12 Ways to Prevent Credit Card Fraud at Your Business in 2019
The idea of being defrauded isn’t pleasant, but it’s something that every business owner needs to think about. Fraud incidents are a real possibility for any business, particularly if you accept credit cards.
According to the American Bankers Association, in 2018, there were 209,000 breached credit accounts. Not only that, but industry data shows that account takeover fraud increased by 177%.
Credit card fraud is clearly a prevalent issue. Criminals are getting sneakier as security improves more and more, so making sure you’re ready to prevent credit card fraud on all fronts is paramount.
This post will give you the information on how to do just that. In the paragraphs below, we’ll discuss the ins and outs of credit card fraud and the steps you should take to prevent it.
Types of credit card fraud
As we mentioned in our post on retail fraud, there are two main types of credit card fraud. They include:
Using a stolen card
Criminals often try to use stolen credit cards to make a purchase. If you process a sale from a stolen credit card the actual owner reports the transaction, you may be liable for the fraudulent charge.
Using a counterfeit card
This is when someone uses a fake credit card to buy something. The good news about counterfeit card fraud is that it has reduced by as much as 75% thanks to EMV chip cards.
That being said, there are still some counterfeit cards making rounds, so don’t get complacent.
Card present vs card not present credit card fraud
We can also classify credit card fraud based on whether or not a physical credit is used to make a fraudulent purchase. When a card is used in-person or in-store, that would be classified as a “card present” transaction.
Card not present (CNP) transactions, on the other hand, are purchases that were made without the merchant physically handling the credit card. Ecommerce, mail orders, and phone transactions fall under CNP territory.
CNP transactions pose a much higher risk for fraud because the merchant cannot physically examine the card. As such, the merchant has no way of knowing if the owner of the card is the one initiating the transaction.
CNP fraud has also increased quite a bit since the 2015 EMV rollout. With in-store credit card machines being more secure, criminals are turning to CNP transactions to carry out fraudulent activities.
Data from Javelin Strategy & Research found that as of 2018, CNP fraud is 81% more likely to occur than in-store fraud.
How to prevent card not present (CNP) fraud
So, what can you do to fight against CNP fraud? Consider the following recommendations:
Look out for suspicious activity
There are a few tell-tale signs of CNP fraud, so be on the lookout. If you spot any of the following red flags, you’ll need to either decline the purchase or hold the transaction for further verification:
Inconsistent or fake customer details – If someone’s order details don’t match up (for example, if they enter the wrong zip code) or if there’s information on there that’s clearly fake (for instance, using the phone number 555-5555), then that’s an indication that a transaction may be fraudulent.
Orders that fall outside the usual patterns – Did someone place an unusually large order? Did a customer try to purchase several units of the same item? These could be signs that fraud is taking place.
Several unsuccessful orders from the same user – This could be an indication that the customer is trying to guess a credit card number.
Pay attention to next-day orders
Since criminals need to do transactions quickly and receive goods before the fraud is discovered, look for especially large orders with next day shipping. There are many steps business owners can take to prevent fraud, but one general rule is to look more closely at orders that are not within the norm for your business or industry.
Perform website security checks regularly
Website security is essential for ecommerce businesses who are accepting payment via their website because credit card fraud can be more prevalent when criminals have the anonymity of the internet.
Doing regular security checks and maintenance is key, so that ecommerce businesses are always under the best protection and newest security features. Bringing in a security IT consultant can be very beneficial to make sure the business website does not have hidden security weaknesses.
Use a negative history file
Have a list of customers associated with fraudulent activity, frequent refunds, and excessive chargebacks. Have this list on file and make sure it contains details like names, phone numbers, credit card numbers, and IP address.
Having this database should help you weed out problematic transactions.
Use fraud prevention tools and services
Effectively combating fraud calls for sophisticated tools that can identify and stop suspicious activity. Consider using one or more of these tools to curb CNP fraud:
Address Verification System (AVS) – AVS confirms the billing address with the card issuer when authorizing the transaction. It’s a great way to determine if the person entering the card information is actually the one who owns the card.
Verified by Visa – This service is exactly what it sounds like. Verified by Visa uses 3-D Secure, an authentication solution that “enables the exchange of data between the merchant, card issuer and, when necessary, the consumer, to validate that the transaction is being initiated by the rightful owner of the account.”
Payment Processor – Choose a payment processor or merchant services provider that helps you combat fraud. Payment Depot, for example, has features like chargeback and risk monitoring and data breach protection to help ensure that your business doesn’t fall victim to fraud.
How to prevent card present or in-store fraud
In-person transactions may pose a lower risk for fraud, but that they’re not completely immune to shady activities. If you process card present transactions, take these steps to combat fraudulent charges.
Have the right payment technology
The right credit card machines and payment terminals can stop credit card fraud in its tracks. For starters, if you haven’t migrated to EMV-enabled devices yet, you need to do so ASAP.
Being EMV compliant means having a terminal or POS system that can process the new credit cards with chips embedded in them.
Making a switch to a credit card terminal that can accept chip cards is not mandatory, but because of the liability shift business owners would be risking the financial responsibility if credit card fraud should occur. Not only will business owners be protecting themselves by becoming EMV compliant, but they will also be contributing to the national effort to combat credit card fraud.
Inspect the card before processing
Closely inspect the card for signs tampering or damages. Such signs may include:
- The embossing on the card isn’t clear or straight
- The hologram is rough and isn’t three-dimensional
- There are signs of tampering on the front and back of the card
For obvious reasons, you should refuse to accept cards that have been altered or damaged. Also, take note of the expiry date. If a card is expired, ask for another form of payment or decline the transaction.
Verify customer details
Ask for customer identification before accepting a credit card, and see to it that the information between the shopper’s ID and their payment card match. Specifically, keep an eye out for:
- Their name
- Their signature
Compare the account number on the card with the number in the terminal and receipt.
Regardless of whether a card is swiped, tapped, or inserted into the machine, see to it that the digits on the card match the ones in your terminal.
And when you have the printed receipt, see to it that the last four numbers on the card match the ones on the receipt.
Be aware of your business’ averages and patterns
Make sure you know the typical basket sizes and average order values in your store. If a transaction falls completely outside of those averages, pay closer attention to that order and take extra steps to verify the card’s authenticity.
Knowing your numbers will also reduce issues when you’re processing legitimate transactions that happen to fall outside your averages.
Let’s say you’re a cafe that has an average order value $10. If a regular customer asks you cater an event (amounting to thousands of dollars) you’ll be able to inform your payment processor about the unusual transaction so it doesn’t get flagged.
Call in a Code 10
When in doubt, call in a Code 10 Authorization Request. Doing so will connect you to the card issuer, who will then ask a series of yes or no questions, as not to alert the customer that their card is being flagged.
A Code 10 call serves as a discreet way to verify against fraud.
Educate your staff
The staff of a small business can be one of the greatest vulnerabilities or one of the best defenses against credit card fraud depending on what they know. It’s up to the business owner/management to teach their staff about preventing fraud and enlightening them on the specific practices that are used at their company.
Making sure the staff is adequately prepared to prevent fraud is so important because often the business staff handles a large portion of sales and interactions from customers. Empowering them to use the correct practices and recognize potential fraud can prevent fraud from the beginning and put an owner’s mind at ease knowing the staff has been trained well.
Whether you’re selling online or in-person, it’s essential to keep yourself in-the-know when it comes to credit card fraud.
Follow the steps in this post to ensure that your business is well-protected from fraudulent activities.
Also, remember that there are multiple types of retail fraud. While credit cards are the most common target, criminals can also engage in things like return fraud, gift card fraud, and more. Be aware of these activities and continously educate yourself and your team on preventive measures.
As Mad-Eye Moody from the Harry Potter series likes to say, the key is having constant vigilance.