Merchant Credit Card Fraud: What It Is and How to Avoid It

Credit card fraud is one of the most common forms of fraud. Its repercussions flow not only to the person whose identity or credit card was stolen but also to the merchants who have processed payments. When you process a fraudulent transaction, not only could you be liable for it, but your reputation could also take a hit. 

Now, for many merchants (particularly SMBs), it is common to feel like fraud is unlikely to occur. After all, why would fraudsters target smaller businesses when they can go after larger merchants?

But the numbers show a different story. Industry statistics show that 39 percent of the world’s credit card fraud happens in the United States, making US merchants extremely vulnerable to these tactics. And it’s even worse for SMBs: When it comes to fraud, businesses with fewer than 100 employees lose twice as much per incident than those with 100+ on staff.

Needless to say, credit card fraud is a serious issue for merchants, which is why it’s essential that you educate yourself on the many aspects of fraud and how to prevent it. 

What Is Merchant Credit Card Fraud?

Credit card fraudsters can work to trick merchants in a variety of ways, both online and in-store. In a nutshell, credit card fraud encompasses any activity where a credit card is used by a person who does not actually own or have credit on the credit card.

Of the credit card fraud cases in the US, 25.7 percent of charges were made through an existing credit card. 21.4 percent were made using an existing checking or savings account. 15.9 percent were made using an existing debit account. 10.5 percent were made on an existing loan or line of credit, and 18.5 percent were made using financial platforms such as PayPal.

Types of Merchant Credit Card Fraud

There are a number of ways that scammers can commit fraud, many that are easy to detect and fight against and a few that are particularly tough to uncover. Below are the credit card fraud scams which impact merchants:

Counterfeit cards

Counterfeit cards are produced through skimming, where a scammer gets all of the victim’s card information and creates a fake magnetic swipe card that holds all of the victim’s card details. 

The fake stripe allows the scammer to create a fraudulent card that is entirely functional, meaning that scammers can use the card just as any regular, trustworthy consumer would—making this type of fraud very hard for merchants to spot. 

Another way this can be performed is by fraudsters who know the consumer’s card details, they can create a fake card, but in this case, the magnetic stripe won’t work, and the scammer will need to convince the merchant to enter the transaction manually. 

Lost or stolen cards

Perhaps the most common of all of the fraud methods, lost or stolen cards may be used by fraudsters who take the opportunity to go out on a shopping spree before the actual owner has noticed their card is missing. 

The thieves are most likely to make online purchases with the card, as this is where they can avoid entering a PIN. Otherwise, they will look for stores that have contactless card POS systems, where payments under a certain amount will go through without the PIN.  

Fake or doctored cards

These two methods rely on the merchant to input the credit card details manually; therefore, they should be easy to spot. 

Fake cards are cards that are created by scammers to deceive merchants, tricking them into processing payments that will later fail to process. 

Doctored cards are real cards that scammers disable by using strong magnets to erase the metallic stripe. When this information is deleted, they can change the details of the card to match valid cards. 

When this card is used at the merchant POS, it won’t work. But fraudsters will typically try to persuade merchants to put it through manually, take off with their goods, and then the merchant will find later that the transaction was not approved. 

Card-not-present fraud

The credit card fraud that is most prominent for online merchants is known as card–not-present fraud or CNP fraud. It’s 81% more common than fraud at the POS. CNP fraud is possible when no physical card is required to complete an online transaction. This means that scammers can simply steal card information; card number, expiry date, and CVV code. Then, ta-da, they can commit fraud. 

Card testing

A subset of CNP fraud is card testing, which is a method that involves making multiple small purchases on a website to determine whether or not a card is valid. This is typically used by bad actors with stolen credit card information. The fraudsters would “test” the validity of the card by making small purchases. If the transaction is successful, then they will know that the card works, and they can then use it to make larger purchases. In some cases, fraudsters will also sell valid credit card data on the dark web.

Card testing is often carried out using bots that initiate thousands of small charges through a merchant’s website. Because the amounts are small, they can slip through unsophisticated fraud detection tools and the merchant won’t catch the charges until it’s too late.

How to Prevent Merchant Credit Card Fraud

Fraud can have significant and frustrating impacts on merchants, who, in many cases, are lumped with the losses and obligated to perform chargebacks.

While it’s unlikely that credit card fraud can be eliminated entirely, safeguards can be put in place to help prevent merchant credit card fraud. The challenge is implementing solutions that provide enough security without inconveniencing customers with too many additional steps in the transaction process. 

Every credit card company or payment processor will have rules or procedures for fraud prevention. The first step toward fighting fraud is to carefully follow the instructions of the large institutions that also have it in their interests to protect against fraud. Failing to follow these rules can not only expose a merchant to fraud but can also cost them their provider, as many will drop merchants who fail to follow their established procedures.

Once a merchant is up to date on the rules of the payment processors, there are a few steps that can be taken to reduce fraud attempts, including: 

Decline manual payments

No matter how convincing a customer may be, make it company policy to decline to perform manual payments. This automatically stops any fraudsters with fake or doctored cards from completing their scams. 

Install a chip reader

Since the EMV chip reader POS systems have come out, there has been a drastic reduction in in-store fraud. Fraud has dropped by 76% amongst EMV-using merchants. Installing one of these systems means that the business is protected from any fraudulent cards which rely on the magnetic stripe, which is the majority of fraudulent cards. 

If unsure, call the credit card issuer

If there is someone in the store that a merchant feels could be a fraudster, it is advised to call the credit card issuer’s authorization center and ask for a “Code 10” authorization. If the transaction is denied, you can ask them for another form of payment. 

Implement extra security online

Look at technology such as CAPTCHA, Verified by Visa, Mastercard SecureCode, and other tools offered by credit card issuers to ensure online transactions are secure and able to block scammers attempting CNP fraud.

Many merchants believe that requiring the CVV code is enough to avoid fraud in online transactions, however, even if a scammer got their hands on credit card information and were missing the CVV code, there are only 999 possible codes, and there is excellent technology on the black market to make multiple minimal purchase attempts in order to crack the code. 

Who Is Liable for Merchant Credit Card Fraud?

It is the responsibility of the merchant to perform additional checks following a transaction approval from the credit card processor or registration service. Although providers will have their own checks in place, some things can fall through the cracks, and merchants must know when they are responsible for credit card fraud. 

Merchants that install a chip reader in-store and install tools like Visa’s Verified by Visa and Mastercard’s Mastercard SecureCode put the liability back on the card issuer, reducing their liability and impacts from fraud cases. 

How Different Card Networks Treat Merchant Credit Card Fraud

While there are standards across many card providers, such as the “Code 10” authorization, there may be variances between how these providers expect merchants to handle fraud cases. Merchants must make it a common internal practice to have staff review these rules and educate others on best practices. 

• Visa guidelines can be found in their Card Acceptance Guidelines for Merchants. Information on how to handle suspicious transactions can be found on pages 38 and 57.

• Mastercard has a Fraud Protection and Security section on its website which offers merchants step-by-step guidelines on what to do in the event they suspect fraud.

• American Express offers a Merchant Operating Guide, with comprehensive information guidelines for merchants across a range of topics, including reporting credit card fraud for American Express merchants. This and how to deter fraud can be found on page 59. 

• Discover has a Fraud Prevention Best Practices section on its website, which covers information and tips on how to proceed in card present and card not present situations. They also provide a resources page and additional information to help merchants learn what to look out for. 

What Happens When You’ve Accepted a Fraudulent Charge?

The most common scenario a merchant will face is a chargeback. Essentially, the true cardholder realizes there was a charge and alerts their bank, requesting that the bank undo the charge. Their bank will investigate the claim, determining if the transaction was truly fraudulent. At this point, the bank starts an official dispute with the merchant. 

As the merchant, you’ll have the ability to provide proof if the customer’s chargeback claim is false. However, if it was fraud, the cardholder’s funds will be returned to them. The merchant will also have to pay a chargeback fee to their payment processor. (And you can assume you’ve lost the product sold as well.) 

The chargeback fee is determined by your payment processor, but on average, they cost between $20-$100 per chargeback. Which means that those fees add up real quick. 

What to Do in a Fraud Case?

In the event that a merchant feels that fraud is being committed in-store, the first step is always to call the card issuer and ask for Code 10 authorization. This will help to avoid putting through a fraudulent transaction. If, however, the operation has gone through and the merchant is suspicious after the fact, it is advised by all of the card issuers that the fraudulent payment is reported immediately. 

The true card owner—the person whose information was stolen—has 60 days from the payment to dispute it. Therefore, merchants should have their own checks in place to look for suspicious transactions and catch them ahead of time. It is always best to be proactive, rather than reactive in these cases. 

The Bottom Line

For merchants, the best process is to have open lines of communication with all of the correct parties. Contact the card issuer, refer to the issuer guidelines to make sure all appropriate steps have been taken, contact the authorities if appropriate, and be available to provide any information to help the case be resolved as quickly as possible. 

Need more fraud protection? Payment Depot offers data breach protection for merchants. Learn more or get in touch with our team. We’d love to chat!

---

Quick FAQs about Merchant Credit Card Fraud

Q: What is merchant credit card fraud?

Merchant credit card fraud refers to any activity in which a fraudulent individual uses a credit card, either physically or through information stolen from a legitimate cardholder, to make unauthorized transactions. This form of fraud harms both the person whose card was used and the merchants who process the payments, leading to potential financial losses and reputational damage.

Q: What are the different types of credit card fraud scams that impact merchants?

• Counterfeit cards: Fake cards created using a victim’s card information through skimming.
• Lost or stolen cards: Fraudsters use cards belonging to others without their permission after obtaining access to them.
• Fake cards: Scammers create cards to deceive merchants and process payments that will later fail.
• Doctored cards: Fraudsters alter real cards by erasing and manipulating their magnetic stripes with strong magnets.
• CNP (Card Not Present) fraud: This form of fraud occurs when physical cards aren’t required, such as online transactions, where scammers use the cardholder’s personal information.

Q: What is the impact of credit card fraud on merchants?

Merchants face financial losses due to chargebacks, where the true cardholder disputes a fraudulent transaction and receives their funds back, leaving the merchant with added chargeback fees.

• Merchants may lose inventory or goods that they’ve previously sold during the fraud.
• If not addressed properly, fraud will cause a negative impact on the reputation of the business.

Q: What measures can merchants implement to prevent credit card fraud?

Refuse to perform manual payments, enforcing a company-wide policy.

• Install EMV chip reader POS systems, which would reduce the risk of in-store fraud.
• Use a Code 10 authorization, calling the credit card issuer’s authorization center to verify any suspicious transactions.
• Implement technologies like CAPTCHA, Verified by Visa, and Mastercard SecureCode to ensure online transactions are secure and safeguard against CNP fraud.
• Perform additional checks even after getting approval from credit card processors or registration services.

Q: How can merchants handle credit card fraud cases and minimize the impact?

• Be proactive in identifying and reporting suspicious transactions.
• Maintain open lines of communication with card issuers and authorities.
• Regularly review the guidelines and best practices of card providers.
• Establish and follow procedures for addressing potential fraud incidents.
• Monitor and maintain systems and processes to detect and prevent fraud.