made equal, however; and if you’re concerned that yours is too old to keep pace with modern digital threats, you may want to look into mobile payment-friendly card readers that come pre-integrated with security measures. A POS system that melds high utility with dense security is a serious boon to small businesses, actively working to prevent fraud and cyberattacks as customers are checking out.
Fortunately, once that is out of the way, a lot of the measures you can take to keep your network secure are not too pricey. Try:
- Employing multi-factor authentication practices. Multi-factor authentication allows you to protect against card-not-present fraud by verifying your customers’ identity at the register. Most systems have the option to use multi-factor authentication built in nowadays; and so with a push of a button, you can use multiple verification methods to screen out potential fraudsters.
- Using tokenization. Tokenization is a key security measure that replaces customers’ cards within an app with a digital artifact known as a token. If a third party attempts to interfere and intercept the transaction, the token will become void, and the POS system will notify an employee.
- Creating an encrypted third-party app. Many stores have their own mobile payment applications, no doubt for this reason. It’s a lot harder for a third party to steal customers’ data as they’re paying if their information is run through an encrypted channel.
Remote payment options are a necessary concession; that doesn’t mean they have to be any less secure than cash and coin. With the knowledge to recognize threats and the tools to intercept them, you’ll be able to provide mobile payment services securely.
By Indiana Lee, BOSS contributor