six steps to prevent credit card fraud - woman with card inserted in a credit card reader

Six steps to prevent credit card fraud

Saturday, November 15, 2014

Credit cards can be a great opportunity for your business. In today’s environment, customers have come to expect that businesses take multiple payment methods – from cash to credit and debit cards to contactless payments. However, while accepting multiple forms of payment can be great for business, it also poses some risks. The biggest of these risks is credit card fraud, which can lead to huge hassles for your business. So in this article, we’ll dive into six steps to prevent credit card fraud at your business. To start, let’s talk about credit card fraud.

What’s credit card fraud? 

As a small business owner, you’ve probably heard of credit card fraud, but it’s most likely in the context of you being a consumer. As a consumer, you know how important it is to protect your credit card number and other sensitive information, like your social security number and bank account numbers. You also know the importance of checking on your card statements and credit reports from the credit bureaus (Experian, Equifax and Transunion) to spot any unauthorized activity on your credit card accounts. And, you probably know how much fraudulent charges can damage your credit score. But when it comes to your business, credit card fraud can hurt it even more. 

Your customers can have their credit card account information stolen by hackers in a variety of ways –a data breach, phishing, unsecure public wifi networks, and even through social media. When they do, these fraudsters will try to use the stolen account information at businesses like yours before the cardholder's financial institution can notice.

When fraudsters use stolen credit cards at your business, there are not as many protections from these scams for the company. Unlike an identity theft victim who has their card information stolen and can simply dispute the charges, when a business is the victim of credit card fraud, it’s on the hook for both the costs of the fraudulent charges and possible chargeback fees. These costs can quickly add up, especially when fraudsters typically like to try to make high-dollar purchases with stolen account information and credit cards.

As you can see, fraudulent transactions can be a real pain for small businesses like yours. So, what are a few steps your business can take to bolster fraud prevention at your business? Let’s take a look. We’ll start with three steps you can take when dealing with in-person credit card transactions, before offering three steps in card-not-present transactions.

Accept EMV chip cards

The first thing you can do for in-person transactions is to accept EMV chip cards—named for the three major brands that developed the technology: Europay, Mastercard, Visa. While it’s named for just three brands, this technology is available on all cards – including American Express and Discover. EMV chip technology includes a security feature that makes it more difficult for thieves to steal credit card information. While thieves can use skimmers to steal credit card data from magstripe cards, it's much more difficult to steal data from EMV chip cards.

At your business, you’ll need a card reader that can accept EMV payments. These EMV chip-enabled card readers allow customers to insert their credit or debit cards for a more secure transaction.

And this technology really does work to prevent credit card fraud – according to Visa, in-person card fraud plummeted a whopping 76% as of 2019. 

Refuse Cards That Won’t Swipe

The next thing you can do to prevent credit card fraud at your small business is to avoid accepting cards that won’t swipe. When fraudsters use card information that they stole from someone else, they want to get you to manually enter the card data. To do that in person, they may claim that the magnetic strip doesn’t work or that the EMV chip doesn’t read. If a customer is making this claim, you should be wary.

Remember, credit cards have design features that help you prevent fraud, even as a business. When you just manually enter the card information, you’re bypassing all of those built-in protections, and doing exactly what the thief wants you to do. Instead, if a customer has a card that won’t swipe or dip into the EMV chip reader, politely decline their business.

Check Customer ID

The third step to preventing credit card fraud in face-to-face transactions is checking the customer’s identification when they use a credit card. While it may be frustrating for some customers to validate their identity, it can save your business a lot of money in the long run. After the customer hands you their credit card, politely request that they also give you identification. 

When examining the customer’s identity, you’re looking to confirm that the name on the card matches the ID provided by the customer. If not, you should refuse to accept the card. However, if the customer has a signed credit card and refuses to show you identification, you have to accept their credit card. That’s because the card networks have certain provisions on authentication that are all very similar to the following language: if the cardholder does not have or is unwilling to present cardholder identification, the merchant must honor the card.

Now that you have seen three steps to help with fraud protection in-person, let’s take a look at three ways to prevent credit card fraud during online or card-not-present transactions.

Ensure the Credit Card Passes The Test

When it comes to accepting online, card-not-present transactions, you’ll want to be sure that the person trying to use the card is who they say they are. There are a few ways you can do this, but the first of two common checkpoints is Address Verification Service (AVS). This is a tool that merchants like you can use to prevent fraud. Here’s how it works: when a customer inputs their billing information, the AVS checks their billing address against the address the credit card issuer has on record for the cardholder. 

The credit card processor then sends a response to the merchant with the degree to which the addresses match. This helps to authenticate the card even though the card isn’t present in the transaction. If the information matches, it’s a good sign the charge is legitimate. However, if they don’t match, you’ll want to take a closer look at the transaction to see if there’s a possibility of fraud.

The second test you can use is the verification number test. Depending on the credit card company, this verification number has different names. On Visa credit cards, it’s known as a Card Verification Value (CVV). For Mastercard, it’s a Card Verification Code (CVC) and for Discover and American Express cards, it’s a Card Identification Number (CID). This three or four digit number provides an extra layer of protection that the person attempting to make the purchase is holding the physical card. If this number is not correct, your business should take a closer look at the transaction to verify it’s legitimacy.

Watch for multiple orders from the same IP address

Another way to prevent fraud in your ecommerce business is to make sure you’re watching for multiple orders from the same IP address. Many fraudsters have programs that can help them try different stolen credit card numbers at checkout and then place the order when they find one that works. And while these fraudsters typically use multiple cards, they very rarely will change their IP address. As a merchant, you should look for multiple orders that happen in a short period of time, contain large dollar value items with easy resale qualities and an unusually large number of items per order. These are telltale signs of fraud and should be watched. 

Luckily, many ecommerce providers have tools to help you filter and limit multiple orders from the same IP address. To learn more about those tools, contact your ecommerce provider directly.

Watch for orders that ship to the same address but use multiple cards

The last way to help prevent credit card fraud in your business is to be on the lookout for multiple card orders that all ship to the same address. Again, this could indicate that a scammer is using stolen card numbers to place multiple orders that all go to the same place. Or, it's possible that a scammer is using a stolen identity to open new credit cards and is trying to make sure these new accounts work. Again, it’s important to monitor these transactions, especially in card-not-present transactions.

Now that we’ve seen the ways you can prevent fraud at your business, let’s briefly talk about what to do if you suspect fraud.

Handling fraud at your business

If you suspect fraudulent activity  at your business or notice any suspicious activity online, it’s important to know what to do. The biggest thing is to stay calm. In person, you’ll need to call the card issuer's authorization phone number and ask for a “code 10 authorization.” This phrase lets the person at the issuer know that you are suspecting fraud. Then, they’ll investigate to give you a clearer picture. 

Code 10 authorizations normally happen in card-present environments. But you can also call in a code 10 if you notice a suspicious online purchase. For online transactions, be sure to contact the issuer to flag what you think is a fraudulent transaction. It’s important to also report it to the proper authorities.

The best way to handle fraud at your business is to have the safeguards in place to prevent it in the first place. In this article, we’ve talked about ways your business can prevent fraud both in-person and online, helping to keep your business – and your bottom line – safe.

Ready to work with a payment processor who can help you prevent fraud at your business?

Heartland is the point of sale, payments and payroll solution of choice for entrepreneurs that need human-centered technology to sell more, keep customers coming back and spend less time in the back office. Nearly 1,000,000 businesses trust us to guide them through market changes and technology challenges, so they can stay competitive and focus on building remarkable businesses instead of managing the daily grind.