7 Credit Card Processing Fraud Prevention Tactics For Merchants
Credit card processing fraud is a major problem for business owners.
Fraudulent card transactions can lead to chargebacks. Data breaches can result in customer information being compromised and create a negative perception of your company.
If you accept credit cards, you need to understand fraud prevention best practices, regardless of your business type or industry. As an expert in this space, I created this guide to explain the top fraud prevention tactics for merchants.
Types of Credit Card Fraud
Before we continue, I want to briefly cover the most common types of credit card fraud:
- Card-not-present fraud — Fraudulent transactions occurring when a card hasn’t been swiped, tapped, or dipped. Commonly used for online orders or payments accepted over the phone.
- Lost or stolen card fraud — Thieves use someone else’s card to make purchases before the victim has a chance to cancel the card.
- Counterfeit or cloned card fraud — Criminals forge a card using someone else’s information. EMV chip cards have made this process more difficult.
Merchants with ATM machines or self-self pay stations (like a gas pump) on-site should also be wary of skimming mechanisms. Card skimmers can be placed on these devices to steal credit card information from unsuspecting customers.
How to Prevent Credit Card Fraud in Brick-and-Mortar Stores
While the majority of credit card processing fraud today happens online, brick-and-mortar merchants are still at risk. For the purposes of this guide, I’ve focused my fraud prevention methodology for businesses with physical store locations.
Follow these seven tips to avoid credit card processing fraud:
1. Always Capture Signatures
There is a space on the back of every credit and debit card for people to put their signature. In theory, a merchant is supposed to compare that signature to the one on a signed receipt.
But in reality, most merchants do not follow this policy.
Businesses are focused on generating quick transactions. It keeps lines short, and the customers happy. Plus, with so many customer-facing POS systems out there, the card never leaves the customer’s hand in some instances.
With all of that said, you should always collect customer signatures.
Businesses that typically have low-value transactions, such as a coffee shop or ice cream parlor, could disable mandatory signatures on their POS systems. However, collecting a signature always gives you that added level of protection.
Merchants with high-value transactions for things like furniture or electronics can go the extra mile and have customers sign an invoice in addition to the credit card receipt.
2. Avoid Manually Keyed Transactions
Manually entering a card number into your credit card processing machine puts you at risk for running a counterfeit or cloned credit card.
In many instances, legitimate and active cards just don’t swipe. Maybe you’re using an old credit card processor (in which case, you’ll need to get a new one), or perhaps the card is just worn out. Customers will tell you that the card is fine, and to go ahead and just enter it manually.
But another reason why a card might not be swiping properly is if it’s a fake.
Any time you manually key a card into your credit card processor, you increase your risk of credit card fraud. So if possible, you’ll want to avoid this at all costs. Rather than a keyed entry, try asking the customer if they have another card they want to pay with as an alternative solution.
Aside from the risk of fraud, manually keyed transactions have higher fees than a card that was swiped or chipped. Furthermore, it’s a red flag for merchant processors if you have too many manually keyed transactions. As a result, your account could get put on hold or even be terminated.
3. Use EMV Hardware
EMV credit card processing machines have become the new norm. So if you haven’t upgraded your terminal or POS system, it’s time for you to do so.
Yes—the EMV terminal will likely be more expensive than the one you’re currently using. That’s just a reality that you need to accept.
Using EMV hardware will reduce your chances of processing a fraudulent or cloned card. While it’s not impossible, it’s much more difficult for criminals to clone a chip card.
Back in 2015, the liability for fraudulent chip card transactions has shifted to the “least secure party” as opposed to the banks. This means that merchants who don’t have proper EMV equipment will be held responsible.
4. Ask the Customer for Identification
Merchants can always ask the cardholder for identification to prove that their ID matches the name on the credit card. However, the cardholder doesn’t legally have to provide an ID.
This is a tricky situation for merchants. In most instances, a customer won’t have an issue showing their identification. But they also have the right to refuse. In which case, it’s the merchant’s discretion whether or not they want to accept the card.
Here’s an expert from Visa’s rules every merchant should know:
Essentially, Visa is advising merchants to process transactions if the card is present, authorized, and signed, even if the customer does not provide proof of identification.
Asking your customers for ID, especially on large purchases, is still a good policy for preventing credit card processing fraud.
5. Make Sure Your Hardware and POS System Are Secured
Whenever a big company has a credit card data breach, it makes national news. The 2013 Target credit card breach was one of the most infamous scenarios, as it affected more than 41 million customers.
These news stories give small business owners the false sense of security that criminals are only targeting large companies. This couldn’t be further from the truth.
According to a recent study, 47% of small businesses had at least one attack in the last year. An alarming 44% of small companies had between two and four attacks during that same time.
Small businesses are susceptible to these attacks because their security typically isn’t as advanced as larger corporations, making it an easy target for cyber-criminals and credit card thieves.
To reduce your risk, you need to make sure that your credit card terminals are PCI DSS compliant (PCI compliant for short).
For more information on this subject, refer to our guide on PCI compliance.
6. Understand Your Network Acceptance Guidelines
In both business and your personal life, you should always read a contract before signing it. Even if the terms aren’t negotiable, you need to know the conditions for what you agree to.
Always review the contracts for your merchant accounts as well as the guidelines for each card network (Visa, American Express, Discover, Mastercard, etc.).
These terms typically outline acceptance terms, minimum or maximum transaction amounts, and surcharges. But they also include security measures that you should be following to ensure fraud prevention.
The guides will also tell you what steps to take if you think a transaction is fraudulent or suspicious.
7. Use an Address Verification System
An address verification system (AVS) is most commonly used for online purchases. It’s an added layer of security to verify that the card and billing address match. If you have an ecommerce website, you might already have an AVS for this purpose.
However, you can still use an AVS in physical store locations. You probably use an AVS in your personal life at least a couple of times per month.
When you pay at the pump for gas, and it asks for the zip code of the card’s billing address, that’s a form of an AVS.
So if your business processes high-value transactions on self-serving machines, you can include an address verification system to reduce your risk of fraud.
Final Thoughts
No business is ever 100% immune to fraud. But there are definitely steps you can and should be taking on a daily basis to prevent credit card processing fraud.
Don’t have the “it won’t happen to me” mentality. Even small businesses are targets for criminals.
To reduce your risk of credit card fraud, make sure you follow the tips and best practices that I’ve outlined above. Keep this guide somewhere safe where you can quickly access it as a reference.
0 Comments