Credit card fraud is one of the biggest risks a merchant takes on when they decide to accept credit cards. Those risks can dramatically lower when they know what to look for if a fraudster (a person who performs some type of fraud) visits their store. That’s why we’ve put together a quick best practices guide to help you mitigate your risks as you perform credit card processing transactions. Be sure to review these best practices with your staff so everyone can be on guard as they check customers out.
They are broken down into two categories – Card Present and Card-Not-Present transactions. Each comes with their own best practices, but some can work for both types.
When possible be sure to swipe/dip the card through your POS system.
A transaction that is swiped/dipped has lower fees when compared to those that are keyed in. You get approval authorization, and the customer’s contact information is captured. The added information can be useful if you need to get ahold of the customer for any reason, including a safety recall. If, for some reason, you do have to key in a transaction, be sure to get an imprint of the card for your records.
Check to see if the card has been altered with in any way. If you believe it’s been tampered with, contact the issuing bank via the phone number on the back of the card to make sure the card is neither stolen nor invalid.
Authorizations not settled within a day may receive a higher interchange rate, so be sure to batch your transaction information each day.
Ask for a signature on all purchases, and make sure the signature provided matches the one on the card.
The credit card itself carries a number of anti-fraud features directly on it, so when it’s not present at a transaction, you must get, and record that information to protect your business against a fraudulent transaction.
Utilize these fraud prevention tools when performing a card-not-present transaction:
• Card Validation Code (MasterCard). Data element on a card's magnetic stripe that uses secure cryptographic processes to protect data integrity on the stripe and reveals any alteration or counterfeiting. There are different acronyms for each card brand. As required by the PCI Security Standards Council.
• Card Validation Code 2 (MasterCard). The rightmost three-digit value printed in the signature panel area on the back of the card. It is uniquely associated with each individual piece of plastic and ties the Primary Account Number (PAN) to the plastic.
• Card Verification Value (VISA and Discover). Data element on a card's magnetic stripe that uses secure cryptographic processes to protect data integrity on the stripe and reveals any alteration or counterfeiting. There is a different acronym for each card brand. The three or four digit number typically following the account number, located on the signature panel on the back side of most credit and debit cards. However, CVV numbers on American Express cards appear on the face of the card above the card number. As required by the PCI Security Standards Council.
• Card Verification Value 2 (VISA). The Card Verification Value 2 is a three or four digit number physically imprinted on the back of the card. CVV2 is used as a security feature and often is mandatory for card-not-present (MOTO/Internet) transactions. CVV2 data is not embedded in the magnetic stripe and uniquely associates each piece of plastic to the Primary Account Number (PAN).
• Address Verification Service (AVS). An optional service through which a merchant may verify a cardholder's billing address against the card Issuer's records during the authorization process and prior to completing the sale. Especially helpful in preventing fraud when processing a Mail Order Telephone Order (MOTO) transaction. The system will check the billing address of the payment card provided by the user with the address on file at the payment card company. AVS DOES NOT guarantee that a transaction is valid.
Authorizations not settled within a day may receive a higher interchange rate.
As fraudsters change the way they attack businesses, merchants have to be diligent in keeping up with the latest security options. Today, they range from digital fingerprinting to geolocation — and are all designed to limit fraud in a card-not-present transaction.
• Identity verification — Used to verify and validate the identity of a person via information like name, address, social security number and phone number.
• Customer Validation — Uses consumer data from various public and private sources to validate the billing information associated with the payment type.
• Knowledge-based authentication — The customer must answer a question, i.e. previous address, student loan amount, or other specific information that cannot be found online or from a lost wallet.
These best practices are a good starting point, but fraudsters are ever-changing how they attack businesses, so the best defense for thwarting these types of attacks is using common sense. If it seems too good to be true, ask some questions and contact the issuing bank to see if the card is valid. Some customers may be upset about the inconvenience, but it’s truly a better safe than sorry situation.< Back to Fraud Awareness