Fraud Prevention

Explore Credit Card Fraud Prevention Tips for Merchants

Credit card fraud continues to be a major risk to merchants — a threat that has potentially crippling financial implications. Of major concern are card-not-present (CNP) transactions, such as those handled by online and mail order/telephone order (MOTO) merchants.

Fortunately, there are simple, established steps you can take to lessen the likelihood that your business becomes the victim of online fraudsters and thieves.

How to Prevent Credit Card Fraud at Your Business

5 ways to avoid fraud for Card Present and Card-Not-Present (CNP) transactions.

1. Accept EMV chip cards.

EMV is the global standard for chip-based debit and credit card transactions, which fights against fraudulent charges.

Most experts conclude that the reason the United States has a higher amount of fraud than the rest of the world is because we have been slow to adopt EMV chip cards and EMV payments (the Fraud Liability Shift didn’t even go into place until October 2015). Countries that have been practicing EMV have had an exponential decrease in counterfeit fraud. For example, the United Kingdom saw a 70 percent decrease in fraud between 2005 and 2013.

By accepting EMV chip cards, you are joining the global fight against fraud, as well as:

• Keeping your business safe
• Protecting your customers’ data
• Avoiding liability
• Creating a consistent cardholder experience worldwide

2. Safely accept online payments.

Tip: A payment gateway is one of the best ways to accept online payments and provides you with the fraud screening tools you need. Jump to How a Payment Gateway Detects and Stops Online Fraud to learn more.

While accepting EMV payments reduces in-person credit card fraud, it doesn’t help fight online fraud. In fact, card-not-present transactions account for 45 percent of all fraudulent card usage.

Your business needs to take extra precaution against fraud when accepting online payments. Even though you do not see the cardholder, there are also a number of warning signs that a fraudulent charge is taking place:

• Orders that include several of the same items, especially when it would be unusual to purchase multiples
• Orders made up of “big-ticket” items that have high resale value
• “Rush” or “overnight” orders
• Orders that fail AVS (Address Verification Service) or CCV or CVV (the three- or four-digit value on the back of the card)
• An international order from a country that your business doesn’t market to for a product the cardholder should be able to purchase at home
• Multiple purchases on the same day
• Multiple purchases from the same IP address
• Orders shipped to a single address but made on multiple cards
• Multiple transactions on one card or similar cards with a single billing address but multiple shipping address
• Multiple failed attempts to purchase prior to a passing authorization
• Just because you don’t see the cardholder doesn’t mean you can’t suspect fraud. It is extremely important to be on the lookout for online fraud, not just in-person fraud!
  

3. Check your customer’s ID with every credit card purchase.

When asking for your customer’s identification, remember that you must be in accordance with the following rule:

• A merchant may request cardholder identification in a face-to-face environment. If the name on the identification does not match the name on the card, the merchant may decide whether to accept the card. If the cardholder does not have or is unwilling to present cardholder identification, the merchant must honor the card.
• Check the credit card. Make sure there isn’t obvious tampering or damage to the credit card. This may indicate a stolen credit card.
• Use Address Verification Service (or AVS) to confirm the cardholder’s billing address with the card issuer. If for any reason the billing address fails or does not match up with what the card issuer has on file, you can choose to decline the card.
• Look at the receipt and review it against the card. You may see some differences that throw up a red flag. Compare the cardholder’s name, last four digits of the account number, and signature on the card to those on the transaction receipt.
• Report fraud as it happens. No matter the precautions you take, there is still a chance your business can become a victim of credit card fraud. If you or your employees suspect you are victims of credit card fraud, there are ways you can act immediately.

4. Look out for Card Present transaction red flags.

• When accepting card-present transactions, be on the lookout for warning signs that the card holder may not be who they say they are. There are many indications that your “customer” potentially may be trying to commit fraud:
• Pulling a credit card out of a pocket rather than a wallet or purse
• Purchasing an unusual number of expensive items
• Purchasing an unusual variety of items, such as clothing of several different sizes or items with a wide variety of value
• Trying to rush you near closing time
• Telling you not to bother inserting their chip card or swiping their magnetic stripe card. For example: claiming the card is damaged or some such reason.
• Handing you their mobile phone claiming their bank is on the other end and will provide an approval code.
• Of course, if someone performs any of these actions, they may not be trying to commit fraud. Remember to use common sense and trust your instincts!
  

If you experience one or more of these, you should consider reporting this potentially fraudulent transaction.

5. Do you suspect fraud?

• Call the card issuer’s authorization center and tell the operator you have a “code 10 authorization request”
• Remain calm and avoid alerting the person presenting the card. Your priority is to keep your employees safe and out of harm’s way
• Keep the card in question in your possession to address any questions
• Answer the operator’s questions in a normal tone. Simply say “yes” or “no” and follow the instructions provided to you
• For the safety of both you and your staff, do not, under any circumstances, confront or try to apprehend the customer
• If necessary, the operator will notify the police while you or your employee waits on the line
• If you discover a fraudulent transaction occurs, contact the following resources to assist you:
  • Your merchant services provider, like TransNational Payments
  • Your bank
  • The local authorities
  • Legal counsel

It is important to move as quickly as possible if you suspect fraud.

Bonus: Combine all of these credit card fraud best practices into a procedure for your business. 

Train yourself and your employees to respond quickly when you notice fraud. An easy way to manage credit card fraud is to make a procedure for your employees to follow when they accept card payments. By creating a procedure, you are making a habit of fighting credit card fraud.

What You Need to Know About Fraud Rings

Fraud rings, or organizations of criminals who try to defraud businesses and consumers, thrive on consumer and merchant complacency. These groups look for merchants that have not taken the time to enhance their security and fraud prevention. If you aren’t using secure payment technology to accept credit cards, you’re vulnerable to data breaches, phishing/spoofing, ransomware, malware/scareware, identity theft and more.

Fraud ring attacks can include a range of tactics including: paying with stolen credit cards, chargeback fraud involving complicit cardholders and creating schemes to create large-scale layered fraud against multiple merchants.

The hallmark feature of fraud rings are the coordinated and interconnected efforts of multiple fraudsters to steal from and defraud merchants.

What differentiates fraud rings from a small-time criminal is the level of sophistication involved in fraud ring attacks. Think of the people behind fraud rings as professional fraudsters – they approach their “job” just as seriously as anyone else. They take advantage of the latest in technology, communication and payments to make it easy for them to succeed at defrauding merchants.

Fraud rings, or organizations of criminals who try to defraud businesses and consumers, thrive on consumer and merchant complacency.

Merchants using payments solutions that monitor for out-of-context sales, IP address data and traffic, frequency of sales from one device or cardholder, and other high-risk sales indicators can beat fraud rings at their game. Remember, fraud rings look for merchants who are not using the latest in credit card processing technology.

Keep in mind, fraudsters want to do more than commit chargeback fraud, they seek ways to attack your business and your customers repeatedly. Once they identify a hole in your fraud prevention security, they’ll use numerous methods to penetrate your customer database to get exactly what they want.

The best thing you can do is to be proactive.

How to avoid 3 common types of online payment fraud

Online shopping may be an increasingly popular and convenient way to order and pay for products and services, but it’s still at high risk for fraud. In fact, because e-commerce is built on Card-Not-Present (CNP) transactions — meaning physical cards are not swiped to make online purchases — e-commerce merchants are more likely to encounter fraud attempts. When you can’t see the customer’s card, you need to respond with extra precaution. Learn how to avoid the 3 most common types of online payment fraud and prevent cyber attacks against your small business:

1. Stolen or Lost Credit Card

It happens tens of millions of times each year: Criminals steal credit card information like account numbers, billing addresses, CCV or CVV numbers and expiration dates from millions of cardholders and business databases and make fraudulent purchases in the billions. Online payment fraud is a serious challenge for e-commerce stores, but luckily, there are steps you can take to prevent card theft at your business:

• Use Address Verification Service (AVS) and request card security codes like a card code value (CCV) or a card verification value (CVV).
• A great online payment gateway will offer an arsenal of fraud screening tools to reduce the risk of fraudulent transactions. A payment gateway also reduces your liability by storing credit card transactions in the gateway instead of on your website.
• Track credit and debit card numbers, IP addresses and email addresses that are associated with known fraudulent transactions.
• Flag any purchase orders with quantities or transaction values outside of the normal range.

2. Card Testing Fraud

Tip: Our quick-read blog Card Testing Fraud: What You Need to Know explores this further.

When fraudsters obtain a bulk of stolen credit and debit card information, they may try to distinguish those already reported to issuers by “testing” each card with low-ticket transactions from trusted businesses and organizations. Here are some steps you can take to help mitigate these attacks:

• Add AVS and card security code verification to your checkout process can slow down the speed of each payment transaction and render your site a less attractive target.
• Monitor device, IP address, and IP geolocation velocity to flag irregular purchase activity above a predefined threshold.
• Identify each buyer’s device and/or true IP address (i.e. behind any web proxy)

3. Intercepting and Stealing Packages

Card thieves can use stolen card information to purchase hard goods and then intercept them during delivery. To help avoid the costs of lost goods, merchant chargebacks, and refunds, consider the following techniques:

• Flag potentially risky orders for manual review prior to shipment and contacting cardholders directly to authenticate the order.
• Require each customer’s billing address when accepting payment; once confirmed, it can serve as a cross-check when evaluating the shipping address.
• Implement a velocity check on each shipping address and flagging those that exceed your cap.

5 Warning Signs That E-commerce Fraud Is Occurring

Be on the lookout for these red flags when you accept payments online and train your employees to recognize these fraud warning signs:

1. Orders from an untraceable email account or unfamiliar domains. Ask the customer to verify with an address that can be traced back to their location. If the customer is legitimate, they should appreciate the steps you take to safeguard them and you.
2. Shipping and billing addresses that don’t match. Often a thief provides the billing address that’s on file with the card issuer, but they want the order shipped to a different location. Make it a practice to ship only to the billing address.
3. Orders from outside the country. International orders reportedly account for nearly 30 percent of all fraudulent transactions. Ask your merchant services provider for their list of countries that are considered particularly high risk.
4. Larger-than-normal orders. Big orders can mean big headaches. If an order comes in that’s much larger than your typical order, or if it’s for large numbers of one or more particular items, be suspicious. Multiple items billed to multiple credit cards but all shipped to the same address may also be an indication of thieves at work.
5. Very small orders. Some fraudsters place orders for very small amounts to test the validity of the card information they’ve stolen.

 14 Chargeback Prevention Tips

As a merchant, the more information you collect and the clearer your refund/return policies are, the better the chances of you preventing or winning a chargeback dispute.

7. Compare the signature on the sales receipt to the signature on the back of the customer’s card and driver’s license.

8. Verify that the number on the screen matches the embossed number on the card.

9. Obtain customers’ full billing information such as the name of cardholder, billing address, and billing phone number.

10. When prompted, enter the cardholders address or zip code, this is known as Address Verification Services (AVS).

11. Enter the three or four digit code on the back of the card.

12. Document clear return policies and terms and conditions on your website or invoice.

13. Use shipping that is able to provide proof of delivery to the billing address should there be a dispute.

14. When shipping high price items, request a signature for the merchandise to be released to the buyer.