Millions of businesses and cardholders experience fraud each year. How does it happen and what can you do to prevent it?
Fraud prevention is a top priority for business owners. Advanced fraud techniques and rapid growth in fraudulent credit card activity, especially in ecommerce, make adherence to the Payment Card Industry Data Security Standard (PCI DSS) strictly enforced for businesses that accept electronic payments. There are many simple safeguards you can implement at your business to reduce your risk of fraud.
Fraud Prevention Tips for Businesses
- Use the Address Verification System (AVS) to validate cardholder information before accepting payments. AVS allows a business to check the billing address a customer provides with their billing address on file with the card-issuing bank.
- Always require the Card Verification Value (CVV) for card-not-present transactions. CVV is a typical requirement for authorizing payments, especially online and over the phone. By confirming this three- or four-digit number on the back of the card, rather than just the primary account number (PAN) and expiration date, merchants can ensure the payer has the card on hand versus just a stolen PAN.
- Take advantage of your payment gateway’s security features. Authorize.net is able to flag suspicious orders and hold them for review before authorizing payments. For example, orders from specific IP addresses, with mismatched billing/shipping information, or that meet other merchant-specified criteria can trigger alerts before the gateway accepts them. Likewise, a merchant can use the hourly and daily velocity filters to limit the amount of transactions received during a specific period of time to prevent high-volume fraud attempts. Learn more about Authorize.net’s Advanced Fraud Detection Suite.
- Require an ID that matches credit card information before accepting large card-present transactions
- Require signatures for orders, receipt of merchandise or services, and recurring billing plans to prevent “friendly fraud”—when a customer tries to reverse a payment that was actually valid in an attempt to take advantage of the chargeback system. Since chargebacks are a form of consumer protection, banks often tip the scales in favor of the cardholder disputing the purchase, so having a detailed record of each step of the transaction process is invaluable for businesses in case they need to disprove false claims.
- Require customer contact information and call the customer to verify large orders before they ship. If the number is invalid, or you can’t get in touch with the cardholder, do not ship the order.
- Trust your instincts. For example, if a customer tries to rush you to sell something right before closing time, claims that they just moved and that’s why they fail AVS screening, or orders an unusually large amount of high-ticket items to be shipped overnight, take your time to investigate before accepting the credit card payment.
- Thoroughly screen, train and monitor employees who accept payments, especially if they do so over the phone or in a restaurant environment. Although external security breaches are more common, the possibility of employee indiscretion should be taken into account by the business owner.
- Consult PCI standards to ensure that you’re using the most secure, up-to-date processing hardware and software. BankCard USA has an in-house PCI compliance team to walk you through the process of fortifying your retail or online store against hacking.
Fraud Prevention Tips for Customers
Online fraud is extremely prevalent and can take several different forms. Common types of online store fraud are account takeover (when someone gains access to an individual’s username and password for an online account and makes unauthorized purchases with saved payment information on it) and identity theft (when a scammer impersonates someone else). Identity thieves find ways to access personal information such as social security numbers, financial data, passwords, passport numbers, birth certificates, etc., and use the information for illegal purposes like applying for credit cards and stealing social security benefits or tax refunds under false names, to name just a few examples.
- Not provide payment card information on a website that isn’t secure and reputable. A lot of websites claim to be safe, but a customer should research the company to make sure it’s legitimate and uses secure payment software before providing any personal information. The Better Business Bureau is a good source of information. When in doubt, a customer should contact his or her bank to check on the security of a potential transaction.
- Create strong passwords for online accounts and change them regularly. Using the same password for multiple accounts makes individuals vulnerable to data theft, so creating a unique password for each separate account is a good way to protect information.
- Be wary of unsolicited promotional or investment opportunity emails. Anything that offers a deal that is too good to be true is often just that. Scammers pretending to be bank representatives are widespread, but a real bank representative would never email a customer to ask for personal banking information it already has.
- Exercise caution when in contact with companies from outside the country.
- Contact their credit card issuing banks immediately if they notice any unusual account activity, such as login alerts from unfamiliar devices or locations, random charges, etc.
- Check ATMs and places like gas stations for “skimmers,” which are small card readers that thieves can attach to terminals and use to copy card information.
Common fraud schemes come in the form of malware, or malicious software that damages or disables computer systems, “phishing” and “spoofing.” Hackers forge electronic documents pretending to represent real businesses in order to solicit payment details from individuals. Fraudulent emails can range from overpayment schemes, when a business tries to charge a large up-front cost for products or services that are never fully delivered, to charity exploitation, when a scammer solicits donations for fake organizations.
Who’s Liable for Fraud Damages?
Credit card companies assume liability for credit card fraud in most cases, and they often enforce limits on the number of purchases and total withdrawal amount from one account in a single day. Card-issuing banks monitor transactions and can temporarily freeze an account if there’s unusual activity. Travel notices, when cardholders tell their banks they will be out of town, help open the lines of communication and prevent unnecessary account freezing.
For the business, fraud liability depends on the method of payment acceptance. In keeping with the EMV liability shift set in motion by the major card brands in 2015, businesses that experience credit card fraud while using a swipe terminal to process chip cards are responsible to cover financial losses. By taking everyday precautions to mitigate fraud risk at your business, such as using an EMV chip terminal, you are protecting not only your finances, but also your reputation and credibility among customers.