Credit Card Processing Fraud Prevention for Merchants
Explore Credit Card Fraud Prevention Tips for Merchants
Credit card fraud continues to be a major risk to merchants — a threat that has potentially crippling financial implications. Of major concern are card-not-present (CNP) transactions, such as those handled by online and mail order/telephone order (MOTO) merchants.
Fortunately, there are simple, established steps you can take to lessen the likelihood that your business becomes the victim of online fraudsters and thieves.
Table of Contents
Credit Card Fraud Prevention for Merchants
How to Prevent Credit Card Fraud at Your Business
5 ways to avoid fraud for Card Present and Card-Not-Present (CNP) transactions.
1. Accept EMV chip cards.
EMV is the global standard for chip-based debit and credit card transactions, which fights against fraudulent charges.
Most experts conclude that the reason the United States has a higher amount of fraud than the rest of the world is because we have been slow to adopt EMV chip cards and EMV payments (the Fraud Liability Shift didn’t even go into place until October 2015). Countries that have been practicing EMV have had an exponential decrease in counterfeit fraud. For example, the United Kingdom saw a 70 percent decrease in fraud between 2005 and 2013.
By accepting EMV chip cards, you are joining the global fight against fraud, as well as:
- Keeping your business safe
- Protecting your customers’ data
- Avoiding liability
- Creating a consistent cardholder experience worldwide
2. Safely accept online payments.
Tip: A payment gateway is one of the best ways to accept online payments and provides you with the fraud screening tools you need. Jump to How a Payment Gateway Detects and Stops Online Fraud to learn more.
While accepting EMV payments reduces in-person credit card fraud, it doesn’t help fight online fraud. In fact, card-not-present transactions account for 45 percent of all fraudulent card usage.
Your business needs to take extra precaution against fraud when accepting online payments. Even though you do not see the cardholder, there are also a number of warning signs that a fraudulent charge is taking place:
- Orders that include several of the same items, especially when it would be unusual to purchase multiples
- Orders made up of “big-ticket” items that have high resale value
- “Rush” or “overnight” orders
- Orders that fail AVS (Address Verification Service) or CCV or CVV (the three- or four-digit value on the back of the card)
- An international order from a country that your business doesn’t market to for a product the cardholder should be able to purchase at home
- Multiple purchases on the same day
- Multiple purchases from the same IP address
- Orders shipped to a single address but made on multiple cards
- Multiple transactions on one card or similar cards with a single billing address but multiple shipping address
- Multiple failed attempts to purchase prior to a passing authorization
- Just because you don’t see the cardholder doesn’t mean you can’t suspect fraud. It is extremely important to be on the lookout for online fraud, not just in-person fraud!
3. Check your customer’s ID with every credit card purchase.
When asking for your customer’s identification, remember that you must be in accordance with the following rule:
- A merchant may request cardholder identification in a face-to-face environment. If the name on the identification does not match the name on the card, the merchant may decide whether to accept the card. If the cardholder does not have or is unwilling to present cardholder identification, the merchant must honor the card.
- Check the credit card. Make sure there isn’t obvious tampering or damage to the credit card. This may indicate a stolen credit card.
- Use Address Verification Service (or AVS) to confirm the cardholder’s billing address with the card issuer. If for any reason the billing address fails or does not match up with what the card issuer has on file, you can choose to decline the card.
- Look at the receipt and review it against the card. You may see some differences that throw up a red flag. Compare the cardholder’s name, last four digits of the account number, and signature on the card to those on the transaction receipt.
- Report fraud as it happens. No matter the precautions you take, there is still a chance your business can become a victim of credit card fraud. If you or your employees suspect you are victims of credit card fraud, there are ways you can act immediately.
4. Look out for Card Present transaction red flags.
- When accepting card-present transactions, be on the lookout for warning signs that the card holder may not be who they say they are. There are many indications that your “customer” potentially may be trying to commit fraud:
- Pulling a credit card out of a pocket rather than a wallet or purse
- Purchasing an unusual number of expensive items
- Purchasing an unusual variety of items, such as clothing of several different sizes or items with a wide variety of value
- Trying to rush you near closing time
- Telling you not to bother inserting their chip card or swiping their magnetic stripe card. For example: claiming the card is damaged or some such reason.
- Handing you their mobile phone claiming their bank is on the other end and will provide an approval code.
- Of course, if someone performs any of these actions, they may not be trying to commit fraud. Remember to use common sense and trust your instincts!
If you experience one or more of these, you should consider reporting this potentially fraudulent transaction.
5. Do you suspect fraud?
- Call the card issuer’s authorization center and tell the operator you have a “code 10 authorization request”
- Remain calm and avoid alerting the person presenting the card. Your priority is to keep your employees safe and out of harm’s way
- Keep the card in question in your possession to address any questions
- Answer the operator’s questions in a normal tone. Simply say “yes” or “no” and follow the instructions provided to you
- For the safety of both you and your staff, do not, under any circumstances, confront or try to apprehend the customer
- If necessary, the operator will notify the police while you or your employee waits on the line
- If you discover a fraudulent transaction occurs, contact the following resources to assist you:
- Your merchant services provider, like TransNational Payments
- Your bank
- The local authorities
- Legal counsel
It is important to move as quickly as possible if you suspect fraud.
Bonus: Combine all of these credit card fraud best practices into a procedure for your business.
Train yourself and your employees to respond quickly when you notice fraud. An easy way to manage credit card fraud is to make a procedure for your employees to follow when they accept card payments. By creating a procedure, you are making a habit of fighting credit card fraud.
What You Need to Know About Fraud Rings
Fraud rings, or organizations of criminals who try to defraud businesses and consumers, thrive on consumer and merchant complacency. These groups look for merchants that have not taken the time to enhance their security and fraud prevention. If you aren’t using secure payment technology to accept credit cards, you’re vulnerable to data breaches, phishing/spoofing, ransomware, malware/scareware, identity theft and more.
Fraud ring attacks can include a range of tactics including: paying with stolen credit cards, chargeback fraud involving complicit cardholders and creating schemes to create large-scale layered fraud against multiple merchants.
The hallmark feature of fraud rings are the coordinated and interconnected efforts of multiple fraudsters to steal from and defraud merchants.
What differentiates fraud rings from a small-time criminal is the level of sophistication involved in fraud ring attacks. Think of the people behind fraud rings as professional fraudsters – they approach their “job” just as seriously as anyone else. They take advantage of the latest in technology, communication and payments to make it easy for them to succeed at defrauding merchants.
Fraud rings, or organizations of criminals who try to defraud businesses and consumers, thrive on consumer and merchant complacency.
Merchants using payments solutions that monitor for out-of-context sales, IP address data and traffic, frequency of sales from one device or cardholder, and other high-risk sales indicators can beat fraud rings at their game. Remember, fraud rings look for merchants who are not using the latest in credit card processing technology.
Keep in mind, fraudsters want to do more than commit chargeback fraud, they seek ways to attack your business and your customers repeatedly. Once they identify a hole in your fraud prevention security, they’ll use numerous methods to penetrate your customer database to get exactly what they want.
The best thing you can do is to be proactive.
How to Decrease Card Not Present (CNP) Fraud
The Oct. 2015 EMV fraud chargeback liability shift has resulted in a significant drop in fraudulent card present payment transactions, but at the same time, spiked card not present (CNP) fraud. Some studies show CNP fraud increased by 12 percent or more. A card-not-present (CNP) transaction is when a cardholder makes a purchase away from the point of sale (online, phone, etc.), and the merchant doesn’t have access to the physical card used.
E-commerce merchants looking to reduce fraud should consider adopting an approach that involves some of the following processes:
- Device Identification
- Rules Based Filters
- CVV Verification
- AVS Authentication
- Customer Identification Confirmation (by contacting via email or phone prior to shipping)
Another way to decrease CNP fraud is to recognize and look for fraud red flags. Here are some common CNP fraud warning signs:
- First-time shopper
- Larger than normal order
- Order that includes several of the same item
- Order with many big-ticket items
- Rush or overnight shipping requested
- Shipping to an international address
- Transactions with similar account numbers
- Transactions placed on multiple cards all shipping to a single address
- Multiple transactions on one card over a short period of time
- Multiple transactions on a card with a single billing address, shipping to multiple addresses
- Multiple cards used from a single IP address
- Orders from Internet addresses that make use of free e-mail services
What is EMV?
EMV is the best available technology for validating cards and cardholders. It makes the card virtually impossible to copy, thus reducing the possibility of accepting counterfeit cards.
The chip embedded in the card stores cardholder data and creates a unique value for each transaction. This dynamic authentication makes each transaction unique and more secure.
Important benefits of adopting EMV payment technology for your business include:
A chip card-enabled terminal validates the card and the cardholder authenticates that they are the card owner while the card is still in the credit card terminal.
Security features built into the chip reduce lost, stolen and counterfeit fraud. Unlike traditional magnetic stripe transactions, the EMV credit card terminals and chip-enabled cards work together to validate the card and cardholder.
Reduce Financial Liability
Since the Oct. 2015 liability shift, merchants that are unable to support chip cards have been held financially responsible if a fraudulent transaction occurs.
E-Commerce Fraud Prevention for Merchants
How to avoid 3 common types of online payment fraud
Online shopping may be an increasingly popular and convenient way to order and pay for products and services, but it’s still at high risk for fraud. In fact, because e-commerce is built on Card-Not-Present (CNP) transactions — meaning physical cards are not swiped to make online purchases — e-commerce merchants are more likely to encounter fraud attempts. When you can’t see the customer’s card, you need to respond with extra precaution. Learn how to avoid the 3 most common types of online payment fraud and prevent cyber attacks against your small business:
1. Stolen or Lost Credit Card
It happens tens of millions of times each year: Criminals steal credit card information like account numbers, billing addresses, CCV or CVV numbers and expiration dates from millions of cardholders and business databases and make fraudulent purchases in the billions. Online payment fraud is a serious challenge for e-commerce stores, but luckily, there are steps you can take to prevent card theft at your business:
- Use Address Verification Service (AVS) and request card security codes like a card code value (CCV) or a card verification value (CVV).
- A great online payment gateway will offer an arsenal of fraud screening tools to reduce the risk of fraudulent transactions. A payment gateway also reduces your liability by storing credit card transactions in the gateway instead of on your website.
- Track credit and debit card numbers, IP addresses and email addresses that are associated with known fraudulent transactions.
- Flag any purchase orders with quantities or transaction values outside of the normal range.
2. Card Testing Fraud
Tip: Our quick-read blog Card Testing Fraud: What You Need to Know explores this further.
When fraudsters obtain a bulk of stolen credit and debit card information, they may try to distinguish those already reported to issuers by “testing” each card with low-ticket transactions from trusted businesses and organizations. Here are some steps you can take to help mitigate these attacks:
- Add AVS and card security code verification to your checkout process can slow down the speed of each payment transaction and render your site a less attractive target.
- Monitor device, IP address, and IP geolocation velocity to flag irregular purchase activity above a predefined threshold.
- Identify each buyer’s device and/or true IP address (i.e. behind any web proxy)
3. Intercepting and Stealing Packages
Card thieves can use stolen card information to purchase hard goods and then intercept them during delivery. To help avoid the costs of lost goods, merchant chargebacks, and refunds, consider the following techniques:
- Flag potentially risky orders for manual review prior to shipment and contacting cardholders directly to authenticate the order.
- Require each customer’s billing address when accepting payment; once confirmed, it can serve as a cross-check when evaluating the shipping address.
- Implement a velocity check on each shipping address and flagging those that exceed your cap.
How a Payment Gateway Detects and Stops Online Fraud
With a payment gateway from TransNational Payments, you’re guaranteed fraud screening tools like: iSpy Fraud, Address Verification Service (AVS), card code value (CCV) and card verification value (CVV), secure data storage and more. See related: Payment Gateway and Online Payment Processing Guide
Here are 4 ways a payment gateway lets you catch online “fraudsters” in the act:
Address Verification Service (AVS)
The Address Verification System is one of the most widely used forms of fraud prevention for card-not-present purchases. It’s a numeric address verification system that matches customer information with the information on file with the card issuer.
When a merchant makes sure to use AVS and receives a “full match” response, meaning the street address number and zip code the customer uses matches the numbers of the card issuer, it greatly reduces (but doesn’t eliminate) the merchant’s risk of fraud or a chargeback.
Card Code Value (CCV) and Card Verification Value (CVV)
On credit or debit cards there is a 3 digit number for Visa and MasterCard, and 4 digits for American Express. This CCV or CVV number is located on the back of the card for Visa and MC, and the front for Amex. When the customer provides the merchant with the CCV or CVV code online, this is proof that the customer actually has the credit or debit card in their hands.
This helps to reduce fraud, and keeps the merchant and the customer safe. CVV and CCV are also known as CSC numbers (“Card Security Code”) as well as CVV2 numbers.
Secure Online Storage
An internet payment gateway also helps prevent fraud and reduces your liability by storing credit card information in the gateway rather than a more vulnerable location like your website.
5 Warning Signs That E-commerce Fraud Is Occurring
Be on the lookout for these red flags when you accept payments online and train your employees to recognize these fraud warning signs:
- Orders from an untraceable email account or unfamiliar domains. Ask the customer to verify with an address that can be traced back to their location. If the customer is legitimate, they should appreciate the steps you take to safeguard them and you.
- Shipping and billing addresses that don’t match. Often a thief provides the billing address that’s on file with the card issuer, but they want the order shipped to a different location. Make it a practice to ship only to the billing address.
- Orders from outside the country. International orders reportedly account for nearly 30 percent of all fraudulent transactions. Ask your merchant services provider for their list of countries that are considered particularly high risk.
- Larger-than-normal orders. Big orders can mean big headaches. If an order comes in that’s much larger than your typical order, or if it’s for large numbers of one or more particular items, be suspicious. Multiple items billed to multiple credit cards but all shipped to the same address may also be an indication of thieves at work.
- Very small orders. Some fraudsters place orders for very small amounts to test the validity of the card information they’ve stolen.
Chargeback Prevention for Merchants
What is a Chargeback?
When a credit card transaction is disputed by either your customer or by a customer’s credit card Issuer, you may receive a chargeback. If a chargeback occurs, the amount of the original sale will be deducted from the checking account on file with your Merchant account.
Common Reasons for Chargebacks
- The cardholder disputes taking part in a transaction, the quality or the receipt of merchandise or services
- The cardholder claims to not have received the purchased merchandise or services
- The amount charged to the card was incorrect
- Proper authorization was not obtained
- The card was stolen or used without the owner’s knowledge
- Processing errors, such as an incorrect calculation on the sales draft, an invalid account number being entered, or an expired card being accepted, were made during the transaction
- A retrieval request for supporting information was not sent within the requested time frame
14 Chargeback Prevention Tips
As a merchant, the more information you collect and the clearer your refund/return policies are, the better the chances of you preventing or winning a chargeback dispute.
1. Make sure the business name that appears on the cardholder’s statement is a name that your customer will recognize.
2. Provide a local or 800 number on invoices and receipts for customers to contact you directly with purchase questions and concerns.
3. When a customer is due a credit and the original sale was made on a card, process the credit back to the original card number – do not refund by cash or check. If credit is due on more than one sale, process each credit individually.
4. When possible, avoid taking credit card numbers over the phone. Encourage customers to come in to the store and swipe their credit card.
5. Always check the identification of the cardholder – do not accept a borrowed card.
6. Never accept an expired card.
7. Compare the signature on the sales receipt to the signature on the back of the customer’s card and driver’s license.
8. Verify that the number on the screen matches the embossed number on the card.
9. Obtain customers’ full billing information such as the name of cardholder, billing address, and billing phone number.
10. When prompted, enter the cardholders address or zip code, this is known as Address Verification Services (AVS).
11. Enter the three or four digit code on the back of the card.
12. Document clear return policies and terms and conditions on your website or invoice.
13. Use shipping that is able to provide proof of delivery to the billing address should there be a dispute.
14. When shipping high price items, request a signature for the merchandise to be released to the buyer.