Prevent fraud on transactions: a Paymentech primer

My StartUp partner Chase Paymentech offers fraud prevention tips on your payment transactions.ss_DebitMachine_27385918

Here’s a quick primer to get you thinking about protecting your transactions.

Card not present transactions

  • Train employees to listen for verbal cues, such as a long pause or hesitant answers.
  • Obtain the cardholder’s billing address, and day and evening phone numbers. Compare “ship to,” “bill to,” and “mail to” addresses, if possible.
  • Compile a list of bad actors (names, addresses, postal codes, credit card numbers, companies) and note any areas that are high-fraud locations.
  • Pay very close attention to unusual orders (e.g., high dollar amount, special requests, wire transfer requests).

Point of sale transactions

  • Swipe or insert cards where possible.
  • Only return card when transaction is completed.
  • Compare signatures on sales draft to credit card (or ask for additional ID).
  • Verify the card closely (e.g., holograms, signatures, clear embossing on numerals).

Additional tips

Don’t forget that My StartUp CFIB members get preferred rates on Visa, MasterCard, and Interac payment processing through Chase Paymentech.


How to Catch Credit Card Scam at Your Small Business

It’s a little known fact among consumers that Canada’s small businesses are the most vulnerable when it comes to credit card scams. Check out CFIB’s own Jordi Morgan on Global News discuss how you can avoid credit card scams in your small business:

CFIB Fraud Squad

Watch Video: How to catch a credit card scam at your small business

 


Give your cloud computing a silver security lining

ss_cloudsecurity_151668341If every cloud computing system had a silver lining, you’d probably never have to worry about security.

But life is not quite so dreamy in the cloud.

As much as cloud computing is the way of the future for businesses looking at reliable and affordable IT solutions, security concerns are still an unfortunate reality.

A recent report by Security Cloud Alliance found that cloud security projects were the leading IT project in 2014, while concern about the security of data was reported to be the top challenge holding back cloud-based projects. As cloud providers continue to invest heavily in security, the level of risk is expected to drop, yet there still appears to be a long road ahead.

Consider that as of 2014, some of the biggest names in cloud computing that use sensitive data (including payment card information and banking data) did not encrypt the stored data.

There are also legitimate privacy and data protection considerations, some of which are related to geography (many cloud servers are not based in the country where you do business, which can make for a confusing regulatory environment).

Another perceived threat relates to infrastructure being shared amongst several organizations, with varying degrees of access. In effect, your business may be sharing a platform with other users, while your business data is stored, processed, and accessed remotely. There is also a risk of an outage or hardware failure at a remote data centre, which can impact the usability of cloud services.

When a cloud provider suffers a failure, it will be your business (and your customers) who have to deal with the fallout until it is fixed.

Perhaps one of the most challenging aspects of cloud security relates to identity and authenticating users who have access to data: a 2014 survey of cloud adoption and risk found a “staggering” availability of stolen credentials available online. Even if you think you are protecting your business data, your level of protection may only be as good as your last updated login credentials.

All of these risks can lead to cybercriminals hacking and stealing customer information. While this is not restricted to cloud computing, the scope and layers of responsibility associated with cloud computing can make accountability a challenge.

To be sure, cloud computing is a clever innovation that allows your small business to do things that previously only big businesses could do online, yet this is one area of business that calls for a bit of homework.

Privileged access: get as much information as possible as to who has access to your data.

Location, location, location: ask your provider if they will store your data in a specific jurisdiction, and see if you can get a contract stipulating that the provider will adhere to privacy regulations in your business’ jurisdiction.

The recovery position: be aware of what happens to your data in the event of a disaster. Ensure that your cloud provider replicates your vital data.

Separate but equal: encryption is not a catch-all security solution but your cloud provider can assure you that your data is segregated and encrypted by experts.

In the long run: be sure there is a fall-back plan for your data in case your cloud provider goes out of business or is acquired in a take-over. You’ll need to be able to retrieve your data and import it into a new cloud application.

Get it in writing: get a contract and read it closely, especially as it relates to investigating illegal activity. If you can’t get a firm commitment in writing that your provider will support specific investigative functions, this could spell problems in the future.

For more tips on cloud computing, call your My StartUp Business Counsellor at 1-888-234-2232.


Free Posters For Your Small Biz

The ShopSmallBiz directory is Canada’s only free online directory exclusive to small business! It doesn’t just offer a free place to connect you to your customers, however. The directory also houses toolkit section, which offers free holiday imagery that can be downloaded and printed.

This is one timely example:

Free St Patrick's Day Poster

This image is free to download.

Check out what other free holiday imagery they have to spread the Shop Small Biz message.

 



Interac debit card fraud losses fell to record low

It’s Fraud Prevention Month, and keeping in that theme, we’re posting a lot of tips and information about nipping fraudulent activity in the bud at your Startup. Some of it can seem a little scary, especially for first-time entrepreneurs. We don’t want fraud talk to be entirely doom and gloom, however. So let’s take a moment to share some good news from one of our favourite organizations, Interac.

Interac Debit is a secure, low-cost payment acceptance solution for Canada’s small business owners and a convenient, secure, and easy way to pay for consumers. We know that small business owners care about their customers and want to provide them with fair and safe payment options.

A recent Interac survey revealed that two out of five Canadians are concerned about payment card fraud.  Good news for merchants and consumers alike: in 2014, Interac debit card fraud losses fell to record low, down a staggering 88% from 2009.  More significantly, fraud exploitation within Canada accounted for only 20 per cent, or $3.2 million, of 2014 losses to financial institutions.  Security measures like chip technology are forcing criminals to migrate their payment card fraud activity to international exploitation in non-chip environments and card-not-present (i.e., over the internet and phone) exploitation on credit cards and other networks’ debit products.  Additionally, with Interac Debit, merchants do not incur chargebacks and cardholders are protected from losses by Interac Zero Liability Policy.

We encourage small business owners to visit our site and learn more about how we remain vigilant in the fight against fraud on behalf of Canadian merchants and consumers. Learn more at interac.ca/security


Stock Up on Stock Imagery

 

Vince Vaughan iStock

Portrait of a handsome business leader crossing his arms with his team standing behind him

Advertising is a must-have for virtually every entrepreneur. Unfortunately, it also has the potential to be expensive and time consuming. That’s why many startups, and even seasoned small business owners, find themselves turning to stock imagery.

Stock imagery has a lot of a few advantages. It is cheap, for example. It’s easy to obtain. Stock images tend to look more professional than the pictures you took of Aunt Edna giving the thumbs up at the family barbeque last year. Oh, and did I mention that it’s cheap?

Unfortunately, some stock images come across as, well, super cheesy. Of course, if super cheesy is what you’re going for, this won’t be a problem. In fact, the cast of the upcoming movie Unfinished Business has teamed up with iStock to help you get your cheesy advertising on.

 

Unfinished Business iStock

Nothing left to chance – Business Strategy

Unfinished Business  Cast Free iStock

Successful applauding executives sitting at the table

Clever advertising Vince Vaughan

Business team enjoying victory

These fun images are available for free this week (and you can’t get much cheaper than free). And more will be coming soon. Simply click this link: Unfinished Business free iStock photos.

Whether you’re going for silly and fun, like the images above, or serious and profound, let us offer you a few tips.

  1. There are great sites out there, such as iStock and ShutterStock.
  2. Check the fine print for limits of use. Usually you cannot use any element of stock imagery for logos with a standard agreement, for example.
  3. You purchase rights to use the image, but not exclusively, so don’t be surprised if your image shows up elsewhere, even on a competitor’s website or ads.
  4. Ask your friends and family what they think of the images before you purchase. Make sure they are helping your ad campaign, not hindering it.
  5. iStock offers some images for free every week. Even if you don’t have a use for those images right now, it might be a good idea to save the ones you like for future use.
  6. Not every image on the World Wide Web is fair game. Stock imagery is not expensive. Please don’t try to save a few dollars by copying and pasting imagery you find online. If you don’t have express permission to use it, well, you can’t use it.

 


Can You Accept that Spockified Bill at Register?

Yesterday we highlighted some easy yet effective tips to help your business prevent two common types of fraud: counterfeiting and identity theft. Today we share a fun fact about doodling on money. According to a spokesperson for The Bank of Canada, it is inappropriate but not illegal to write, draw or doodle on Canadian money. If a bill has been altered – Laurier magically turned into Spock being the most timely example – it will be taken out of circulation once it has reached the bank. It is not, however, technically defaced to the point of counterfeit.Five_dollars

So all of those retailers who are torn between thinking Spockified $5 bills are a totally awesome tribute to Mr. Spock but probably not acceptable at the register can relax. A hand-drawn Spock on an actual bill does not count as a counterfeit.

For more info you can visit this CBC article, ‘Spocking’ Laurier on $5 not illegal, says Bank of Canada  or this Facebook page, Spock Your Bill


Fraud prevention 101: counterfeiting and identity theft

ss_barista_56396683So you’re the proud new owner of a business and you’ve just completed your first sale.

To commemorate the moment, you decide to display the bank note from your very first transaction.

But then you notice something strange about the currency: it’s light as a feather and it doesn’t have the texture you normally associate with Canadian cash.

Your very first customer passed you a bogus bill! You’re out of pocket for the value of the goods. You feel duped, asking yourself, “How could I have been so gullible?”

Maybe it’s a good thing this happened so soon, because at least now you are wise to some of the ways of the world of fraudsters.

Whether you own a mom-and-pop store and deal only in cash, or you conduct business online and only do e-commerce, fraud awaits the uninitiated.

Here are some tips to help your business prevent two common types of fraud: counterfeiting and identity theft.

CounterfeitingCounterfeit

  • Use your instincts and trust your senses: if something feels or looks off, it’s probably because it is.
  • Consider a cash verification unit, such as an ultraviolet scanner.
  • Familiarize yourself with at least two or three security features present on Canadian currency (raised ink on portraits/numerals; colour changes on the hologram strips; serial numbers that do not repeat; fine-line detail in the face and hair of portrait).
  • If you think a customer is attempting to pass a counterfeit bill, stop the transaction and ask for another bill. Ultimately, you should record all of the details associated with the transaction and contact the police.
  • The Bank of Canada has useful information about counterfeiting that will help inform your judgment.
  • Report the incident to your local RCMP Financial Crimes Unit.
  • Train everyone who handles cash in your business on how to identify counterfeit bills and how to handle a customer who’s attempting to use it.

Identity theft

Your customers are the lifeblood of your small business and you need to take steps to protect their personal data and financial information. If your business’ data security is found to be faulty, you could be liable for a security breach that leads to identity theft of your customers’ information.

  • Only collect essential data and obtain consent for the information you collect.ss_internetsafety_vector_217872910
  • Don’t store unneeded data.
  • Encrypt data on networks, laptops and remote access devices.
  • Update security software frequently.
  • Save information to networks, not hard drives.
  • Use locks, alarms and video cameras to control access to customer data.
  • Conduct employee background checks.
  • Terminate network access when employees leave the organization.
  • Limit access to sensitive data.
  • Report suspected incidents of information theft to the Competition Bureau and/or your local RCMP division.

Additional resources on fraud prevention

  1. CFIB. Learn how to identify genuine bank notes
  2. Competition Bureau. Little Black Book of Scams
  3. Canadian Anti-Fraud-Centre. http://www.antifraudcentre-centreantifraude.ca/index.html
  4. Royal Canadian Mounted Police. http://www.rcmp-grc.gc.ca/scams-fraudes/index-eng.htm