Businessmen Who Created Fashion Cafe Are Hit With Fraud Charges

Credit card fraud has been an outcome for consumers and businesses since advances in payment processing technology led to the boom in credit menu employ in the 1980s (leg warmer shopping spree, anyone?).

But since the EMV liability shift, which came into full result in April 2018, the burden has shifted. Now, business owners need to learn means to prevent credit carte du jour fraud to avoid footing the bill for fraudulent charges.

What Is the EMV Liability Shift?

Commencement things starting time, information technology's important to answer the question, "what is EMV?"

Put only, the EMV liability shift is the change in responsibility for charges fabricated with a fraudulent credit card, from banks to businesses. Before the shift, the bill of fare issuer (i.e. the banking concern) was liable for fraudulent charges and would have to absorb the costs. After the shift, businesses became liable for fraudulent charges over $25.

EMV cards – chip-based debit and credit cards designed to increment security and prevent fraud – are now the global gold standard. So, if someone tries to pay with a fraudulent EMV card and your venue processes the payment past magstripe (swipe) instead of with an EMV reader (tap or dip), you'll be liable for fraudulent charges. That ways footing a fraudster'due south beak out of pocket , whether it's for a $30 dejeuner or a lavish $300 v-course repast. Ouch.

That's correct, folks. Credit card fraud is no joke. That's why it pays to learn all y'all tin can near how to protect your eatery against EMV chargebacks – considering ultimately you'll be preventing credit card fraud for your customers, too.

What Is Credit Bill of fare Fraud?

Credit card fraud is when someone steals payment card information, a personal identification number (Pin), or a person's actual physical menu and uses it to pay for something.

There are two primary types of credit menu fraud:

Menu Non Nowadays (CNP) transactions:phone and online orders where the data is entered manually

Card Nowadays (CP) transactions:the physical bill of fare is used for payment

Why Is Credit Bill of fare Fraud a Growing Risk for Restaurants?

Credit bill of fare fraud is a growing risk for restaurants because the industry has been slow in implementing EMV.

Because EMV compliance is non required past law, many restaurateurs simply aren't changing the style they process payments. They say the price of buying new hardware or software needed for EMV compliance is only as well high to justify the switch.

Nosotros know your turn a profit margins are slim and credit card fees can exist costly, but this trend makes restaurants a target for CP fraud. Fewer security measures at bars and restaurants make it easier for fraudsters to utilise counterfeit and stolen cards – and become away with information technology.

But that's not the only reason. The take a chance of CNP fraud at restaurants is likewise growing, with a couple of causes.

More consumers are placing orders by telephone, online, or through takeout and delivery apps, where there are fewer methods to authenticate purchases.
Fraudsters are targeting restaurants that don't have EMV readers by contesting charges made with existent EMV cards and forcing eating house owners to pay the chargebacks. According to a CBS study, 86% of all chargebacks are, in fact, fraudulent.

The credit bill of fare fraud threat is existent, no matter where your orders are coming from.

Learning nearly the EMV liability shift, credit fraud, and growing risks is a good commencement step toward prevention. Just how do yous take that knowledge and use it to actually guard against credit card theft from happening at your restaurant?

Here are vii security measures you should know to protect your business against paying credit card chargebacks.

i. Go an EMV Reader

Co-ordinate to Visa, U.S. merchants that take switched to EMV readers have seen a 66% reject in apocryphal fraud inside a 2-year fourth dimension span. Pass up in fraud means a decline in chargeback liability.

Chargebacks were created to protect consumers from fraudulent charges. They occur when a cardholder disputes certain charges fabricated to their business relationship. When a chargeback is issued due to a lost or stolen card, the bank issues a reversal of funds – which means if chargebacks happen at your concern, yous're responsible for soaking up the costs associated with each chargeback.

Sobrand certain your payment processor is equipped to accept EMV payments, which tin significantly reduce the likelihood of fraudulent charges happening at your eating house.

A customer paying with credit card to credit card processor

two. Make Certain You Are PCI Compliant

A restaurant is ordinarily PCI compliant because their payment processor and/or POS are PCI compliant. PCI Compliance is a security standard set up past the payment card industry to protect businesses and consumers from cybercriminal action.

But if your eating house is gathering and storing client data, that means yous are the one who must be PCI compliant. Here are 12 steps to ensuring data is protected before, during, and after transactions.

Install and maintain a firewall configuration to protect cardholder data.
Exercise not utilize vendor-supplied defaults for system passwords.
Protect stored data.
Encrypt transmission of cardholder data across open, public networks.
Utilize regularly updated anti-virus software.
Develop and maintain secure systems and applications.
Restrict access to cardholder data on a need-to-know ground.
Assign a unique ID to each person with computer admission.
Restrict physical access to cardholder data.
Runway and monitor all access to network resources and cardholder information.
Regularly examination security systems and processes.
Maintain a policy that addresses information security.

Note that some bespeak of sale companies store credit menu information in their ain systems and others exercise non. POS companies that practise not store informationare considered more than securebecause they don't handle or store any sensitive payment information.

3. Make Sure Your Payment Processor Uses Tokenization

Imagine the post-obit scenario: y'all've simply swiped a client's carte du jour with the number 6117 0987 2342 1800. Someone hacks into your server hoping to gain access to the card number, so they can copy information technology and employ it.

But, considering your payment processing company uses tokenization, that card number is no longer stored on-site – instead it's pushed off-site to an ultra secure location. A "token", or unique set of numbers and letters, sits in place of the original number.

This token is generated at random and tin't be decoded back to its original number. Regardless of whether the card was swiped or dipped, the card information is still protected from cybercriminal activity.

Tokenization is i way restaurant merchant services providers can keep bill of fare data secure throughout the transaction procedure, because the data is protected fifty-fifty when the bespeak of sale is at rest.

four. Apply Betoken-to-Point Encryption.

Point-to-point encryption (P2PE) is the standard ready past the PCI Security Standards Council as another style credit card processing companies tin protect user information. When cards are swiped through the card reading device via your POS, the card readers instantly encrypt the card data. The encryptions become codes that are so securely sent to the payment processing companies for decryption.

Dissimilar tokenization, which turns card information into a random set of numbers and letters that can't be decoded,P2PE uses an algorithm to make carte du jour data unreadable to everyone except the stop receiver of the information – who is then able to convert information technology back into its original form.

P2PE protects both merchants and cardholders from cyber security breaches, making every transaction more secure.

five. Prepare Up Mobile Payment for Your POS

A woman making payment via NFC mobile phone

More and more consumers are choosing to employ mobile payment apps like Apple tree Pay, Android Pay, Google Wallet, or Chase Pay. Why? Convenience is a big gene. Merely then is safety.

In some means, mobile payments are actually safer than traditional credit menu payments because a consumer'southward financial information isn't transferred during the transaction. Only a coded version of the data is used to authorize a payment.

Simply mobile payment is besides safer for the business concern accepting that payment – which they tin can gear up through a modernistic POS with integrated payments – because most phones already crave 1- or ii-factor authentication, making the data harder to hack and a stolen phone harder to use.

6. Review Contracts with Third-Party Online Ordering Solutions

With tertiary-party online ordering solutions (TOOS) like Uber Eats, ChowNow, and DoorDash on the rise for restaurants, Card Not Present (CNP) fraud is a growing risk.

These apps transport orders to your restaurant, either directly to your POS through an integration partner similar Chowly, or to a split up system that needs to be manually entered into your POS.

While the club goes to you, these apps process payment for their customers through their own platforms, pregnant restaurants aren't selling directly to customers.

However, if you are using 1 or more of these takeout or delivery partners, make sure:

Your partnership contract with them does non agree y'all liable when the app accepts an society using a fraudulent card.
They have data security policies in place to prevent credit card fraud.

7. Provide Hands-On Training for Staff

Imagine purchasing fancy new kitchen equipment without education dorsum-of-house staff how to use information technology. Coin down the bleed.

Protecting your eating place against credit carte du jour fraud requires like grooming. At present that your business is liable for fraudulent charges, you're going to desire to teach your staff to spot a fraudster from a mile away.

When preparation your staff, focus on these 5 areas:

Spot signs of credit card fraud

Information technology'southward difficult to recognize credit carte du jour fraud as it's happening, particularly when there's a morning caffeine rush or the dining room gets slammed after a football game.

But you can teach your staff how to spot potential signs of fraud. The meridian signs are:

The kickoff number is wrong for the type of card they have (American Express always starts with 3; Visa is four; Mastercard is 5; and Find is 6)
The magnetic strip is made of the same material equally the rest of the card
A customer seems peculiarly anxious or in a hurry to get out the eatery
A customer refuses to produce identification when requested by a staff member

Create a step-past-footstep list of what to practise if a staff member suspects credit carte du jour fraud. This can include things like:

Asking for a different grade of payment
Consulting with a director
Contacting the carte du jour issuer

While these steps should be clearly laid out for employees, training should also emphasize how to brand fraud prevention a seamless part of payment processing, since you want measures to exist safety simply take minimal impact on the business.

Recognize EMV cards

While near banks are at present merely issuing EMV-flake cards, it's still important to brand sure your staff know how to recognize the difference between a chip-enabled card and a traditional magstripe carte.

EMV cards have a small, metal rectangle (normally gold or argent) on the front of the bill of fare, above the numbers. If the card has this chip, your staff should exist using the EMV reader, not swiping the carte.

Bonus tip:Make certain your staff know about the EMV liability shift. If they know your business concern is on the hook for fraudulent charges, they'll exist more apt to keep an eye out for fraud.

Instruct customers to dip or tap cards

An EMV carte can be read in two ways, and dissimilar readers volition have one or both of these methods built into their design:

Dip: The card is inserted into the EMV reader. Staff should instruct customers to go on the card inserted until the transaction is consummate.
Tap: The card is quickly placed on the EMV reader screen. Communication from the card to the unit of measurement is wireless. Borer is more than mutual in Canada and Europe, but more than American banks are incorporating this method. Staff should straight customers to utilise this method if it'south available, since it'southward the most secure way to pay.

Leave cards in the hands of customers

Traditionally at full service restaurants, a server takes a credit card away from the tabular array to process the payment, returning with a printed authorization for the client to add a tip and sign.

Yet, with EMV readers, your staff should be trained to leave the card in the hands of the client. This helps eliminate both suspicion from customers and the opportunity for staff to copy credit carte data.

Know what NOT to practise

Make sure your staff know never to:

Take a damaged card
Manually enter a carte number
Let a client swipe a card when it has an EMV scrap

Credit carte fraud prevention starts with businesses that make it difficult for fraudsters to brand transactions. When y'all accept the fourth dimension to make certain your transactions are as secure every bit possible, y'all're protecting your business and your customers.

past Dana Krook

Dana is the former Content Marketing Manager at TouchBistro, sharing tips for and stories of restaurateurs turning their passion into success. She loves homemade hot sauce, deep fried pickles and finding excuses to consume real maple syrup.