The People Part of the P-Card Training Equation

When revising your P-Card training and considering the needs of trainees, look further than just their job titles. Drill down to some specific characteristics that can impact which training approaches you decide to implement. The other “people part” of the equation is the trainer. Assigning this role to the P-Card program manager or administrator is not the only option. At the 22nd National Cards and Payments on Campus Conference earlier this year, breakout session speaker Helen Kubiak, CPCP, from Lone Star College addressed a wide range of P-Card training aspects. Below, I am sharing her tips related to both trainees and trainers, including what to prepare for that you might not expect. Giving more thought to the “who” portion of a training plan improves the chances of everyone having a positive experience.

Who Will Be Trained?

We know that mandating training for cardholders and managers is a best practice, but, as Helen stressed during her conference session, one size does not fit all. I completely agree. Beyond job titles, cardholders and managers alike will possess different attitudes, computer skills, training preferences, etc. Helen recommends asking trainees what they need and then responding accordingly. For example, senior-level cardholders may want one-on-one training in the privacy of their office. Others might feel most comfortable with online, on-demand training.

When it comes to classroom training on the technology they will use, avoid mixing computer novices with those who are computer fluent. If they are together, the pace will either be too fast or too slow, and a portion of the audience will be frustrated. After the initial training, Helen endorses regularly offering open computer lab times with trainers on hand to help cardholders reconcile their transactions.

Finally, prepare for pushback. Helen described how a trainee once surprised her by asking, “I was hired to do X, so why do I have to do these administrative tasks?” In my career, I encountered pushback from a manager who thought P-Cards added work to his department. When I described the purchase-to-pay process with and without cards, he was able to see that P-Cards provided more benefits overall. In addition, I reiterated how the P-Card program was supported by senior management.

Who Should Deliver the Training?

As the subject matter expert (SME), the P-Card program manager or administrator (PM/PA) is a natural choice. They know the frequently asked questions and common P-Card situations to cover during training. However, an SME is not always the best trainer. They might know their stuff, but fail to engage an audience and/or not be comfortable in the role.

Some organizations centralize their internal training needs by having a designated training department cover a variety of topics. Would it make sense to add P-Card training to their list? Helen acknowledges that it can be hard for the PM/PA to relinquish the trainer role, but it could be worth evaluating if your organization has the capability. I think that this arrangement would work best for a virtual, on-demand platform. The PM/PA could provide a script that the trainer uses to create a polished, finished product. In a classroom setting, an organization trainer might not be equipped to answer detailed P-Card questions from trainees.

No matter who delivers the training, ensure they have the right skills, which might mean they should attend a class geared toward trainers. Even good trainers are susceptible to what Helen identifies as losing energy over time. She shared, “Sometimes when you think you’re in a groove [as a trainer], you’re really in a rut.” This can happen when a trainer is so familiar with the material that he or she goes into auto-pilot mode. You have to seek ways to keep the energy level up and the content fresh. Helen even suggests incorporating some humor into in-person training sessions when appropriate.

Final Thoughts

Motivated trainers who are willing to mix things up and cater to the needs of trainees will see a payoff for their efforts. During her session, Helen nicely summed up P-Card training by expressing, “Empowered (trained) employees contribute to program growth.” Absolutely!

See more training-related content from Recharged Education, including four attributes of effective training.

Giving more thought to the “who” portion of your P-Card training plan improves the chances of everyone having a positive experience.

Giving more thought to the “who” portion of your P-Card training plan improves the chances of everyone having a positive experience.



Subscribe to the Blog

Receive notice of new blog posts.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Do Your Audits Test Employees’ Knowledge?

Would your cardholders be able to spot and prevent a scam? A national company became a victim of business email compromise (BEC) fraud involving gift cards, even though the employee who fell for it was trained on information security. This highlights a critical component that all training programs should include: auditing. Besides covering key topics within training presentations, testing employees’ knowledge through process audits can reveal how well the training has sunk in. Keep reading to learn what happened and see if your organization is already following the presented action items.

What Happened

Proving that no organization is immune to external fraud, the company in question is in the financial services industry, which, of course, is very focused on information security. One of the manager-level employees received an email that looked like it was from a senior management member. It directed the employee to buy $2,000 worth of gift cards to be used for employee recognition purposes. The big red flag was that it instructed the employee to take immediate action following the purchase rather than go back to the office first. It stressed that the employee should uncover the cards’ security codes and then reply to the email by sending photos of the fronts and backs of the cards. The employee complied. It was discovered by the Info-Security team when they were researching the same type of fraud reported by a different employee, who recognized the scam and did not fall for it.

Action Items

  • Ensure all employees—not just cardholders—are trained annually on information security. They should scrutinize any email requests that are seemingly out of the blue—something they were not expecting—and/or are different than “normal” business operations. When in doubt, they should independently verify a request and report any fraudulent attempts to the Info-Security team.

  • Keep your training current by refreshing as needed to include new fraud types and variations of common scams.

    See also additional training-related content...

  • Routinely share examples of fraud (from the news and blogs like this) to keep security at the forefront of people’s minds.

  • Within your process audits, try to simulate a scam to see if employees take the appropriate action.

  • Ask your IT group about automatically marking emails from external sources, which can help make employees more vigilant.

About BEC Fraud

As reported by the FBI, business email compromise (BEC) is a $12B scam. It is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. While it is most often associated with requests for wire payments, fraudulent requests may pertain to personal information (e.g., W-2 forms). As this blog post demonstrates, the scam has widened to include gift cards.

Would your cardholders be able to see a scam targeted at them?

Would your cardholders be able to see a scam targeted at them?



Subscribe to the Blog

Receive notice of new blog posts.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Fallback Card Fraud Hits Home

Despite the inherent protections of chip cards (also known as EMV cards), card-present fraud still occurs and, unfortunately, I have first-hand experience. I live in Minnesota, but someone used a counterfeit version of my card account—with a fake/unreadable chip—to make purchases at big box retailers in the Miami, Florida area. My card issuer alerted me within an hour of the fraudster completing six successful transactions one morning last week. These are considered “fallback transactions” because a card was inserted into each store’s POS chip reader, but, when it didn’t work, the fraudster made the purchases by falling back to the old method—swiping the magnetic stripe. I assume the fraudster went into stores instead of shopping online because they likely lacked information required for most online purchases like the security code on the back of the card and/or part or all of the billing address.

Fallback fraud has become increasingly more common as fraudsters continue to reinvent their methods of operation in response to advancements in card security. I’ve read articles suggesting that card issuers should decline fallback transactions at the POS due to the risk of fraud, but, of course, such transactions could be legitimate. There could be a problem with the POS device, the chip on a real card, or the way a cardholder inserts the card into a chip reader.

We know card fraud can happen to anyone. Fortunately, card issuers typically protect cardholders from financial losses. Nevertheless, for Commercial Card programs, it still pays to take precautions. Following are three action items for card program managers.

Action Items for Card Program Managers

1. Train cardholders on card security practices, such as:

  • how to properly dispose of documentation reflecting their account number

  • the approved devices for making business purchases electronically (e.g., work computer versus home computer)

  • how to safely make purchases electronically (e.g., do not use public/unsecured WiFi, look for “https” in a web address, etc.)

2. Verify whether your card issuer sends text messages to cardholders about potential fraud, as this is typically the quickest way to reach a cardholder. If yes, encourage your cardholders to provide their mobile number to the card issuer. (In my case, my card issuer communicated three ways: text, email, and phone).

3. Ensure cardholders know how the issuer would alert them in cases of potential fraud and what the communications would look like. Cardholders should be equipped to discern between legitimate and fraudulent communications. Internal auditors should test their awareness as part of their annual “process audits.”

Final Thought

Above all, cardholders need to be diligent. They should quickly return messages from the card issuer, but ensure they have the right information for determining whether a purchase is fraudulent. In my case, the first text from the issuer only specified the vendor and dollar amount of the first fraudulent charge. Coincidentally, the day prior, I used the same vendor in Minnesota and the dollar total was nearly the same. I almost replied that the transaction was fine, but decided to wait until I could view my receipt. Subsequently, I saw the related email, which provided the key piece of information—that the transaction occurred in Florida.

Related Resources

Visit the card/payment security page for content about EMV, phishing, cybersecurity and more.



Subscribe to the Blog

Receive notice of new blog posts.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more