Protecting your business against fraud
How to Protect Your Business Against Fraud
Fraudulent activity is on the rise. The widespread use of payment cards (debit and credit) and the growth of the Internet and email have helped to make identity theft one of the fastest growing crimes in Canada. Guarding against fraud can help business owners avoid financial losses and damage to their reputation.
Small business owners need to be especially vigilant, as they may not have a lot of human, financial, and technology resources to devote to the task.
The good news is that there are a number of information sources that can help businesses of all sizes recognize signs of fraudulent activity.
Guard against credit card fraud
According to the RCMP, three of the biggest categories of credit card fraud are counterfeiting, using lost or stolen cards, and no-card fraud (fraudulently acquiring credit card numbers and using them to make purchases).
When using corporate credit cards, businesses should follow the same common-sense rules that apply to consumers.
• Ensure that your card is used only by authorized individuals.
• Destroy old or unwanted cards.
• Know and secure your card’s whereabouts.
• Closely review monthly statements.
• Shred credit card offers and receipts.
Credit card company websites contain a wealth of information on using your cards safely and securely.
Counterfeiting represents the largest category of credit card fraud, accounting for almost 40% of all losses. Here’s how it works. Criminals “skim” a customer’s card data by installing a device in a point-of-sale (POS) terminal or replacing the entire terminal with one of their own. They then come back to collect the device and, using the information gathered from hundreds of unsuspecting victims, they manufacture fake cards.
Keeping your POS terminal out of sight and checking it regularly to ensure that it hasn’t been tampered with are some easy ways to guard against skimming. For more helpful tips, check out the “Ask a Business Expert” section of this newsletter.
Telemarketing and “phishing” scams
Telemarketing scams also target businesses. Criminals posing as telemarketers try to get your credit card information from you or your employees by selling you non-existent goods, or calling to confirm credit card information for an “assumed sale” for things such as office supplies.
Instruct your employees never to send payment or give out information over the phone when contacted in this way. Place responsibility for company orders with one trusted employee.
Similarly, never respond to an email or click on a link to a Website in an email that asks for your personal information (such as your password, PIN, credit card number, or bank account number), no matter how “official” the email or Website appears to be. This type of scam is called “phishing.”
Email messages from legitimate companies and organizations should never ask you to disclose confidential information. If you have a relationship with the company or organization sending you the email, but are unsure about its legitimacy, call the company to confirm that they have sent it.
If you don’t have a relationship with the company or organization, delete the email message immediately.
Manage customer information carefully
Every business needs a strategy to manage the information it collects from customers. This is particularly important today, as consumers are much more aware of threats to their privacy and personal information getting in the wrong hands.
The Consumer Measures Committee (CMC), a federal-provincial-territorial forum for national cooperation to improve the marketplace for Canadian consumers, is an especially helpful resource for small businesses. The CMC says businesses need to assess four areas:
1. Your process for gathering, handling, storing, and disposing of electronic and paper data.
2. The protection of your information technology systems, such as firewalls and audit trails.
3. The role and level of security of individuals who have access to personal and customer information.
4. How to communicate with clients and the public about your policies and what to say in case of a breach.
Often, good old-fashioned common sense is the starting point. For example:
• Limit the amount of information you collect from customers.
• Instruct employees who need to collect client information to do so quietly and discreetly.
• Turn computer screens away from the public and other employees.
• Place shields over POS terminals to safeguard customers’ PINs.
• Use equipment that truncates debit and credit card numbers when printing receipts.
• Keep customer information locked away.
• Ensure that all computer terminals are password-protected.
Education is your best line of defense
Take the time to educate and inform yourself and your employees about fraud and security. It’ll be one of the best investments you can make. The following sites offer a wealth of ideas to help protect your business.
• PhoneBusters, a national call centre operated by law enforcement agencies such as the RCMP, publishes a list of the latest scams and tips for avoiding them. Click Here.
• The Competition Bureau of Canada publishes a Fraud Awareness Fact Sheet for Small and Medium-Sized Enterprises Click Here.
• The Privacy Commissioner of Canada has useful tips on how to prevent identity theft Click Here.