Best practices to keep your corporate credit card safe

Why should we worry?

The latest report on card fraud analyses related to card payment schemes (CPSs) in the Single Euro Payments Area (SEPA) was released by the European Central Bank in 2016. This report mentions an alarming figure, the total value of fraudulent transactions conducted using cards issued within SEPA amounted to €1.8 billion in 2016.

Moreover, most of those fraudulent transactions, around 73% of the value were from card-not-present (CNP) payments, payments via the internet, post or telephone, 19% from transactions at point-of-sale (POS) terminals and 8% from transactions at automated teller machines (ATMs).

The same report mentions that  UK and France are the countries with higher credit card fraud losses, mainly from CNP fraud on internet purchases, lost and stolen card fraud, and cross-border fraud losses on domestic cards used abroad. The reason why CNP fraud transactions are leading is due to the transition to eCommerce away from brick-and-mortar shopping.

In addition, the goal of GDPR was to convey uniformity to data protection guidelines across EU member states and establish how corporations need to store personal information and the way they have to respond in the occasion of a data breach.

GDPR came into full force and at the end of January 2019 in 28 EU member states. The Netherlands, Germany, and the United Kingdom have the highest number of data breaches notified to supervisory authorities. Although this is only personal data information, it can also be related or used for card frauds.

Types of Card Fraud

In order to understand what kind of fraud there are out there, here is a quick list. These categories can be useful when you have to report a card fraud.

• CLEAN FRAUD. This happens when delinquents acquire authentic cardholder information including 3D-Secure and postal address.
• IDENTITY THEFT. Here customer card information is stolen and used to purchas goods and services online.
• FRIENDLY FRAUD OR FIRST-PARTY FRAUD where the payer, after having performed a genuine transaction to purchase goods or services online, contacts the card issuer to claim that they have been defrauded and request a chargeback.

What have policymakers done?

The card industry and governments around the world have tried to implement as many regulations to decrease fraud and keep the money of the citizens safe.

Consequently, one of the first things the EU did was EMV implementation, also called chip cards. Together with 3D-Secure, and Strong Customer Authentication (SCA). These enabled to reduce domestic losses from lost and stolen cards in Europe. These measures are regulated in the Payment Services Directive PSD2 that went into effect fully in 2019.

What can you do to protect your corporate card?

Transactions only in secure internet networks. Please don’t buy your next work trip flight in a network with no password. In these types of networks, unencrypted data can be visible to any computer nearby.

• Make sure the page is https. On any payment page, before including your card information please make sure the address starts with https. Be always careful as there are still some https pages that are not encrypted.
• Never share the full card number (by phone or email, EVER!). Did you know that even us at Payhawk we don’t know the full 16 digits of any of our customer's cards? And we will NEVER ask for it! This is illegal. So if you get a call or email asking to share this information report it ASAP.
• Strong passwords ALWAYS. Be aware that anyone can access your computer data if they try. Your browser saves most of your card history and information. Please clean frequently your history and have a strong password.
• Monitor your transactions. Sometimes is hard to keep track of all transactions if you have to log into your online bank account. With Payhawk you get a mobile push notifications every time there is a transaction with your card. Easy right?

Your corporate credit card is stolen? follow these steps ASAP!

• If your Payhawk card is stolen, you can immediately freeze or block it in the app and web platform.
• Commercial bank has issued your card? Then always have handy the customer service number, so you can block the card as soon as you realize it is lost or stolen
• Inform your supervisor your card is stolen or lost
• Check all transactions to evaluate the damage and amounts
• Check your company card insurance policy

Finally, at Payhawk we understand that security is crucial for our clients. In this regard and to protect all information of our users last year we went through a security compliance certification called PCI DSS. Quoting our CTO Boyko,* this certification was the hardest thing I've ever done*. Maybe also consider issuing virtual cards instead - they tend to be more secure than the physical equivalents.

If you want to know more about this topic don't hesitate but schedule some time with the team here.