While consumers have a tendency to overstate their own vulnerability to payments fraud, small business owners have plenty of cause for concern. Visa, MasterCard, Discover, and American Express offer consumers $0 liability for most types of unauthorized transactions, but they’re able to do so largely because they share the monetary burden with other financial institutions, as well as with merchants.
So, how vulnerable to fraudulent losses are you really? There are two ways to look at that question: first, from the small business spending perspective; and second, in terms of small business payment processing.
Small business spending
While the CARD Act differentiates small business owners from consumers when it comes things like interest rate repricing and payment allocation, neither card network policy nor federal law makes the same distinction in terms of fraud liability. That means you benefit from the following safeguards when making company purchases:
• Credit Cards: All four major card networks offer blanket liability coverage for unauthorized credit card transactions, which means your business won’t have to shell out a single dollar if a fraudster gains access to your company card and runs up some charges.
• Debit Cards: Interestingly, card network $0 liability policies extend to unauthorized signature debit card transactions, but not necessarily to PIN debit card transactions. For example, Visa and MasterCard – the two networks that dominate this space – do not provide liability coverage above what is required by federal law when a PIN is used.
That means you could wind up paying anywhere from $50 to the full amount of the fraudulent transaction, depending on how quickly you report the fraud. This signature-PIN dynamic might seem odd considering signature transactions are far more susceptible to fraud than PIN transactions, but the former are also more profitable in the current interchange fee environment.
It’s therefore fair to say that you’re fairly well protected from losses resulting from payments fraud when you’re the one doing the buying. But what about when you’re the seller?
With consumers typically off the hook, the cost of a fraudulent transaction must be borne by one of the following parties: the card network, the card issuer, the merchant, or the payment processing company. Which party is liable depends largely on whether or not a physical card is used to facilitate the transaction.
Merchants themselves are not liable for losses resulting from card-present transactions as long as they follow proper fraud prevention protocols. More specifically, they’re expected to compare a customer’s signature on the receipt to that on the back of the card; examine the embossed name, account number, and expiration date; and verify that fraud-prevention characteristics (such as holograms) are in order.
When it comes to card-not-present transactions, like those made over the Internet or phone, merchants could be liable, but they also have a number of fraud-prevention measures at their disposal in order to limit risk. Simply asking customers to provide the three-digit code on the back of their cards will significantly reduce the likelihood that a fraudulent transaction will be approved. Card networks also offer services like Verified by Visa, which provides authentication safeguards and shifts liability away from merchants to card issuers.
We can glean a number of “best practices” for small business owners from the current fraud liability landscape. In order to limit their susceptibility to fraudulent losses, in terms of both company spending and payment processing, small business owners should:
• Make credit cards their primary spending vehicles: The most savvy small business owners use business rewards cards for everyday expenses they pay for in full within the month and 0% general-consumer cards for funding. Both types of cards boast $0 liability safeguards.
• Always sign for debit card purchases: When playing the role of the customer, signing for debit card transactions is always preferable to entering a PIN given the superior card network liability coverage.
• Review and practice card verification procedures: Brushing up on the differences between real and counterfeit cards and applying what you know on a daily basis will shield you from liability for card-present transactions.
• Request customers’ CVC codes for card-not-present transactions: The more accurate information you are able to glean about a particular account, the less likely it is that fraud is in play.
• Consider signing up for card network authentication services: If the price is right, these types of services might be worthwhile if only for the liability safety net that they provide.
Odysseas Papadimitriou is the chief executive of Washington-based start-up CardHub.com, a marketplace where consumers and small business owners can credit cards, prepaid cards, and gift cards.