Whether your company uses business credit cards for travel expenses, online purchases, or day-to-day expenses, hackers are well aware of the growing popularity of credit card payments and are getting creative with attack methods. A recent report from Nielson predicts credit card fraud will result in more than $31 billion in losses by 2020. And, e-commerce fraud attacks increased by more than 30% from 2016 to 2017, according to credit reporting agency Experian. This jump is largely the result of credit card fraudsters’ focus shift from in-person to online attacks, as Europay, Mastercard, Visa (EMV) chips have reduced point-of-sale fraud. So how are attackers getting away with fraud and how can you protect your business credit cards?
Common Credit Card Fraud Tactics
How do attackers pull off business credit card fraud? The most common tactics include:
- Online merchant compromise involving credit card information in a database or through a hacked web session
- Social engineering phishing emails or phone calls requesting business credit card information; often attackers pose as executives in need of credit card data to unsuspecting staff members in human resources, finance, and accounting departments
- Malware remotely installed on point-of-sale (pos) terminals and devices that capture the credit card information for use on other purchases
- Credit card data, including PIN, skimmed through a physical fraud device
- Lost or stolen card used for fraudulent purchases
- Malicious employee using a single credit card for personal use, or accessing stored credit card information in a larger attack
These are just a handful of the potential attack methods fraudsters use today. So what can you do to keep your business credit cards safe?
How to Protect Your Business Credit Cards
Companies small and large can protect business credit card data through some seemingly simple but effective measures. Businesses can start by conducting background checks on employees who will have access to business accounts and clearly stating company policies regarding business credit card use and spending caps. Companies should also apply common sense approaches, such as encouraging staff to immediately report lost or stolen cards and regularly checking charges and account balances. One of the best defensive measures against business credit card fraud is to ensure all staff are involved in ongoing cybersecurity training. This will ensure your front-line is sharp and on the vigilant lookout for suspicious social engineering, internal, and external attacks.