You may have heard words like security, data breaches, and fraud used in the news or on the Internet. How much do you know about these terms and how they might affect your business? We put together a glossary of the must-know security words for sellers.
Fraud
Fraud occurs when someone deceives a person or institution to obtain money, goods, or services illegally.
Small businesses typically encounter fraud when transacting with their customers. Some customers might attempt to use stolen credit card information to purchase a good or service from your business in order to obtain the good or service for free. If the rightful cardholder finds out, they will most likely issue a dispute on the transaction.
eCommerce businesses are particularly vulnerable to fraudulent transactions since purchases take place over the internet rather than in-person. This limits your ability to confirm that the individual making the purchase is the legitimate cardholder, which creates the perfect environment for a fraudster to try and purchase goods or services without detection.
Disputes
A payment dispute occurs when a card holder contacts their bank and asks for a transaction to be reversed. The bank will then forcibly reverse the transaction by issuing a dispute and debiting your account for the disputed funds (otherwise known as a “chargeback”).
There are a number of things that can compel a cardholder to dispute a payment. They might be dissatisfied with the goods or services sold in the transaction, or claim never to have received it. Their credit card could have been stolen and used to purchase goods without their consent. A credit card holder has the right to initiate a dispute with their bank for any reason, which is why it’s important to follow best practices when accepting credit cards.
Account Takeover
A lack of security can result in your Square account, email account, or bank account being taken over by someone with bad intentions.
Typically, fraudsters gain control of these private accounts using login information that they’ve bought on the dark web or obtained using social engineering. Once they’ve logged into your account using the stolen information, they then may change your login information to prevent you from accessing your account. If this happens to your Square account, for example, the fraudster could switch your bank account information with their own and deposit your hard-earned funds into their account.
We encourage all Square sellers to add an extra layer of security by using 2-step verification. If you find yourself locked out of your Square account or see activity on the account that you don’t recognize, contact us immediately.
Data Security
Data security is composed of practices and techniques used to keep data from being accessed by hackers. It can come in the form of proprietary software or hardware (like firewalls) that detects suspicious activity, secure payment devices, and constant monitoring of transactions, all of which are used by Square.
To make sure that sellers are keeping their customers’ data secure, credit card companies have come up with a series of regulations called PCI DSS. PCI DSS stands for Payment Card Industry Data Security Standard. Its aim is to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment so that cardholder information does not fall into the wrong hands. Compliance means adhering to the set of security standards that all five major payment brands (Visa, MasterCard, Discover, AMEX, JCB) have set up through their organization, the PCI Security Standards Council.
If you accept credit card payments and are found non-compliant, you could end up spending thousands per year in fees. Most payment processors leave it up to sellers to manage their compliance, which is time-consuming and expensive. When you sell with Square, we manage your compliance so you can focus on running your business.
Data Breaches
A data breach is when private information is compromised by and released to malicious actors.
One type of data breach occurs when a criminal hacks through a company's security and reaches the confidential information stored on its servers. In many cases, this is the personal data of consumers who have interacted with the company, such as email addresses and credit card numbers. The criminal can then sell the private information on the dark web for others to use for fraudulent transactions.
This is what makes information security so important. When a company takes steps to protect itself, it’s also protecting whatever customer information it might have stored.
Encryption
Encryption is translating information into a code that only those with a special key can read. Square encrypts data using industry-standard cryptographic algorithms. This means the data (card numbers, cardholder names) is transformed into something that only Square can read, unable to be used by hackers.
End to End Encryption only allows the device sending information and the device receiving information to decrypt it. The servers and networks used to pass the information from place to place can do only that: pass the encrypted information. They can't read it.
For example, whenever a credit card is dipped into a Square chip reader, the data is encrypted by the reader and then securely sent to Square before the payment is even processed. Once the payment is processed, Square encrypts the data again before it reaches the banking institution.
So, let's say that you use a Square chip reader, and your business' wifi network is compromised by someone with malicious intent. All the data (credit card numbers, billing information, etc.) that went through your Square reader are already encrypted and unusable to the would-be criminal.
Hacking
Hacking is when a criminal utilizes a computer to obtain private data, typically for illegal use. Hacking methods include websites that install malicious software, sites that mimic other legitimate sites in an attempt to trick you into giving out information, and a number of email-based scams.
Email-based scams are often called “phishing.” It’s a technique criminals use to manipulate people into giving them private information like passwords and account numbers. This practice creates a false sense of trust between you and the criminal.
For example, a criminal may try to access your Square account by sending out an email that appears to be from Square. The email might ask you to log in to your Square account to check the details of a certain transaction or refund, or tell you there is a problem with your account and ask you to log in for verification. For tips on how to recognize and report phishing emails, click here.
Criminals use these techniques to access confidential or personally identifiable information, such as passwords, credit card numbers, names, and email addresses. When this private information is compromised and released to other malicious actors, it is known as a data breach.
Square employees will never ask you for your account password or your full social security number. If you’re contacted by someone who presents themselves as a Square representative and asks for either of these things, do not provide them and contact us immediately at 1-855-700-6000 (you’ll also need your Square customer code to call in).
Can’t get enough of security? Read our full guide of Security Terms You Should Know.
Have questions about security? Ask Flee, Square’s Information Security Lead, a question!
