Being the owner of a business that was associated with a Common Point of Purchase (CPP) does not mean that fraudulent purchases were made at your establishment, as one may assume. Rather, it means that your business was the target of a breach, during which, credit card numbers were potentially compromised. The majority of all CPPs are linked to small businesses. If you don’t know the size of your business, head over to our Merchant Level Blog.
The payment brands (Visa, MasterCard, Discover, American Express and JCB) are responsible for notifying merchant banks or acquirers (Capitol One, Bank of America, Target, etc.) of at-risk or compromised accounts by identifying patterns in spending, geography, vendor, and industry.
Upon receipt of a CPP notification by the payment brands, acquirers will notify the merchant and have 10 days to contain the breach. This is typically done in one of two ways; the first option is to cancel and reissue cards to their customers. Another option would be to initiate high-risk indicators on customer’s cards that may have been included in the breach. Both options are designed to prevent future fraud from occurring. Though the first option is a surefire way to prevent any additional fraud from occurring, it is expensive. Payment brands often choose to apply high-risk indicators to accounts instead. Once a breach has been completely contained and compliance has been regained, this information is relayed to the acquirer and, in turn, to the payment brand.
Now you may be asking yourself what you should be doing as a business owner to prevent your business from receiving a CPP notification. Our best advice is to give us a call at 877-556-8279 or visit our website. Our business is dedicated to making sure yours is safe and secure. We offer a line of cybersecurity products and services that can be used to prevent breaches from happening in the first place – saving you time and money and giving you peace of mind.