Just thinking about credit card fraud can be scary whereas having it happen to you is a nightmare. For restaurant owners, this feeling is no different. This is especially true because one of the most common customer restaurant payment options is using a credit or debit card.
With new restaurant payment technology such as contactless payment options, the risk of credit card fraud is increasing. Restaurant credit card fraud can happen in many ways, but the most common way is by hacking internal payment systems.
Fraud is common in restaurants because of large staff rosters, different shifts, and people having access to the register or POS systems. Due to this, restaurants are looking into preventing credit card fraud with their restaurant payment options. So, how can you mitigate the risk of any credit card fraud at your restaurant? Keep reading for the essentials.
Credit Card Fraud: What Is It?
Credit card fraud occurs when someone steals credit or debit card information and uses it to pay for something. This information includes the personal identification number (PIN) of a card or the physical card itself. It’s common for this to occur without the card owner’s knowledge.
The two most common types of credit card fraud include:
- Card present (CP) transactions. This is when a person uses a physical card for payment.
- Card not present (CNP) transactions. These transactions occur through online ordering, such as online ordering for restaurants, or over-the-phone ordering. The card information is entered manually on the seller’s side.
Key Takeaway: Credit card payments are commonly used by customers at restaurants. It’s important to take the proper precautionary measures to protect your restaurant business and your customers from credit card fraud.
Credit Card Fraud In the Restaurant Industry
Businesses in the restaurant industry are beginning to implement Europay, MasterCard, and Visa (EMV). This is a secure payment software that many people know as the smart chip on credit cards.
However, EMV is not required by law, and it’s expensive to implement due to the hardware and software required for it to function. This is why some restaurants aren’t prioritizing this implementation. As a result, restaurant credit card fraud is a continuously growing risk.
Restaurants and bars with fewer security measures in place make it easier for people to use stolen or counterfeit cards. They’re also the perfect environment for identity theft.
For example, at a fine dining restaurant, if a customer chooses to pay with a card, the servers are more likely to process the payment away from the customer at the POS system. This leaves the credit card in the possession of someone other than the owner for a few minutes.
If the customer’s credit card information was stolen, it’s likely that they won’t realize it straight away. Chances are they charge their card often and by the time they examine their statement, a month or two may have passed since the occurrence.
Due to the lack of EMV, most cards are swiped instead of inserted. The magnetic stripe is easy to duplicate and steal information from.
5 Ways to Prevent Credit Card Fraud In Restaurants
Credit card fraud has been a big problem to eCommerce accounting since the beginning of restaurant POS systems and the rise in popularity of credit cards in the 1980s. Each business owner needs to adopt ways to effectively prevent credit card fraud at their establishment.
Here are five ways restaurants can work on preventing credit card fraud:
1. Use an EMV Reader
Businesses with EMV readers are likely to see a decline in counterfeit fraud over time. The decline means there is a drop in chargeback liability.
Chargebacks protect customers from fraudulent charges, and they occur when cardholders dispute specific charges on their account. Once a customer issues a chargeback due to a lost or stolen card, the bank begins to issue a reversal of funds.
If this chargeback occurs at your restaurant, you’re responsible for the costs associated with it. This is why it’s crucial to have payment processing systems and POS system features that accept EMV payments. These features will reduce the chances of fraudulent charges happening at your restaurant.
2. Set Up Mobile Payments
Customers are growing increasingly fond of mobile payments. These include Apple Pay, Samsung Pay, Android Pay, and Google Wallet.
Mobile payments are convenient and fast, which is what makes them so appealing. Another important feature is their safety, especially when compared to traditional credit card payments.
With mobile payments, only a coded version of the customer’s financial data is transferred during the transaction to authorize the payment. Traditional credit card payments don’t include coded versions which is what makes them more vulnerable to fraud.
For the restaurant business, it’s also safer to accept mobile payments. It’s possible to set this up through a POS that accepts integrated payments. This is a safer alternative because mobile payments require one- or two-factor authentication (2FA) from the customer in order to pay.
3. Use Point-to-Point Encryption
The PCI Security Standards Council set standards for point-to-point encryption (P2PE) in order for credit card processing companies to protect customer information. Once a card is swiped through a card reader on a POS, the reader will automatically encrypt the card data. The encryption is then turned into codes that are sent to the payment processing companies to decrypt.
P2PE uses algorithms to ensure that card data is unreadable unless you’re on the receiving end of the information. It protects cardholders and businesses from cyber security attacks or breaches and ensures secure transactions.
4. Ensure PCI Compliance
Restaurants should have payment processing devices, such as POS systems, that are payment card industry (PCI) compliant. This compliance is a necessary security measure that payment card companies enforce to protect customers and businesses from cyber-attacks.
If your restaurant is gathering or storing customer information, such as for a loyalty program, you have to be PCI-compliant. In order to be compliant, be sure to do the following:
- Protect all stored customer data
- Use and update your antivirus software
- Install and maintain a firewall to protect your customers’ card information
- Restrict access to your customer's card information
- Maintain a privacy policy that describes all data collection and your reasons for it
- Encrypt the transmission of customers’ card data across open and public networks
- Regularly perform security tests on your IT systems and processes
Keep in mind that some POS systems store credit card information within the system itself while others do not. Those that don’t store this information are considered more secure.
5. Payment Processor Tokenization
Tokenization refers to a process that protects sensitive information from those who don’t have the authorization to view or manage it. The primary account number of a card is protected through tokenization by replacing it with a “token” or unique characters such as letters and numbers.
For example, imagine that your restaurant’s server is hacked by someone who is interested in stealing payment card numbers. After a customer’s card was swiped through your POS system, they are now at risk of credit card fraud.
If your payment processor uses tokenization, the card number is not stored on-site. Instead, it’s stored off-site in a highly secure location with a “token” in place of the original card number.
Each token is generated randomly and cannot be reverted to its original number. Tokenization secures the card regardless of whether it was swiped or inserted with a chip.
Frequently Asked Questions About Restaurant Credit Card Fraud
Whether you’re opening a business, opening a restaurant, or a restaurant manager at an existing establishment, it’s important to take action to prevent credit card fraud. This way, you can protect your business and your customers. Here are a few commonly asked questions regarding restaurant credit card fraud:
Is It Safe to Give a Restaurant My Credit Card Number Over the Phone?
Taking credit card numbers over the phone have the same protection as those taken in person at a brick and mortar location or online. Credit card information is never 100% protected, but there are measures you can take to ensure maximum protection as a card user and business owner.
Can a Credit Card Company Put a Hold on My Card?
Yes, a credit card company can put a hold on your card. This is referred to as an administrative hold, and it likely occurs if you exceed your credit limit or if potential credit card fraud has been detected.
Can You Detect Credit Card Fraud?
Yes, it’s possible to detect credit card fraud early on by performing the proper security checks on your credit accounts. Review your monthly credit card statements and look for unexpected or unrecognized transactions. This can indicate fraudulent activity.