I take no consolation from the fact that we’re not alone. Credit card theft is a global enterprise; one estimate puts 2011 losses at $6 billion. Prantl’s pays an average transaction fee of 22 cents plus 2.5 percent of the sale every time we swipe a card at one of our cash registers. In fact, the rate is even higher for web orders because the Internet is such a hotbed of stolen card use. Our fees total thousands of dollars each month, and I have to imagine a large portion of them go to covering the fraud bill.
With so much potential money to be made, it shouldn’t be surprising that the waves of fraud keep coming and that there isn’t much we can do to avoid them. Card compromises can range from a single employee at a restaurant surreptitiously copying down a number to one of the more elaborate schemes I’ve heard of: a team of criminals swapping out the debit card PIN pads at Michaels stores in California and wirelessly sending themselves enough information to walk up to ATM machines and withdraw cash. Especially in large breaches involving systematic intrusion, hundreds of thousands of customers may end up having their cards canceled.
In our case, our card provider typically senses something is wrong before we realize it. They shut the card down immediately, often without our knowing they’ve done so (hence the phone call from the Restaurant Depot checkout). Then we work with them to identify and remove the fraudulent charges and have a new card issued. In our experience, the thieves start small and work their way up. Most recently, the criminals started by charging a few dollars at a gas station in Framingham, Mass.; they progressed to larger clothing purchases and finished with a flourish, splurging on a Mexican vacation package worth several thousand dollars.
Despite this recurring nightmare of theft, corporate credit cards are wonderful tools, without which small business owners like me would have to run every errand and order every supply. I’m not about to give ours up. So, if this is the world we live in, what can we do to protect ourselves? Here are a few things I’ve learned along the way:
1. Look at the credit card statement as soon as it arrives or, better yet, check online every few days. You can procrastinate on the bookkeeping all you want, but give a quick scan to see if there’s a Russian gambling website pinging your card on a regular basis (this is how my friend Nick Mancini, owner of Mancini’s Bread Company, realized something was wrong!).
2. Make sure the credit card issuer has all of your contact information on hand. They’ll try and reach you as soon as their system detects something fishy. The quicker they can contact you, the less likely you’ll be surprised at the checkout. 3. Have a backup card. This way, if your credit card needs to be deactivated, you have something to use while waiting for the replacement to arrive.
I’m quite sure there are gangs of international criminals cooking up ever more creative schemes daily. But we small business owners are, by necessity, pragmatists. So, in the meantime, I’m scanning my online statement regularly and keeping my spare card handy in my safe.