It is no surprise that large enterprise corporations have access to more fraud prevention tools than small and mid-sized businesses—but fraud protection is just as important to small and mid-sized businesses, which account for over one-quarter of all reported fraud cases.1 Small business owners may also feel the impact of fraud more directly—the smaller a business’s size, the greater the potential proportion of loss.
While small businesses may have concerns about finding the capital to invest in the latest fraud protection software, there are cost-effective steps all merchants can take to fight fraud. These include accessible and easy-to-implement technologies and best practices for information security.
Fraud prevention steps merchants should take now
Fraud can be committed by vendors, employees, or unknown individuals, so an effective fraud prevention strategy engages employees and provides protection from the inside out. By following these steps, merchants can be confident that they are following the current best practices for fighting fraud.
1. Monitor all accounts and enroll in fraud alerts
Online banking makes it easy to check account activity and ensure that paper-based statements have not been manipulated. Let employees know that account activity is monitored regularly to deter fraud, and look for signs of fraud like:
- Missing or out-of-order checks
- Payments to unknown recipients
Merchants can also enroll in fraud alerts, like those offered by Discover® Global Network, which provide immediate notification of fraudulent activity and transaction details.
2. Train employees to fight fraud
Employees are on the front lines of fraud protection. One of the most important steps merchants can take to protect themselves from cybercrime is to educate their workers on the common warning signs of fraud and empower them to report suspicious behavior internally and externally.
- Write an official code of ethics. Make it clear that fraud is not tolerated and reinforce that fraud is a crime.
- Create a clear reporting process. It will help employees feel comfortable reporting fraud and know they need to act fast, even if they are worried it might be the result of a mistake they made.
- Establish an anonymous reporting system. A fraud tip line or mailbox will help employees feel comfortable reporting fraud because they do not have to expose their identity.
- Set guidelines for information sharing. Ensure employees know that even if it looks like a request is coming from a manager, sensitive information and passwords should never be sent via email or text.
3. Make sure no single person controls all financial activity
Many small businesses may only have one person who handles bookkeeping, but this creates a situation where fraud can go unnoticed. Merchants should have at least two people handling finances, and accounting and cash-handling should be separate.
- Require multi-person sign-offs. Make sure more than one person approves checks, overtime, expense claims, and other accounting transactions.
- Use accounting software that logs user activity. This provides extra oversight and helps owners and accountants identify suspicious activity.
- Conduct surprise accounting audits. This reinforces the message that fraud prevention is a priority and acts as a deterrent.
4. Maintain a secure website
All merchants—not only those with eCommerce websites—should regularly check for cybersecurity gaps and invest in software that detects potential cyberattacks.
- Host your website on a secure server. Ensure your website server has an SSL certificate and install a hypertext transfer protocol secure (HTTPS).
- Hide pages with sensitive information. Set your website settings or add code to block web pages with sensitive information from Google searches.
- Invest in malware and virus protection. Install plug-ins that scan your site for harmful activity and then help you remove it if they detect anything.
- Perform frequent backups. Ensure your website server performs backups; if it does not, use a website backup service.
- Establish tight log-in controls. Limit log-in attempts and set log-ins to expire after a few hours of inactivity.
- Use secure remote commerce (SRC). If you have an eCommerce website, use SRC to secure and streamline transactions.
- Use a strong Wi-Fi password. Your password should include a combination of uppercase letters, lowercase letters, and special characters.
5. Protect point-of-sale (POS) systems
Make sure POS systems are protected from hardware and software fraud. Regularly check physical equipment in both the back office and retail spaces for evidence of tampering and lock down all POS devices at the end of each workday.
For POS software, use a verification system, password protection, CVV2 and CVC2 codes, and other methods to keep transactions secure.
6. Protect card-not-present (CNP) transactions
With the increasing popularity of card-not-present (CNP) transactions, like the kind made possible by smartphone payment apps, CNP fraud is expected to reach $31.3B by 2025.2 Enhanced decisioning platforms like Discover® Enhanced Decisioning (available free-of-charge to Discover® Global Network merchants) protect CNP transactions from fraud by allowing merchants to send additional customer data to issuers as part of the authorization message. This helps issuers make better-informed decisions to approve or decline CNP transactions in real time, and results in lower false positives and fraud rates for merchants.
Building a strong fraud prevention plan empowers merchants with strategies that protect their business at every level, supporting profitability and the customer experience. Merchants who protect their systems and their customer information can operate more confidently, knowing that their business is secure and that if fraudsters target them for an attack, they’ll be ready to respond.
- xero.com, “Fraud prevention tips for your small business clients.” Viewed 11th July 2023.
- Juniper Research, July 2022. “Online Payment Fraud: Deep Dive Data & Forecasting.” 2021-2025.
The information provided herein is sponsored by Discover® Global Network. It is intended for informational purposes, and is not intended as a substitute for professional advice.