Cyberattacks and other schemes devised to commit fraud against businesses require constant vigilance from business leaders and their teams. A company’s reputation and financial stability are at stake when customer information — credit or debit card numbers, passwords, email addresses, etc. — is compromised or stolen. Businesses may also experience financial losses due to social engineering ploys that dupe employees into making fraudulent payments. Unfortunately, these schemes and scams have become commonplace and target businesses of all sizes.

What you can do to protect your business

Comply with PCI DSS. You’re not alone in the fight to protect your customers’ data. The Payment Card Industry Securities Council has identified measures to help businesses keep card data safe. Compliance with required Payment Card Industry Data Security Standards (PCI DSS) can help you avoid breaches and the ultimate responsibility for fines that may be imposed by the card networks in the event of noncompliance. PCI DSS requirements address network security, the storage and transmission of card data, vulnerability issues, access restrictions, and monitoring and testing.

If you are a PNC Merchant Services® client, we can help you with the PCI DSS validation process. Contact your PNC Merchant Services representative for details.

Put fraud solutions to work. A variety of fraud monitoring and management tools are available to help strengthen your cybersecurity efforts. For example:

  • A merchant solution that encrypts cardholder data, including PINs, helps protect data both in use and at rest.
  • Network vulnerability scans may help protect your system from viruses, ransomware or other malicious software (malware).
  • Depending on the merchant solution you use, you may have the option to select from a variety of filters. For instance, a velocity filter prevents merchants from testing card numbers against your account. A threshold filter sets maximums for sales, credits and refunds. A card verification value (CVV) filter checks the three- or four-digit card code against that registered with the card issuer.

Understand and educate. Knowing what you’re up against and keeping your employees informed is essential to an effective cybersecurity program. Regularly scheduled training sessions can help employees learn about not only data privacy regulations and compliance, but also phishing attacks and other social engineering ploys with the potential to harm your business. Business email compromise, for example, has become a growing concern among business leaders, as cybercriminals use increasingly sophisticated tactics to trick employees into fulfilling their fraudulent payment requests. Since these requests may appear to come from an internal executive or a legitimate supplier, employees must know what to look for and how to report potential scams.

Evaluate your internal payment policies, procedures and controls, too, to ensure they limit opportunities for fraud. Having a verification process for any vendor payment instruction change requests, requiring secondary approval for all payment requests, using a third (executive) layer of approval for high-dollar transactions and aligning employee authority with job function can be good places to start.

Protect your customers and your business by staying a step ahead of cybercriminals. Download the PNC Cyber Security Resource Guide for more in-depth information, and reach out to your PNC Merchant Services representative anytime for information about merchant solutions, including fraud management tools.