How Retailers Can Avoid Credit Card Fraud

Once upon a time, I was a young wine merchant in Brooklyn, N.Y. and a new customer came into my store looking to buy several cases of expensive wine for a wedding. I was so excited by the big sale but, for whatever reason, I couldn't connect to my credit card processor. The customer asked me to type in the card number because his card's magnetic stripe wasn't working. And so I did.

I put the transaction through, only to find out days later that the card didn't belong to the customer and I was on the hook for the cost and out of the product. I decided then and there to educate myself on everything I could do to keep my business and my customers’ personal data safe from fraudsters. Here are six tips:

1. Authorize the card! First and foremost, whatever you do, get a real-time authorization of the customer's card. Currently this is done by swiping when connected to your credit card processor. Do this, and card fraud will become the liability of the credit card processor — not you. (Note: In October, this rule will be updated so that even swiping won't be enough; you'll have to implement new chip card technology, known as EMV.)

2. Keep records. Keeping receipts is imperative. You always want proof that the customer was in the store in case the transaction is disputed at a later date. Receipts offer you one of the best options to show the details and time of a transaction. Make sure the customer signs it! You can also use "sign on screen" technology to capture this kind of record.

3. Train your staff. You may know who and what to be on the lookout for, but does your staff? Train your team to understand the risks and empower them to insist on following the right protocols. For example, if a magnetic stripe isn't working, train your staff to always call the number on the back of the customer's card to authorize the transaction. This way, you can verify the card is active and prevent a chargeback before it happens. A good time-saving trick here can be to only insist on this level of verification above a certain dollar value, say $15.

4. Take an imprint. If you take phone orders, implement a procedure of getting an imprint of the card at delivery for certain high-dollar amounts. This will prove the card was present for the transaction. This extra step will protect you from most chargebacks.

5. Ditch Windows XP. As of April 2014, Microsoft no longer provides support for this once venerable operating system. So if you're running an XP POS, it's no longer PCI compliant. Worse yet, it will be increasingly vulnerable to hacks. You're also leaving yourself open to so called "rubber duckie" attacks where a physical device is attached via USB and your customers’ credit card details are stolen. Upgrade to a more secure cloud-based point of sale system. You'll save yourself a lot of time, money and energy — all of the things you don't have in excess when growing your business.

Being defrauded is frustrating, but it isn't the end of the world. While no one wants to get a chargeback, as long as you can prove that you did everything you were supposed to, you can prevail. Each of the major credit card companies — Visa, MasterCard and American Express — has information to guide you through fraud control.

6. Embrace new payment technology. The good news is that with the introduction of Apple Pay and the approaching switch to EMV "chip" credit cards, we're about to enter a more secure world of payments. EMV has been shown to reduce "card present" fraud noticeably in Europe, where it's been the norm for more than a decade. The United States is responsible for about 50 percent of the world's credit card fraud, despite generating only about a quarter of the transactions. Embracing these new technologies, and following the tips outlined above, will ensure that you avoid becoming a target for credit card fraud.

It's a brave new world out there, so it's time to update your POS system. Don't get complacent, get compliant.

Jason Richelson is the founder and co-CEO of ShopKeep, a cloud-based POS system.