BND Hamburger Icon

Menu

Close
BND Logo
Search Icon
Advertising Disclosure
Close
Advertising Disclosure

Business News Daily provides resources, advice and product reviews to drive business growth. Our mission is to equip business owners with the knowledge and confidence to make informed decisions. As part of that, we recommend products and services for their success.

We collaborate with business-to-business vendors, connecting them with potential buyers. In some cases, we earn commissions when sales are made through our referrals. These financial relationships support our content but do not dictate our recommendations. Our editorial team independently evaluates products based on thousands of hours of research. We are committed to providing trustworthy advice for businesses. Learn more about our full process and see who our partners are here.

5 Credit Card Security Risks Small Businesses Need to Know About

Overlooking basic security threats can lead to costly mistakes.

Leslie Pankowski headshot
Written by: Leslie Pankowski, Senior WriterUpdated Apr 11, 2024
Sandra Mardenfeld,Senior Editor
Business News Daily earns compensation from some listed companies. Editorial Guidelines.
Table Of Contents Icon

Table of Contents

Open row

Today’s small businesses understand they must accept credit cards to accommodate consumer preferences, keep valuable customers and compete in a competitive market. However, accepting credit cards in person carries specific risks many entrepreneurs and small business owners don’t expect. Overlooking these risks can lead to stolen customer information, lost revenue, fines and having your credit card acceptance privileges revoked.

We’ll outline five card-present security risks businesses must understand and share tips on choosing a credit card processor to help you mitigate security threats. 

Credit card security risks

Accepting credit cards increases profits and creates operational efficiency. However, small businesses face security risks when they accept credit cards in person. Here are the top five security risks of accepting credit cards in person and how businesses can limit their risk.

1. Untrained staff can increase credit card security risks.

Busy small business owners may not realize that they and their teams don’t understand how to handle credit card transactions properly. This leaves your business vulnerable to fraudulent transactions and the possibility of legal action.

It’s crucial to create effective employee training programs to show employees how to handle credit card data and recognize fraudulent transactions. “Make sure you and your employees know the rules of how to handle credit card data,” said Vikas Bhatia, founder, CEO and chief risk officer of business cybersecurity firm JustProtect Inc. “Protecting your customers’ data is not only good business — it’s the law,” he noted.

TipTip
Incorporate credit card handling best practices into new hire training, and hold periodic workshops to ensure your entire team understands new threats and developments.

2. Fake credit cards are a security risk.

When you have a long line of customers in a brick-and-mortar store, it’s easy to overlook clues indicating a fake credit card. 

“Look closely at the card itself,” advised Joseph Palko, an independent e-commerce consultant. Criminals may use stolen credit card numbers or purchase one on the gray market to create their own card with their own magnetic strip. They may even include a dummy chip to mimic an EMV card (also called a chip card) and try to convince the attendant to enter the card manually.

Here’s some advice about learning to spot a fake credit card:

  • Be wary if a user says their card’s chip isn’t working: If your business has an EMV-compliant credit card reader and the customer says their chip card isn’t working, ask for ID before manually running it. 
  • Look for a scratched or damaged magnetic strip: If the card isn’t a chip card or the customer is trying to swipe the card, pay attention to the card’s magnetic strip, cautioned Adam K. Levin, chairman and founder of CyberScout and co-founder of Credit.com. A scratched or damaged magnetic strip could be a tipoff that a card is fake. “Criminals will often scratch or damage the magnetic strip to force a cashier into entering the credit card manually if they were unable to encode the credit card information on the magnetic strip,” Levin explained. If this occurs, he says to ask for proper identification before completing the transaction.
  • Study how genuine cards look: Palko advises getting to know exactly how real cards look. “Be familiar with what the different types of cards look like,” Palko said. “If it looks as if you have a fraudulent card in your possession, call the bank phone number on the back of the card.”
  • Check the appearance of the card number: Levin said another clue to a fake card might be in the appearance of the numbers. “Oftentimes, credit card criminals use poor equipment to create fraudulent credit cards, resulting in cards that visually appear irregular,” Levin explained. He noted that if the numbers don’t line up and are crooked, it’s likely a fake credit card.
Did You Know?Did you know
Unfortunately, small business credit card processing scams are common in the industry. Check customer reviews and Better Business Bureau data to ensure your processor is legit.

3. Missing signatures and verification issues can be security risks.

A missing signature is another issue often overlooked when accepting credit cards in person. This issue is less prevalent because card networks no longer require signature verification if businesses have an EMV-compliant credit card reader. With EMV cards (also called chip cards), the card information is stored in a chip instead of a magnetic stripe.

While EMV is an effective fraud-prevention system, some businesses, such as restaurants, may still need customers to sign a receipt when adding a tip. Additionally, businesses without an EMV-compliant card reader may run cards manually. 

In these cases — or in any case where you’re suspicious — check for a signature on the back of the card and request identification. 

Did You Know?Did you know
The best POS systems allow merchants to choose receipt signature options like always requiring signatures, never requiring them or only requiring them for transactions over a specific amount.

4. Storing customer credit card data to charge later is a risk.

Do you store credit card data for later charging? If so, you could be violating your merchant account terms of service, according to Phillip Parker, founder of CardPaymentOptions.com.

“Credit card data is only allowed to be stored in very specific and secure ways,” Parker cautioned. “Allowing this data to be compromised can put you at great financial risk of both fraud liability and stiff fines.”

Bhatia says a crucial tip for staff is “don’t write down credit card numbers.”

Modern POS software helps secure customer data. When businesses accept credit cards on mobile devices or POS systems, a “data lockout” occurs, according to Will Black, the CEO and chief giving officer at Sharing the Credit.

“Once entered, the employee cannot pull the credit card number fully back up,” Black explained. This prevents employees from accessing customer credit card information. “They may be able to see the last four digits to verify it, but the data should be locked out.”

Key TakeawayKey takeaway
Businesses must understand payment card industry (PCI) compliance issues when accepting credit cards. These rules ensure a secure environment to protect customer credit information.

5. Cash refunding credit card purchases is a security risk.

Your business could lose money if credit card returns aren’t processed correctly. For example, if the purchase was made on a credit card, the refund should be issued to that card, not in cash. 

“Many businesses allow a customer to make purchases on a card and then return the item for cash as opposed to refunding it back to the card,” Black said. The problem is that the original purchase may have been completed using a stolen credit card, with the fraudsters returning the items to get the cash.

The best credit card processing companies for security

Some of the best credit card processors include security features to protect businesses from fraudulent credit card activity. Here are a few to consider: 

  • Clover: Clover is our pick as the best credit card processor for new businesses. With Clover, businesses can access fast credit card processing and feature-rich, highly customizable point-of-sale (POS) software and equipment. Several pricing plans — including one for less than $10 per month — offer business owners choices and flexibility. You can use a virtual terminal or e-commerce interface without buying hardware if your business doesn’t need a POS system. However, Clover charges several fees other credit card processors do not, including a significant termination fee upon cancellation for customized software solutions. To learn more, read our in-depth review of Clover
  • Stripe: Stripe is our pick as the best credit card processor for online businesses. Stripe’s customization options include tools, features and plug-ins for various online companies, including POS systems and merchant accounts. There are no setup, cancellation or account maintenance fees, and Stripe is considerably less expensive to use per transaction than PayPal. However, Stripe’s credit card readers are mandatory and not free. Small business owners should also consider the added expense of needing third-party professional support for setting up Stripe’s customized features, calculating taxes and penalties for bad transactions, such as a $15 fee per chargeback or suspended user accounts. Check out our comparison of Stripe vs. PayPal to compare the solutions. 

Prepare your business for in-person credit card security risks

Whether you own a restaurant, store or another brick-and-mortar business, there will always be operational risks. Prepare your business by following industry security standards and keep your staff trained and up-to-date on credit card processing requirements, best practices and scams. When you take prevention measures and invest in the right credit card processing companies to protect your data, your business will benefit from the rewards of credit cards while mitigating the risks.

Sarita Harbour contributed to the reporting and writing of this article. Some source interviews were conducted for a previous version of this article.

Did you find this content helpful?
Verified CheckThank you for your feedback!
Leslie Pankowski headshot
Written by: Leslie Pankowski, Senior Writer
Marketing expert and small business owner Leslie Pankowski has spent nearly 30 years guiding companies through their advertising efforts. Her consultative services include market analysis, audience analysis, media proposals, campaign effectiveness and more. She is skilled at using data analytics to drive business decisions, developing strategic partnerships and drafting communications plans. At Business News Daily, Pankowski covers must-know sales and marketing services and platforms, like Google for Small Business, Facebook Marketplace and Salesforce CRM, along with related topics such as customer relationship management, e-commerce trends and credit card processing risks. Pankowski has taught marketing concepts and best practices to the next generation of business leaders at the University of Maryland's Robert H. Smith School of Business (from which she holds an MBA), the Zicklin School of Business at Baruch College and at Marymount University. She is also passionate about business leadership and talent management and has served as a consultant for the executive staffing company vChief.
Back to top
Desktop background imageMobile background image
In partnership with BDCBND presents the b. newsletter:

Building Better Businesses

Insights on business strategy and culture, right to your inbox.
Part of the business.com network.