November 6, 2012

Executive Insight: Take Advantage of Fraud Sentry!

The most effective security system in the world can’t protect you if you don’t turn it on. That’s the first thought that struck me after I heard a report of one of our merchant customers falling victim to “trusted-employee” fraud last month.
In this case, a night auditor was able to issue false credits to her own pre-paid card as well as to the card of her boyfriend. The worst part about this story is that the merchant could have avoided the whole ugly situation had they just taken advantage of what we offer our customers. You see, as a DOLLARS ON THE NET® user, they should have been receiving our Fraud Sentry® alerts. Unfortunately, not configuring Fraud Sentry cost this merchant thousands of dollars.

Those of you who are faithful readers of this newsletter will be familiar with Fraud Sentry, a feature we built into our solution several years ago to help a high-profile client who feared his employees were stealing from the organization.

By monitoring for any credits without corresponding debits (in other words, looking for employees giving “refunds” for more than the purchase amount – or when there had not been a purchase to begin with), Fraud Sentry caught the employees who had been issuing false credits to the cards of their friends and associates. We quickly realized this was something that would be useful to everyone, so we opted to include it with DOLLARS ON THE NET for all of our users.

From that day on, every Shift4 customer has had access to Fraud Sentry. All an account administrator has to do is configure the option from within DOLLARS ON THE NET. They can even designate multiple people to receive alert messages. (Enterprise accounts can also request Shift4 to set up an enterprise-wide version of Fraud Sentry, which protects franchise locations even if the local administrator opts not to configure Fraud Sentry locally.)

We’re not exactly sure why this poor merchant had chosen not to set up Fraud Sentry, but you can bet they have it in place now. If you haven’t configured it, learn from their mistake and do so now. If you are using Fraud Sentry already, here are a few things you should check to make sure you don’t miss any of its vital alerts:

  1. Make sure the Fraud Sentry recipients all have their current e-mail addresses (one they check regularly) on the distribution list.
  2. Ensure that your alerts are not going to someone who is no longer with the company, or whose position has changed such that they might ignore an e-mail from Shift4.
  3. Don’t ignore emails from Shift4. We try hard not to bombard you with lots of messages so that when we do send you something, you can be sure it’s important. In particular, watch for subject lines including the words “Shift4 – Fraud Sentry Notification – Acct” and content such as “Unverified Credit”, “Possible Duplicates,” or “Suspicious Card Activity.”
  4. Add [email protected] to your safe-senders list to be certain that Fraud Sentry alerts don’t end up in a SPAM filter.
  5. Don’t rely on Fraud Sentry to do all the hard work for you. We’ve made it a very effective tool, but it’s important to remember that PCI DSS requirement 12.7 calls for merchants to “Screen potential personnel prior to hire to minimize the risk of attacks from internal sources.” No software can take the place of a background check and common sense.
  6. It saddens me to see one of our merchant customers affected by something that we can so easily protect them from. My hope is that each of you will learn from their experience and take care to protect yourselves and your businesses. Review your Fraud Sentry recipients, check your messages regularly, and be careful who you hire and how much access you grant them (especially if you plan to bring on temporary staff for the holidays).

If you need help with any of these features, remember that our world-class Customer Service staff is available to help you 24/7/365. Drop them a line at [email protected] or call 702.597.2480, option 2.