PPB March 2018

Washington state and did not order $110 worth of burritos from Florida. Fortunately, our credit card provider does not hold us accountable for these charges.” She says she and Darrell have been taking all the precautions they can to try to isolate and eliminate the problem—such as using one credit card exclusively for supplier orders—but it persists. She believes it’s an issuemany small distributors struggle with. “We have net 30 with most suppliers, but many want a credit card,” she says. As an alternative, she often issues a check, but it takes a bit more time to process a check and extra time is one thing neither distributors nor suppliers can spare. The couple have not been able to narrow the problem down to any specific companies and have not changed vendors because of it. However, the tipping point came recently when Hooper called a supplier to place an order, gave a new credit card number and explained why her number had changed. “The person on the other end said, ‘I have a lot of distributors who tell me that.’” Credit card fraud is a growing problem for consumers and businesses alike. In the first half of 2017, there were 791 data breaches reported in the U.S., a 29-percent increase over the same period in 2016. That year, losses due to credit card fraud topped $24.71 billion, according to the Nilson Report. The Federal Trade Commission (FTC) reports that Florida leads the nation with 300,000 fraud complaints filed in 2015; Georgia and Michigan come in second and third, respectively. During a recent panel discussion among data security experts, it was revealed that insiders can pose more of a threat to a company’s data than outsiders because of their access to information. According to an article in Data Insider , if an employee wants to steal or leak information, they can usually do so far more easily than an outsider. They can also accidentally leak credit card information, putting customers at risk. One panelist also stated that, froma practical standpoint, any sizable organization is likely to have unhappy employees, who therefore have amotive tomishandle customer credit card information. Knowing how easy it can be for card information to be shared and misused, distributors need to be vigilant to minimize their exposure: 1 Never write a credit card number on a purchase order. 2 Never send a credit card number by email, fax or text. 3 Provide your credit card number by phone only to a specific person who is handling the order. Ask for that person’s name and ask him or her not to repeat your number as others may be listening. 4 Check your credit card statement frequently to look for any questionable charges, and follow up immediately with your bank. 5 Maintain one credit card for product orders; it’s easier tomanage the security and to solve problems if the card is compromised. The safest way to provide suppliers with a credit card number is to enter it online when making a purchase, says Dale Denham, MAS+, Geiger chief information officer. “It is far easier to put your credit card in online than to give it to someone over the phone, especially if the merchant is PCI compliant (see sidebar on page 22). A PCI- compliant merchant employee almost never sees or has access to the credit card number. Geiger allows and encourages our customers to pay their bills online rather than call in.” How Suppliers Protect Customer Data While distributors who place orders using credit cards must take careful measures to protect their numbers, much of the burden also falls on suppliers to safeguard that information. Harvey Mackler, MAS, president of supplier GEMPIRE/ GWI, takes several steps to protect his customer’s credit card numbers. “When we accept the card information, we enter it into a PCI-compliant system coordinated with our merchant credit card processor, which happens to be one of the country’s largest commercial banks. We do not keep numbers on file,” he says. “If they are on an order, we will black them out after a one-time use. After the order is processed, we shred it.” His advice to distributors is to use caution. Do not include the credit card number on a purchase order or an email; give it over the phone. Suppliers should also monitor who can receive such information from a customer. | MARCH 2018 | 21 INNOVATE Credit card fraud is a growing problem for consumers and businesses alike. In the first half of 2017, there were 791 data breaches reported in the U.S., a 29-percent increase over the same period in 2016. That year, losses due to credit card fraud topped $24.71 billion, according to the Nilson Report.