Safeguarding your business against 
potential risks and threats

We know that small to medium businesses are the heartbeat of the UK economy, accounting for 99% of the UK’s business population and three fifths of all jobs. We also know that, while running any business isn’t easy, smaller businesses can be particularly at risk.

This Fraud Prevention Toolkit serves as a comprehensive guide tailored specifically for small business owners embarking on their entrepreneurial ventures. Our aim is to help you and your business reduce your attack surface, and therefore your risk, and help you know what action to take if you are victim to an attack.

Whether you're a seasoned entrepreneur or just starting your journey, this Fraud Prevention Toolkit is your trusted companion in safeguarding your business against fraud and ensuring its long-term success. We invite you to dive in, explore the resources, and take proactive steps to protect your business from potential threats. Together, let's build a resilient and thriving small business community.

41 %

of small to medium-sized businesses in the UK have fallen prey to fraud and scams

£ 4 k

average financial loss to SMBs in the UK over the past year due to fraud and scams

Identifying, preventing and acting on the most common types of scams and fraud

As part of our ongoing commitment to preventing fraud, we have identified the most common types of scams and fraud that small-medium businesses experience. Learn how to protect your company from falling victim to them:

Phishing and cyber-ransom

Crypto-currency scams

Online transactions via hacked bank details

Chargebacks from fraudulent
consumer card transactions

Billing fraud and false invoices

Enumeration and card testing attacks

Phishing and cyber-ransom

What are phishing scams?

Phishing scams involve fraudulent attempts to obtain sensitive information, such as passwords, credit card numbers, or financial data, by posing as a trustworthy entity. Typically, perpetrators impersonate legitimate organisations through emails, text messages, or fake websites, deceiving recipients into giving up confidential details or clicking on malicious links. They might also use SMS messages (Smshing) or voice calls (Vishing). These scams often employ urgency or fear tactics to manipulate victims into acting hastily. Once successful, phishing attacks can lead to identity theft, financial loss, or unauthorised access to sensitive accounts.

 

24 %

Almost a quarter (24%) of small-medium business fraud cases reported were
phishing scams

75 %

Almost three quarters (75%) of small-medium business agree that improving digital capabilities are the most effective methods for preventing fraud.

What are crypto currency scams?

Crypto currency scams leverage the allure of quick profits and decentralised systems. Scammers employ various tactics like Ponzi schemes, fake ICOs (Initial Coin Offerings), or pump-and-dump schemes to defraud businesses and investors. Unsuspecting victims may fall victim to investment scams promising high returns, or fraudulent crypto wallets and exchanges. Moreover, the lack of regulatory oversight in the crypto space means it can be difficult to hold the scammer to account.

15 %

Small businesses were most likely to have been affected by crypto currency scams (15%)

What are online transactions
via hacked bank details?

Online transactions using hacked bank details pose a severe threat, endangering both individuals and businesses. Cybercriminals may gain unauthorised access to sensitive financial information through various means, such as phishing, malware, or data breaches. Once obtained, these details enable fraudulent transactions, draining funds from bank accounts or making unauthorised purchases. Victims may suffer financial losses, compromised personal data, and damaged credit scores. Moreover, businesses face reputation damage and potential legal repercussions.

23 %

Nearly a quarter of small-medium business fraud cases reported were online transactions via hacked bank details (23%).

What are fraudulent chargebacks?

Fraudulent chargebacks occur when consumers dispute transactions they claim are unauthorised or fraudulent, resulting in the reversal of funds from the merchant's account. This leads to financial losses, increased operational costs, and potential damage to the merchant's reputation. Fraudsters exploit various tactics, including stolen card information, identity theft, or friendly fraud, to initiate chargebacks. Businesses must navigate complex chargeback processes, often burdened with proving the legitimacy of transactions. Moreover, excessive chargebacks can lead to penalties, higher processing fees, or even the termination of merchant accounts, impacting long-term viability.

50 %

Half of business decision makers agree that customer base is the most important factor for company growth.

What is billing fraud and false invoices?

Perpetrators may impersonate legitimate vendors or create fictitious invoices, deceiving businesses into making payments for goods or services they never received. Additionally, insiders could manipulate billing systems or inflate invoices to embezzle funds. These fraudulent activities lead to financial losses, damaged vendor relationships, and potential legal consequences. Without proper controls and oversight, billing fraud can persist undetected, undermining the financial health and viability of your business.

26 %

Billing fraud and false invoices is the most common type of small-medium business fraud (26%)

What are enumeration and card testing attacks?

Enumeration fraud and card testing attacks involve attackers exploiting payment systems by validating stolen card details. With enumeration fraud, criminals use automated scripts to guess card details, typically focusing on Card Verification Value (CVV) and expiration dates. Card testing attacks involve making small purchases or donations to verify if the stolen card details are still valid. Both methods aim to identify active cards for future fraudulent transactions. These attacks can result in significant financial losses and increased chargebacks for businesses.

700

700 Merchants involved in enumeration attacks daily

Tackling fraud: How ready is your business?

Businesses can take a proactive, multi-layered approach to tackle payment fraud. By integrating robust security practices – like encryption, strong password policies, and regular account monitoring – they can safeguard transactions. It's equally vital to educate both employees and customers on identifying risks and staying protected.

Here are key strategies to combat payment fraud effectively:

Get more help on tackling fraud

Download the Visa Security and Fraud Toolkit

We’ve created a standalone toolkit featuring all the information found on this page in an easy-to-digest PDF which you can download and share with your staff or colleagues.

shield icon

Practical Business Skills: Security and fraud

Learn what steps you can take to prevent fraud and data theft to protect your business and your customers on the Practical Business Skills website.

Useful resources