Merchant Credit Card Fraud: What It Is and How to Avoid It

Credit card fraud is one of the most common forms of fraud. Its repercussions flow not only to the person whose identity or credit card was stolen, but also the merchants who have processed payments. When you process a fraudulent transaction, not only could you be liable for it, but your reputation could also take a hit. 

Now, for many merchants (particularly SMBs), it is common to feel like fraud unlikely to occur. After all, why would fraudsters target smaller businesses when they can go after larger merchants?

But the numbers show a different story. Industry statistics show that 46 percent of the world’s credit card fraud happens in the United States, making US merchants extremely vulnerable to these tactics. And it’s even worse for SMBs: When it comes to fraud, businesses with fewer than 100 employees lose twice as much per incident than those with 100+ on staff.

Needless to say, credit card fraud is a serious issue for merchants, which is why it’s essential that you educate yourself on the many aspects of fraud and how to prevent it. 

What is Merchant Credit Card Fraud

Credit card fraudsters can work to trick merchants in a variety of ways, both online and in-store. In a nutshell, credit card fraud encompasses any activity where a credit card is used by a person who does not actually own or have credit on the credit card.

Of the credit card fraud cases in the US, 25.7 percent of charges were made through an existing credit card. 21.4 percent were made using an existing checking or savings account. 15.9 percent were made using an existing debit account. 10.5 percent were made on an existing loan or line of credit, and 18.5 percent were made using financial platforms such as PayPal.

Types of Merchant Credit Card Fraud

There are a number of ways that scammers can commit fraud, many that are easy to detect and fight against and a few that are particularly tough to uncover. Below are the credit card fraud scams which impact merchants:

Counterfeit Cards

Counterfeit cards are produced through skimming, where a scammer gets all of the victims’ card information and creates a fake magnetic swipe card which holds all of the victims’ card details. 

The fake stripe allows the scammer to create a fraudulent card that is entirely functional, meaning that scammers can use the card just as any regular, trustworthy consumer would — making this type of fraud very hard for merchants to spot. 

Another way this can be performed is by fraudsters who know the consumer’s card details, they can create a fake card, but in this case, the magnetic stripe won’t work, and the scammer will need to convince the merchant to enter the transaction manually. 

Lost or Stolen Cards

Perhaps the most common of all of the fraud methods, lost or stolen cards may be used by fraudsters who take the opportunity to go out on a shopping spree before the actual owner has noticed their card is missing. 

The thieves are most likely to make online purchases with the card, as this is where they can avoid entering a PIN. Otherwise, they will look for stores that have contactless card POS systems, where payments under a certain amount will go through without the PIN.  

Fake or Doctored Cards

These two methods rely on the merchant to input the credit card details manually; therefore, they should be easy to spot. 

Fake cards are cards which are created by scammers to deceive merchants, tricking them into processing payments which will later fail to process. 

Doctored cards are real cards that scammers disable by using strong magnets to erase the metallic stripe. When this information is deleted, they can change the details of the card to match valid cards. 

When this card used at the merchant POS, it won’t work. But fraudsters will typically try to persuade merchants to put it through manually, take off with their goods and then the merchant will find later that the transaction was not approved. 

Card Not Present Fraud

The credit card fraud that is most prominent for online merchants is known as card-not-present fraud or CNP fraud. CNP fraud is possible when no physical card is required to complete an online transaction. This means that scammers can simply steal card information; card number, expiry date, and CVV code. Then, tada, they can commit fraud. 

How to Prevent Merchant Credit Card Fraud

Fraud can have significant and frustrating impacts on merchants, who, in many cases, are lumped with the losses and obligated to perform chargebacks.

While it’s unlikely that credit card fraud can be eliminated entirely, safeguards can be put in place to help prevent merchant credit card fraud. The challenge is implementing solutions that provide enough security without inconveniencing customers with too many additional steps in the transaction process. 

Every credit card company or payment processor will have rules or procedures for fraud prevention. The first step toward fighting fraud is to carefully follow the instructions of the large institutions who also have it in their interests to protect against fraud. Failing to follow these rules can not only expose a merchant to fraud, but it can also cost them their provider, as many will drop merchants who fail to follow their established procedures.

Once a merchant is up to date on the rules of the payment processors, there are a few steps that can be taken to reduce fraud attempts, including: 

Decline manual payments

No matter how convincing a customer may be, make it company policy to decline to perform manual payments. This automatically stops any fraudsters with fake or doctored cards from completing their scams. 

Install a chip reader

Since the EMV chip reader POS systems have come out, there has been a drastic reduction in in-store fraud. Installing one of these systems means that the business is protected from any fraudulent cards which rely on the magnetic stripe, which is the majority of fraudulent cards. 

If unsure, call the credit card issuer

If there is someone in the store that a merchant feels could be a fraudster, it is advised to call the credit card issuer’s authorization center and ask for a “Code 10” authorization. If the transaction is denied, you can ask them for another form of payment. 

Implement extra security online

Look at technology such as CAPTCHA, Verified by Visa, Mastercard SecureCode, and other tools offered by credit card issuers to ensure online transactions are secure and able to block scammers attempting CNP fraud.

Many merchants believe that requiring the CVV code is enough to avoid fraud in online transactions, however, even if a scammer got their hands on credit card information and were missing the CVV code, there are only 999 possible codes, and there is excellent technology on the black market to make multiple minimal purchase attempts in order to crack the code. 

Who is Liable for Merchant Credit Card Fraud?

It is the responsibility of the merchant to perform additional checks following a transaction approval from the credit card processor or registration service. Although providers will have their own checks in place, some things can fall through the cracks, and merchants must know when they are responsible for credit card fraud. 

Merchants that install a chip reader in-store and install tools like Visa’s Verified by Visa and Mastercards Mastercard SecureCode put the liability back on the card issuer, reducing their liability and impacts from fraud cases. 

How Different Card Networks Treat Merchant Credit Card Fraud

While there are standards across many card providers, such as the “Code 10” authorization, there may be variances between how these providers expect merchants to handle fraud cases. Merchants must make it a common internal practice to have staff review these rules and educate others on best practice. 

  • Visa guidelines can be found in their Card Acceptance Guidelines for Merchants. Information on how to handle suspicious transactions can be found on pages 35 and 54.
  • Mastercard has a Fraud Protection and Security section on their website which offers merchants step by step guidelines on what to do in the event they suspect fraud.
  • American Express offers a Merchant Operating Guide, with comprehensive information guidelines for merchants across a range of topics, including reporting credit card fraud for American Express merchants. This and how to deter fraud can be found on page 55. 
  • Discover has a Fraud Prevention Best Practices section on their website, which covers information and tips on how to proceed in card present and card not present situations. They also provide a resources page and additional information to help merchants learn what to look out for. 

What to Do in a Fraud Case?

In the event that a merchant feels that fraud is being committed in-store, the first step is always to call the card issuer and ask for the Code 10 authorization. This will help to avoid putting through a fraudulent transaction. If, however, the operation has gone through and the merchant is suspicious after the fact, it is advised by all of the card issuers that the fraudulent payment is reported immediately. 

The true card owner — the person whose information was stolen — has 60 days from the payment to dispute it. Therefore, merchants should have their own checks in place to look for suspicious transactions and catch them ahead of time. It is always best to be proactive, rather than reactive in these cases. 

For merchants, the best process is to have open lines of communication with all of the correct parties. Contact the card issuer, refer to the issuer guidelines to make sure all appropriate steps have been taken, contact the authorities if appropriate, and be available to provide any information to help the case to be resolved as quickly as possible. 

Need more fraud protection? Payment Depot offers data breach protection for merchants. Learn more or get in touch with our team. We’d love to chat!