Having your identity stolen is a stressful and lengthy ordeal that can damage your credit score and leave you an emotional wreck. And being the business owner of the establishment where credit card fraud occurs can be equally as traumatic.

In 2008, the owners of Elmwood Spa in Toronto, Canada, found themselves in the middle of a high-profile credit card scam, when thieves completely unassociated with the spa strategically placed a microchip in the credit card reader to lift the card information of customers as they paid for their services.

A total of 216 Elmwood Spa customers had their private information compromised during the scam, and the owners were unaware that anything was wrong until they received a call from a credit card company to alert them that they might be the place where the information was being lifted.

As you can imagine, an event like this is a nightmare for a business owner. Your credibility with your customers goes out the window, and you have to act fast to make sure all legal proceedings are done properly and that you go above and beyond to build back the trust of your clients.

The possibilities for credit card fraud are endless. Business owners are susceptible to highly-organized thieves like the Elmwood case, as well as rogue employees, dubious customers, hackers that can enter databases, and much more. But luckily the Federal Trade Commsion (FTC) and the Small Business Association (SBA) have a wealth of information to help keep you informed and prepared for the worst case scenarios.

Credit Card Fraud: The Culprits

Credit card fraud and identity theft can literally happen anywhere in the salon. A Beverly Hills salon owner is currently awaiting trial after being accused last year of charging her clients after they had already paid in full for services.

A host of Hollywood celebrities were victims of this alleged scam, with the implication that minimal charges showing up on their credit cards would be paid without much thought considering they had visited the salon before. This just goes to show that it doesn’t take an organized crime ring to make a crime.

But if you’re a salon owner, you have to prepare for all possibilities.

Once thieves have a credit card’s information, they can quickly change the billing address on the card they stole so that the victim isn’t immediately aware of the charges being run up, and they can also open up new credit cards under the victim’s name, further lengthening their time to spend before they attract attention.

Containment Plan

It’s bad enough to be a victim, but what happens if you’re the business where the information was compromised? What do you need to do?

Contact the police. If you suspect your salon may have been the location of identity theft, whether by your own suspicion or you are notified by a credit card company, the first step is to immediately contact police. Tell them everything that you suspect, and let them know you will fully cooperate with them to clear the matter as soon as possible.

Notify any other affected business. With credit card fraud, there can be other businesses affected by the crime. If there are any businesses that you feel may be affected, mainly other credit card companies, be sure to notify them as soon as possible.

Notify individuals who may have had their information stolen. Talk to the police about the timing of notifying customers so that it does not impede their investigation. Then designate a contact person at the salon who will be responsible for fielding any questions or concerns. The FTC has a model of a letter you can send (either through the mail or electronically) to customers at www.ftc.gov/idtheft/model-letter.doc. The main points are to notify them that your business has encountered a security breach and you are acting on it, and the customers themselves should contact their credit card companies and take steps to protect themselves.

Ramp up customer service, addressing the incident and reassuring customers that steps have been taken to solve the problem and prevent it from happening again. This is a key step in re-establishing trust with your clientele. Send out a letter or post it clearly on your website, stating the nature of the incident and that it was a one-time breach and that preventative measures have now been put in place to make sure it doesn’t happen again.

An Ounce of Prevention

Like the old adage says, an ounce of prevention is worth a pound of cure, so here is how you can help protect yourself from ever having a security breach to begin with.

Don’t keep customer credit card information unless you have a business need for it. If you must keep it, make records of your retention policy so employees know what information must be kept, how to secure it, how long to keep it, and how to dispose of it securely when you no longer need it.

Keep any written records with sensitive information locked away. Be mindful of who has access to your sensitive information.

For computers, make sure to run anti-virus software on a regular basis so hackers cannot access your computers.

Train your employees on keeping information safe. Make sure they are familiar with any credit card processing equipment and computers that may store customer information. Be up front about your expectations for confidentiality and create a workplace culture that is attentive to these important matters.

The new economy and the rise of technology will only bring more and more super-fast money products that on the one hand free us from fiscal burdens while also exposing us to possible thievery. It will pay dividends to continue to keep yourself informed to the many ways your business can become compromised. For more information, check out the FTC website at www.ftc.gov and the SBA’s at www.sba.gov.  

For reprint and licensing requests for this article, Click here.

Read more about