Visa and MasterCard have made important changes to merchant acceptance as part of a proposed settlement for merchants located in the U.S. and U.S. territories. For more information click here.
Employee Fraud - The Threat Within
Sometimes the fraudsters you must guard against are right inside your own organization. Employee theft of customer information is a growing challenge for businesses. A number of advances in technology have made it easy for unscrupulous employees to steal customer credit information. Lax security procedures can also allow employees to pilfer or misuse the data.
Here are some typical ways employees can perpetrate credit card fraud:
- Process a credit transaction to their own account - Employees may issue credits to their own credit card or to an accomplice's card using the Merchant's Point of sale(POS) device using funds meant for the merchant's direct deposit account.
- Record card numbers - Employees may pocket receipts left behind by cardholders or may copy card numbers onto a separate piece of paper. POS terminals that truncate the card number on the customer's receipt can help your business avoid this type of fraud.
- Use a card skimmer - A dishonest employee can steal valuable information off a customer's card through use of a small, battery-operated "card skimmer." This hand-held device reads a card's magnetic stripe and records the cardholder data for later download to a computer. From there, the numbers can be used to make unauthorized purchases or create counterfeit cards.
Other Suspicious Employee Activity
Employee fraud can take other forms as well. Sometimes, it doesn't directly involve processing a card transaction, but is suspicious nonetheless.
Here are some clues to potential employee theft.
- Deposits not made within normal time frames (i.e. daily deposits not occurring daily), or deposits not received by your bank.
- Credit card receipts not retained as per company policy.
- Frequent errors in applying customer payments, or customer complaints of payments not being applied to their accounts or only partial payments being applied when the customer paid in full.
- Discrepancies between deposit receipts obtained from your bank and deposit receipts kept internally.
- Decrease in volume of cash received while other payment type volumes remain unchanged.
- IOU's in cash reserves or "petty cash."
How to Combat Employee Fraud
Despite the opportunity for employee fraud, you as a merchant are not totally without protection. Most terminals or transaction software tools allow you to require a password in order to process a credit transaction, and there are a number of other tactics you can use to prevent employee fraud:
- Reconcile your work daily rather than monthly.
- Password protect the credit function on your POS device, or the POS device itself.
- Secure your POS device during non-business hours.
- Have a separate authorizer of credits in addition to the person who physically processes a credit.
- Make sure all credits have accompanying internal documentation of customer information (name, and contact information) and reason for return or dispute.
- Match credits to returned or disputed goods or services, verify with customers that they did actually return / dispute goods or services.
- Have more than one person review monthly statements.
- Send all credit transactions to a central office for review.
- Review credits daily, or have a trusted employee do the review.
- Fully investigate credits without matching sales.
- Review any batches with negative dollar amounts (more credits than sales).
- Conduct regular internal audits at random times and intervals.
- Audit bookkeeping and accounting processes quarterly.
- Track credits by card number, terminal number, employee, frequency, and dollar amount (exception based reporting).
- Review any volume spikes in credit / return / dispute activity.
- Review your monthly statements with your physical inventory.
- Inquire about additional products or reports available for review of credit card transaction detail, i.e., MerchantConnect Premium.
- If you use something other than a payment terminal to process transactions (e.g. an electronic cash register with integrated payment features), discuss additional controls and/or reporting with your point-of-sale provider.
- Protect your passwords and verify internal access controls for online account reporting, and checking account change requests.