How banks are helping protect small businesses from card fraud

As you'll know, running a small business places plenty of demands on those in charge, and if there's one thing we all want, it's a smooth payment process once our customers get to the till.

Recently, however, you might have noticed an uptick in the number of times your customers have been asked to enter their PIN at checkout.

Well, fortunately, we're happy to tell you there's nothing to be concerned about — for yourself, your staff, or your customers.

What is card fraud?

Credit card fraud happens when someone illegally accesses a card, or card details, that isn’t theirs in order to make purchases. It’s one of the most common types of fraud you’ll come across today, as scammers can access card details in several different ways, ranging from elaborate phishing emails to something as simple as stealing the card itself.

Card fraud can impact small businesses in a few different ways:

1. It costs you directly — If your business debit or credit card is fraudulently used, you could quickly rack up some debts that aren’t yours. Without proper security in place, that could seriously harm your bottom line.

2. It costs your customers — If your business premises or website is used to commit fraud, your customers could will be left out of pocket when their details are stolen.

3. It erodes trust — Customers who experience card fraud as a result of doing business with you could be put off from using you again in the future.

Thankfully, there are plenty of security measures banks are putting in place to keep your customers and your business safe during even the busiest retail periods.

What types of card fraud are there?

One of the tricky things about card fraud is that there are many ways scammers can access your card or card details. According to MoneyHelper.org.uk, the most common methods are:

• Lost or stolen cards — It may seem ‘old school’, but stealing a card from your person is still one of the most effective ways for card fraudsters to get access to your finances. The thief can then use the card for unauthorised transactions until it’s cancelled by the bank. For that reason, it’s important to report missing cards are soon as possible.
• Skimming — Credit card skimming happens when a criminal makes a copy of your credit card to use for themselves. One of the most common methods is to fit a skimming device to a cash machine to scan details secretly when you make a cash withdrawal. While this scamming method is becoming less effective in an increasingly cashless society, it’s still important to be vigilant.
• “Card not present” fraud — Because you don’t need a physical card for most online transactions, fraudsters only need your card number, name, and a few other details to start making purchases. These details could be accessed by stealing documents from your premises or getting into your email account, so strong passwords and locked storage are a must.
• Identity theft — Ever got an unusual email from your bank or a utility provider? If they’re asking for sensitive information, it could be a scammer trying to steal your details. Remember, banks won’t ask for these kinds of detail over email or phone. Also known as ‘phishing’, this form of credit card fraud involves a scammer using your personal information to contact your bank, cancel your cards, and get new ones issued to their address.

Most banks now publish detailed information and tips on how to spot these types of scams before you fall victim to them. Some even have fraud helplines you can call around the clock in case you see something you’re unsure about. Don’t be afraid to take advantage of these services: it could save you thousands if you are targeted.

Is card fraud on the rise?

One of the reasons that banks have increased the rate of things like PIN checks is that card fraud in the UK is more common than you might think — especially during the winter months.

Last Christmas, data from the National Fraud Hunter Prevention Service showed that the rate of card fraud rose a staggering 42% between October and December 2021 compared with the previous quarter: that’s the highest rate in five years.

And with rising living costs, shoppers and businesses are even more vulnerable to fraud this year — in the first half of 2022 alone, fraudsters stole nearly £610 million from the British public.

What are banks doing to combat card fraud?

Banks want to help make sure people won't be afraid to pay with their cards, especially as contactless payments continue to make up a growing percentage of transactions at UK small businesses. In fact, UK Finance states that 83% of all UK customers use contactless payments, with such transactions making up almost a third of all UK transactions and 58% of all consumer card transactions. Contactless payments are increasingly popular because they’re convenient to customers, and that’s unlikely to change.

Banks want users to continue enjoying this ease of purchase, so the UK’s Financial Conduct Authority (FCA) has introduced a new security measure called “strong customer authentication” (SCA).

SCA requires your bank to put in place processes that allow them to check if it’s really you making a transaction, rather than an unauthorised third party. The FCA rolled out this process in 2019, with all payment providers required to adhere to it from the March 14th, 2022 deadline.

Here are some examples of how banks adhere to SCA to authenticate your purchases:

• The now almost universally adopted chip-and-pin payment card
• Two-factor authentication (or 2FA), where customers must enter a one-time password (OTP) sent to their email address or code generated via a secure mobile app when making online purchases or sending money to a new payee
• Automatic real-time fraud detection and transaction screening using 'predictive analytics' and 'outlier models'
• Reaching out directly to cardholders before confirming a significantly large or out-of-character/suspicious payment (usually highlighted by the above systems)

Though perhaps slightly frustrating, modern measures are far more secure than simply asking for a signature, as was previously the case.

What could businesses do about credit card fraud?

The good news is that the new measures introduced by the FCA mean that your business and your customers are more protected from fraud than they ever have been before.

However, there’s things business owners can make themselves more aware of:

1. Use secure card payments — Modern card payment providers are obliged to include plenty of security measures designed to combat fraud. For example, takepayments card machines are equipped with the latest security technology to prevent card fraud at the till. 

2. Watch out for counterfeit cards — While fake cards are getting more and more convincing, the FSB cites some tell-tale signs you can train your staff to spot. They include:

• Unevenly spaced characters on the card
• A scratched or destroyed magnetic strip
• A smudged signature
• A damaged hologram
• Numbers that don’t match the card brand’s format (for example, all American Express cards start with 3)

3. Monitor suspicious behaviour — You may have the impression that all fraudsters are wiley and confident, but in reality, they’ll likely be nervous about being caught. Watch out for shoppers that look nervous; key behaviours to look out for include shopping just before closing, appearing flustered or in a hurry, and buying a large number of expensive items. This last behaviour is true of online shoppers as well; monitor your orders and make a note of any that go far beyond your average order value.

4. Use 3D Secure for online payments — Secure payment gateways use 3D Secure technology, which asks the cardholder to enter a password they set with their bank before the payment goes through. 3D Secure and SSL certification is included as part of takepayments’ online payment gateways.

5. Update your IT systems — Outdated IT systems leave businesses wide open to having sensitive information about them and their customers stolen. Thankfully, you can easily up your security just by keeping all your IT systems regularly patched with the latest updates. Be sure to check your anti-malware protection is on the latest version too.

What to do if you suspect card fraud

If you do suspect card fraud, there are some steps you can take to report it and stop fraudsters in their tracks.

1. Contact your bank immediately — Your bank can freeze your card if you report it stolen to them or if you spot a purchase on your statement you didn’t make. This prevents fraudsters from making any additional purchases. Some banks can even reimburse you for fraudulent payments made.

2. Contact the police — Remember: fraud is a criminal offence, so if you suspect it’s happening, get the police involved. If you’re based in London, the Metropolitan police have an online fraud reporting service that’s a great alternative to calling 999 (if it’s not an emergency).

3. Warn your suppliers — If you feel that your card details have been compromised, contact your suppliers to let them know so they can watch out for any suspicious activity. You might ask them to call you directly to confirm any unusual orders.

4. Communicate with your customers — Help your customers understand the additional security measures you have in place by sending out an email or putting up a notice in your store explaining how you’re combating fraud. It’s to protect them as much as you.

And, as always, if you'd like to know more about the world of payments and how our products can make your life as a small business merchant easier, the takepayments blog has a section dedicated to understanding payment technology.

Jodie Wilkinson

Head of Strategic Partnerships