How to avoid credit card fraud in 4 simple steps
EMV chip card technology has been very effective at reducing credit card fraud involving card present (CP) transactions both abroad and in the U.S. following the EMV liability shift. But it’s not designed to protect online and telephone purchases since the card and cardholder must be present in order for the technology to work as intended.
As predicted, EMV adoption is curbing criminals’ interest in brick and mortar businesses and shifting their attention to card-not-present (CNP) transactions. For merchants in the CNP space, the need for vigilant fraud control has never been greater.
Without the ability to confirm the customer's identity, authenticate their signature, observe suspicious behavior, or inspect the physical card, online transactions inherently pose a greater risk for fraud. Retailers often don't discover the fraud until it's too late and the merchandise has been shipped. In these situations, it's the merchant--not the true card owner--who is liable for covering the costs.
Liability in online fraud is primarily assessed as a chargeback. Chargebacks are initiated when a cardholder contacts their card issuer to dispute a fraudulent charge. The issuer then contacts the payment processor who deducts the disputed amount from the merchant services account, including a chargeback fee.
When a chargeback is initiated, it’s up to the merchant to prove the charge was valid. In the case of true fraud, the merchant will obviously be unable to do so, and will ultimately pay more than the value of the original sale when it’s all said and done.
To add insult to injury, the card associations set a threshold for the percentage of chargebacks in relation to total sales volume. Merchants exceeding their chargeback threshold will pay even higher fines, and possibly higher transaction fees that come with being considered a “high-risk” merchant. Get tips on preventing chargebacks, here.
Preventing fraudulent transactions is a much more lucrative activity than fighting chargebacks. But how can you tell whether a sale is legitimate or the work of fraudsters?
Unfortunately, it’s not always possible, and to some extent, chargebacks are a natural part of doing business online. But you can reduce your risk of CNP fraud by following these basic steps:
1. Get all the information related to the credit card
It’s important to collect all the relevant information for the credit card during the transaction. That includes getting the cardholder's name as it appears on the card, the account number, the card type, and the expiration date. Make sure that the card won’t expire before you run the transaction—before shipping—when dealing in merchandise.
You should also collect the card’s security number on the back of the card. Visa and MasterCard refer to this security code as CVV2/CVC2 (Card Verification Value/Code) and require it’s use for online purchases in the U.S. and many other countries as well.
Card security values can help a merchant determine whether the purchaser is the legitimate cardholder because the code only appears on the back of the card itself. Knowing the code is a good indicator that the user has possession of the card since it’s impossible to retrieve it via the magnetic stripe data. When fraudsters skim card numbers for fraudulent use, they aren’t able to capture the CVV2 value. So requiring it to verify cardholder identity is a good practice. However, it’s important not to store the number in your customer data base or any other place. This means you will have to contact the cardholder for recurring transactions, or eliminate that field on recurring transactions.
Finally, be sure to collect the cardholder’s billing and shipping addresses. Keep reading for more tips regarding address verification.
2. Be leery of different billing and shipping addresses and use address verification service
While different billing and shipping addresses don't necessarily indicate fraud, it should be a red flag to investigate further. Criminals might place multiple orders of expensive merchandise using a stolen card and ship them to accomplices, or they might use different credit cards to place multiple orders and ship all the orders to one location.
In fact, many instances of fraud can be prevented by using Address Verification Service (AVS). AVS is an automated technology that checks the cardholder’s address as listed by the card issuer and compares it with the address the customer uses in the transaction. AVS returns a response code that can help you determine whether the transaction seems legitimate or risky.
A “partial match” or “no match” response doesn’t necessarily mean that the transaction is fraudulent and won’t automatically result in a decline. But it’s a good idea to follow up on the order and look for additional signs of fraud that may apply.
3. Watch out for large next-day delivery orders
Two big things to look for when receiving a questionable AVS response code is a larger than average order and an order with next-day shipping. Either of those factors can be a cause for caution, but when they appear in conjunction with one another, it’s best to put in the extra effort to check for fraud.
Criminals aren't concerned with cost because they are not paying with their own funds. But they are concerned with time, since they have a short window to make purchases before the card is reported stolen or the order is canceled. Rush orders suit their needs perfectly, so be cautious.
If you suspect fraud may be afoot, there are a few things you can do to help reduce the risk. First, call the customer to confirm the order, and ask them to verify their phone number, home address, and billing address. You can also contact the issuer to compare the information they have on file for the cardholder, with the information you’ve collected to make the sale.
If you don’t have the customer’s telephone number and you suspect CNP fraud, call the credit card issuer and ask them to place a courtesy call to the card member to confirm their purchase is legitimate. You can contact the card issuers to help you verify cardholder information at the following numbers:
- American Express (800-528-5200)
- Discover (800-347-2000)
- MasterCard (800-622-7747)
- Visa (800-847-2750)
4. Scrutinize multiple purchases of large ticket items.
Criminals using stolen cards might try to purchase as many expensive items as they can before the card is reported stolen. It’s not uncommon for fraudsters to purchase high-value items to be resold on the black market, so be on the lookout for multiple purchases of large ticket items.
Sometimes multiple orders will be spaced out on different cards but shipped to the same address. Or, conversely, items may be shipped to multiple addresses but charged to one card.
There are plenty of legitimate reasons each of these scenarios might occur. The AVS may not match because the cardholder recently moved and has not updated their information with their card issuer. People do have legitimate reasons to ship items to other addresses, or even repurchase the same item.
Not every red flag will turn into a chargeback. So how do you balance this fact with the very real risk of fraud? Use the anti-fraud tools available from your payment processor, investigate the details of suspicious orders, and ultimately trust your gut.
Remember, you’re liable for covering the costs of fraudulent CNP transactions, so be sure to protect yourself and your customers by keeping these best practices in mind, and never hesitate to call the card issuer if you suspect fraudulent activity.