The ability to accept a wide range of payment types cards through POS systems can have great business benefits for small merchants, but vigilance against fraud is necessary to avoid unnecessary losses.
The benefits of accepting multiple tender types (credit, debit, prepaid, EBT) at the POS are undeniable. The more types of payment you accept, the more people you can do business with. Unfortunately, some bad actors rain on the payments parade by perpetrating fraud at the POS.
Fraud is a real threat to small merchants; according to Gemini Advisory, more than 60 million credit and debit cards were stolen in the US in 2018 and a whopping 75% (45.8 million) were stolen at POS devices. This is contrary to the rampant idea that online breaches are responsible for a bulk of payment card fraud.
Worse yet, most of these stolen card numbers come from chip-based cards. POS skimmers, and malware can all wreak havoc for a small merchant—and be costly. We look at some of the things merchants may be doing at the POS that can increase fraud and the subsequent expenses.
1. Manually entering worn or damaged cards
While EMV chip cards have been sent to the majority of US cardholders, there are still fallback cases. If a card’s EMV chip has been damaged or malfunctions, those cards are still able to be swiped at POS terminals. However, this lowers the level of protection against fraud and opens the merchant up to liability if fraud does occur. Additionally, some cards are purposely damaged to force cashiers to manually enter card information. In these instances, both the EMV chip and magnetic strip antifraud features are bypassed, increasing the possibility of fraud. Damaged and worn cards should be a big red flag. Proper protocol should be to ask for another form of payment or even decline the transaction. The risks of manually entering data are too great.
2. Not understanding the POS system and equipment
All employees should be thoroughly trained on POS systems and equipment. Not only does this provide an optimized customer experience as cashiers can quickly and seamlessly check out customers, but it also ensures that tampering does not occur. If criminals are able to gain access to terminals, they can attach a skimmer or card reader that steals information from cards swiped at checkout.
This type of fraud can be prevented when employees thoroughly understand how payment processing equipment works, what it should look like, and what to do in the case of a malfunction.
3. Not securing mobile POS (mPOS) terminals
Smaller merchants that operate farm stands or farmer’s markets are increasingly turning to mPOS systems that can be inserted into a smartphone or tablet as a means of transacting. These systems offer convenience by allowing mobile merchants to accept payment via payment-processing apps and card readers that integrate directly with a mobile device. Merchants that employ these solutions need to be mindful of the risk of malaware.
Malware is a big threat, particularly where merchants allow employees to use their own (potentially unsecured) devices to process payments. Bring your own device (BYOD) is a seamless way for small retailers to do business on-the-go; however, merchants should take care to ensure that all employees are using security apps on devices that could be used for payments
4. Not properly training staff on POS systems
Having awareness of fraud and the different techniques is important, but it’s important that employees understand what threats look like as well. Cashiers should be properly trained on POS systems as well as what to look for in cases of potential fraud. Additionally, employees should feel empowered to stand up to potential fraudsters who may use a bullying tactic to get their way. While “the customer is always right” may be true to an extent, it should not enable fraud to happen at the POS. Be sure employees are trained on the proper checkout procedures, including authorization.
Employees should also understand they have recourse if they feel a transaction may be fraudulent. Calling in a Code 10 to your payment processor allows you to discreetly request authorization if something seems amiss. It also enables you to bypass confrontation with a customer while the provider confirms that all card details look legitimate.
5. Not implementing EMV-capable POS devices
Since 2015, the US has been rolling out the migration to EMV. Most cardholders have been issued EMV-enabled chip cards and the deadline for all merchants except refueling stations to implement EMV has passed. Visa reports that US merchants who have successfully migrated to EMV saw counterfeit fraud dollars decrease 48% between September 2015 and September 2018. Yet many have chosen to opt-out of the transition, and face the full brunt of total liability in any instances of fraud. Continuing to use the swipe method rather than employing an EMV-capable POS system means more dollars lost to fraud.
In terms of EBT payment, while EMV is not required by the merchant per USDA to process SNAP or WIC, having a single POS solution that accepts EMV and mag stripe-based SNAP and WIC cards such as TotilPay, formerly known as Mobile Market+, enables merchants to securely process EMV transactions via an mPOS. Offering the only USDA certified mPOS solution, TotilPay eliminates manual entries that are hard to trackand gives registered farmers markets and direct marketing farmers, mobile vendors and small retailers the ability to quickly and safely accept all tender types on-site.
While advancements in technology and the EMV liability shift, card-present fraud has seen a substantial decline. However, merchants must remain vigilant about safeguarding equipment and procedures at the POS. Keeping the POS secure, following standard protocol in card acceptance, and training employees on how to do these things should be top priorities for small merchants who want to minimize fraud—and the associated costs. In some cases, it may seem like an upfront investment in an EMV-compliant POS is not worth it, but the long-term costs associated with fraud should make you think otherwise.