Insufficient security checks and the complexity involved in taking online payments are leaving small firms exposed to payment processing fraud, the Forum of Private Business is warning.
Accepting card payments online is an increasingly important source of revenue for small firms but many business owners have little or no experience of the contractual processes that can be involved.
Further, entrepreneurs who do take online card payments are left paying the price of fraud if supposedly secure payment systems are breached. During the past month the Forum's member helpline has seen a notable increase in calls about payment processing fraud.
In order to prevent large losses by spotting potential fraudulent activities early the Forum's Adviser on Merchant Services,Richard Bradley of Accept Cards Ltd, urged merchants to put in place regular processes scrutinising orders using statistical information provided by online payment providers.
"Minimising credit card fraud takes time but, above all, it is important to acquire an e-commerce payment gateway that is secure, using supplementary security modules provided by the major credit card companies,"
"Basically, these two features request an additional password to be entered along with the credit card details of the cardholder. Fraudsters will usually have the name, address and credit card number only so using payment gateways that support these can be an effective way of minimising risk."
Mr Bradley said that many business owners do not fully understand the processes involved in taking secure online card payments or realise that they can be left to cover the cost of fraud.
"Card fraud is a bit of a minefield, particularly with card not present transactions," he added. "In order to combat it, e-commerce merchants must first understand why and how fraudulent transactions take place.
"A credit card fraud is a transaction where an e-commerce merchant is unaware of the fact that a placed order will not be paid for by the cardholder. Typically, credit card information is gained illegally, for example by being stolen or traded, and the fraudsters then use it to order merchandise or services under false names.
"As soon as the original cardholder receives a statement from the issuing bank a chargeback is issued and the e-Commerce merchant has to refund all the expenses, and cover the hassle by paying a chargeback fee."
Forum member Stuart Mayhew is the Managing Director of North Leicester Motorcycles, a motorcycle dealer in Coalville, Leicestershire. He said his business takes approximately 90% of all payments via cards."I'm appalled that card suppliers are allowed to retrospectively snatch back payments," said Mr Mayhew. "If you apply for authorisation and get it and the money is in your bank it's just terrible that they can come back and say 'sorry, we shouldn't have authorised that but we are taking the money back'."
Greg Smith is also a member of the Forum. His firm Fag Machines Ltd, which is based in Manchester and has offices in Bury St Edmunds, Suffolk, and Southend-on-Sea, Essex, lost £243,000 after his card payment provider removed the money from his account following a fraud. He had put in place the provider's security system.
"We made it clear that any payments we take are card holder not present and were told that it would be entirely our risk," said Mr Smith "I think the security checks are as good as non-existent - we're charged 30p per transaction as well. I understand that other providers use some of that fee for fraud protection so and information and advice about alternative providers is obviously welcome.
"There is definitely a need because more and more businesses have to trade via the internet and we're forced to take on card processing facilities. The banks say they are the best thing since sliced bread and then say it's not their problem when something goes wrong."
Another member of the Forum, Brian Murphy, of Buckinghamshire-based electricity company Pulsar Developments, said that the most security conscious firms have no guarantee of being covered in the event of fraud, even when the cardholder is present when payments are made.
"I asked the provider if they would guarantee that I would be paid in the event of a fraud, providing I had carried out all the security checks required," said Mr Murphy "After about three days, the answer that came back was 'no'. These lenders are selling a system that they are not prepared to stand by."
He added: "It also applies to debit cards. As far as I am aware, none of them provide a guarantee of payment yet reserve the right to pass back the charges, at their discretion, if fraud takes place. That is not my problem, but a problem with their system. Unfortunately, they won't volunteer any of this information easily to their business customers."
As part of the Forum's Purchasing Director business support solution, Accept Cards Ltd provides independent advice on all areas of card processing and information on a choice of processing banks and e-commerce payment gateways.