A new age, the same threats: How today’s fraudsters are targeting SMEs and what you can do about it

Though it might have been hoped a decade ago that technological advances by the 2020s would have all but wiped out the threat of fraud, this is not the case. Fraud isn’t just on the rise; it’s reaching levels not seen before. 

Indeed, 2020 holds the record for being the worst year to date for breaches with over 36 billion data records compromised. In this piece we look at a new type of fraud which is on the rise and general steps which you can take to protect your business. 

Respecting the card machines and distraction fraud

A weak link in the protective chainmail surrounding card machines isn’t in the technology but rather user attitudes to it. Traditional cash tills, with their spring-loaded money trays and familiar dinging noises often command a different level of respect with cashiers demonstrating a higher level of vigilance around physical cash than they do with card machines. 

Likely because there are no physical assets being transferred when operating a card machine, cashiers allow a degree of complacency and fraudsters are capitalising in a number of ways.

So impressive has the evolution of payments technology been in recent years, it is hard to believe that a simple sleight of hand known as distraction fraud is harming so many SMEs. 

With this type of fraud, a scammer distracts a cashier with idle conversation while an accomplice commandeers the card machine and begins authorising refunds to an account. Not only is it often days later that SMEs realise what’s happened, but these “refunds” have been known to run into the thousands.  

Protecting your business from fraud 

The above type of fraud represents only one way fraudsters are hurting SMEs. Though completely eliminating the various threats may never be possible, there are some practical steps businesses can take to protect themselves:

• Ensure cashiers always monitor where card machines are, make certain they are kept out of reach of the public when not in use, and retain control of the machine during transactions.
• If the refund option on your card machine is protected by a PIN, contact your terminal provider and ask them to change the default PIN number to something more secure.
• If you need to take payments over the phone using a card machine it is important to ensure that the card security code on the back of the card and the cardholder address are verified.  
• Consider using a Virtual Terminal solution for phone-based payments.  A Virtual Terminal will have additional security checks which will give you greater comfort that the cardholder is genuine. 
• Where available from your terminal provider use “Pay-By-Link”.  A Pay-By-Link solution will allow you to send an email to a customer which contains a secure payment link.  Clicking on the link will take the customer to a secure payment page which will be able to utilise the latest SCA security checks designed to ensure that a cardholder is genuine.
• Only deliver goods to the address given by the cardholder when performing the address check. Be wary of orders to an address where the recipient can’t be identified as the cardholder. A fraudster may have temporary access to a delivery address.
• When delivering goods, always use a reputable carrier who can provide proof of delivery.  If possible you should see if your courier can take a photograph of the delivery location including a date and time stamp.
• Be very cautious if the customer decides that they want to collect the goods. In this circumstance you should refund the original transaction and start a new one as a cardholder-present chip and PIN transaction.
• Never release goods to a third party (such as a taxi driver or courier) who claims they were sent by the cardholder.
• If your card machine comes with Faster Processing, use the feature to monitor all daily transactions and identify which are genuine.