You may have heard buzz around words like security, data breaches, and fraud. As a merchant, keeping risks low and security high can save you serious time and money. Here’s a glossary we put together of terms every pro should know and pay attention to as a business owner.

• Fraud

Fraud occurs when someone deceives a person or institution to obtain money, goods, or services illegally.

Small businesses typically encounter fraud when transacting with their customers. Some customers might attempt to use stolen credit card information to purchase a good or service from your business in order to obtain the good or service for free. If the rightful cardholder finds out, they will most likely issue a dispute on the transaction.

eCommerce businesses are particularly vulnerable to fraudulent transactions since purchases take place over the internet rather than in-person. This limits your ability to confirm that the individual making the purchase is the legitimate cardholder, which creates the perfect environment for a fraudster to try and purchase goods or services without detection.

• Disputes

A payment dispute occurs when a card holder contacts their bank and asks for a transaction to be reversed. The bank will then forcibly reverse the transaction by issuing a dispute and debiting your account for the disputed funds (otherwise known as a “chargeback”).

There are a number of things that can compel a cardholder to dispute a payment. They might be dissatisfied with the goods or services sold in the transaction, or claim never to have received it.  Their credit card could have been stolen and used to purchase goods without their consent. A credit card holder has the right to initiate a dispute with their bank for any reason, which is why it’s important to follow best practices when accepting credit cards.

• Account takeover

A lack of security can result in your Square account, email account, or bank account being taken over by someone with bad intentions.

Typically, fraudsters gain control of these private accounts using login information that they’ve bought on the dark web or obtained using social engineering. Once they’ve logged into your account using the stolen information, they then may change your login information to prevent you from accessing your account. If this happens to your Square account, for example, the fraudster could switch your bank account information with their own and deposit your hard-earned funds into their account.

We encourage all Square sellers to add an extra layer of security by using 2-step verification. If you find yourself locked out of your Square account or see activity on the account that you don’t recognize, contact us immediately.

• 2-step verification

Also known as “two-factor authentication” or “2FA,” this technology is built into many platforms (such as Gmail or your Square account) as a second line of defense when accessing an account. 2-Step Verification usually appears as a code sent as a text message to your cell phone or email address. The code will act as a secondary password in order to enter into your account, and is required to log in. This makes it much harder for someone to access an account that doesn’t belong to them, since they need access to both the regular login information and the secondary code.

• Data security

Data security is composed of practices and techniques used to keep data from being accessed by potential fraudsters. It can come in the form of proprietary software or hardware (like firewalls) that detects suspicious activity, secure payment devices, and constant monitoring of transactions, all of which are used by Square.

To make sure that sellers are keeping their customers’ data secure, credit card companies have come up with a series of regulations called PCI DSS.

• PCI DSS compliance

PCI DSS stands for Payment Card Industry Data Security Standard. Its aim is to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment so that cardholder information does not fall into the wrong hands. Compliance means adhering to the set of security standards that all five major payment brands (Visa, MasterCard, Discover, AMEX, JCB) have set up through their organization, the PCI Security Standards Council.

If you accept credit card payments and are found non-compliant, you could end up spending thousands per year in fees. Most payment processors leave it up to sellers to manage their compliance, which is time-consuming and expensive. When you sell with Square, we manage your compliance so you can focus on running your business.

• Chip Card Liability

As chip cards are harder to compromise than magstripe cards, the payment industry has adopted chip technology as the preferred method for accepting card payments. With this shift from magstripe to chip technology, the card networks have updated their liability rules. If you accept a chip card in-person and swipe it rather than insert it into an chip reader, you will be held liable for the transaction amount if the charge is later disputed by the cardholder.

Due to this liability shift, it’s important that your payment device is set up to accept chip payments, like Square’s Contactless and Chip reader.

• Data breaches

A data breach is when private information is compromised by and released to malicious actors.

One type of data breach occurs when a fraudster hacks through a company's security and reaches the confidential information stored on its servers. In many cases, this is the personal data of consumers who have interacted with the company, such as email addresses and credit card numbers. The criminal can then sell the private information on the dark web for others to use for fraudulent transactions.

This is what makes information security so important. When a company takes steps to protect itself, it’s also protecting whatever customer information it might have stored.

• Chip card

Chip cards, which use microprocessor chips rather than magnetic strips, are the payment method preferred by the payment industry. The protection offered by the chip makes this card type far more secure than the magstripe that preceded it. For example, chip cards can’t be cloned in the same way that magstripe cards can be, so criminals have to physically steal your card to use it. Rather than a swipe, these cards are inserted or dipped into a payment processing device. When used like this, the card information is disguised with each separate transaction.

• Magstripe

When older credit cards are swiped through a payment processing device, the device reads the black strip of magnetic material to authorize the transaction. Since these cards carry all your payment information rather than disguising that information each time you use the card, they are highly susceptible to “cloning”—copying your information onto a counterfeit card. This technology, almost identical to audio tape, is being phased out by payment card brands in favor of the more secure “chip” cards.

• NFC

"Near field communication" is a form of contactless communication between devices like smartphones or tablets. Examples include Apple Pay and Google Pay. Contactless communication allows you to wave a smartphone over an NFC-compatible device, like Square’s Contactless and Chip reader, to make transactions.

These devices never need to physically touch or go through multiple steps to set up a connection and make a transaction. NFC is the most secure payment method available as it uses both a cardholder’s specific mobile device and Touch ID or passcode to perform.

• Secure payments & secure payment hardware

Secure payment processors and devices are those that adhere to Payment Card Industry Data Security Standards (PCI DSS). All of Square’s devices adhere to these standards.

• End to end encryption

End to End Encryption only allows the device sending information and the device receiving information to decrypt it. The servers and networks used to pass the information from place to place can do only that: pass the encrypted information. They can't read it.

For example, whenever a credit card is dipped into a Square chip reader, the data is encrypted by the reader and then securely sent to Square before the payment is even processed. Once the payment is processed, Square encrypts the data again before it reaches the banking institution.

So, let's say that you use a Square chip reader, and your business' wifi network is compromised by someone with malicious intent. All the data (credit card numbers, billing information, etc.) that went through your Square reader are already encrypted and unusable to the would-be criminal.

• Social engineering (“Phishing”)

Social engineering is a technique fraudsters use to manipulate people into giving them private information like passwords and account numbers. Often referred to as “phishing,” this practice creates a false sense of trust between the you and the fraudster.

For example, a fraudster may try to access your Square account by sending out an email that appears to be from Square. The email might ask you to log in to your Square account to check the details of a certain transaction or refund, or tell you there is a problem with your account and ask you to log in for verification. However the criminal goes about it, most “hacking” methods don’t rely on sophisticated computer programs but on simple deception, so be on the lookout. For tips on how to recognize and report phishing emails, click here.

Square employees will never ask you for your account password or your full social security number. If you’re contacted by someone who presents themselves as a Square representative and asks for either of these things, do not provide them and contact us immediately at 1-855-700-6000 (you’ll also need your Square customer code to call in).

• Hacking

Hacking is when a criminal utilizes a computer to obtain private data, typically for illegal use. Hacking methods include web sites that install malicious software, sites that mimic other legitimate sites in an attempt to trick you into giving out information, and a number of email-based scams.

Criminals use these techniques to access confidential or personally identifiable information, such as passwords, credit card numbers, names, and email addresses. When this private information is compromised and released to other malicious actors, it is known as a data breach.

Once fraudsters have access to your data, they might be able to steal money from your financial accounts and make fraudulent purchases in your name. They may also sell the information to other bad actors on the dark web.

• Decline

When a card payment is declined, it usually means the bank that issued the card has refused to process a payment (not the payment processor). Declines can happen for a range of reasons, including cardholders exceeding their account balances or credit limits, the zip code they give you not matching what’s on file with the bank, or suspected fraud.

Square’s risk team monitors all transactions that pass through our system. In cases where we see signs that a transaction is fraudulent, we’ll decline the payment in order to protect you from being held liable if the transaction does prove to be fraudulent.

• Encryption

Encryption is translating information into a code that only those with a special key can read. Square encrypts data using industry-standard cryptographic algorithms. This means the data (card numbers, cardholder names) is transformed into something that only Square can read, unable to be used by fraudsters.