How should your partner protect you? Cutting-edge fraud and security tools spelled out

Dan Brames
FIS | Head of Retail and Corporate Payments
Posted on September 13, 2016

Business man in gray suit locking a virtual padlock for fraud prevention. Business concept for protection from data theft, electronic deception, civil and criminal offense perpetrated via internet.

If there ever was a time when merchants need a processing partner that provides cutting-edge fraud and security tools, it’s now. Many processors claim to have the best tools, but what’s in their toolboxes isn’t always spelled out. Merchants should look for a partner to mitigate security risks with a processor that:

  • Provides EMV equipment and software at a reasonable cost. I outlined the details of how to obtain EMV compliance at a low cost in last month’s article entitled, “EMV: no excuses for non-compliance.” Capsulized, your processing partner’s focus should be directed toward providing you with the means to realize the gains in security that come from being EMV compliant – not on making money from equipment placement or fines for non-compliance.
  • Ensures their customers also are PCI compliant by walking them through the steps they need to take to prevent fines and exposure to security risks associated with non-compliance with PCI.
  • Offers protection to merchants if they experience a malware incident or security event. Look for low-cost breach insurance to mitigate your exposure in case you have a security breach.
  • Monitors transaction traffic frequently and alerts customers of outliers that fall outside the norms of their businesses. For example, credits being processed without offsetting sales should capture your processor’s attention to ring the alarm and call their customer – e.g., “Hey, three credits came through for which we don’t see offsetting sales. Should we process these transactions?”

If your partner is not diligent, you greatly increase your risk for, at best, fines and, at worst, true fraud events that can amount to millions of dollars. Getting access to a merchant’s credentials can destroy someone’s business.

How does this happen? First, the perpetrators of fraud events obtain merchants’ identifications and passwords through various means – an ex-employee, a breach of the merchant terminal or point-of-sale device or even a break in at the merchant’s physical facility. These criminals now pose as the merchant and push through credits using the merchant’s credentials. Finally, they load the credits onto prepaid cards internationally and walk away with the money. It’s akin to thieves having the keys to your house, being able to walk through the front door and stripping your house bare.

A diligent partner will flag unusual activity for you, investigate and validate the legitimacy of transactions before processing them. Settlement is delayed for a day, but a short delay is a small price to pay to prevent loss through fraudulent transactions. Remember, once a fraudulent transaction starts flowing through the system, the merchant is out of luck and loses that money.

Don’t leave security to chance:

  • Protect your merchant credentials just as you would protect the password to your bank account and the keys to your house.
  • Pick a partner with specific, tactical tools to protect your business – help with EMV and PCI compliance, breach insurance and a trained and active fraud and security staff that monitors your transaction traffic and alerts you of outliers.
  • Conduct your due diligence to ensure that your partner not only has the tools but also has the system in place and discipline to alert you of unusual activity. Good partners should be willing to go out of their way, not because it’s legally their responsibility, but because looking out for your business is the right thing to do.
  • Ask potential partners:
    • How will you protect me against somebody stealing my merchant credentials and posing as me?
    • What systems and processes do you have in place to help me monitor criminal activity or to monitor it on my behalf?

What other tools would you want your processor to add to their fraud and security toolbox to protect your business?


Leave a Reply

Dan Brames
FIS | Head of Retail and Corporate Payments

Dan brings over 20 years of financial and payments industry experience to FIS through senior marketing and management roles. Most recently, he was a management team member at Valutec which was acquired by Metavante in 2007 and FIS in 2009.