Avoiding credit card fraud: Six best practices for 2018
A self-help primer for merchants fighting card fraud on the front lines
Criminals are always looking for the weakest link. The unlocked door. The sleeping security guard. The unsuspecting target of an email phishing scam.
The good news is that advances in credit card security technology have dramatically reduced fraudulent credit card use in-store. The widespread adoption of EMV chip systems save merchants and consumers billions from counterfeits and unauthorized card use. Reinforcing this new wave of security infrastructure, credit card processors and financial institutions continuously monitor merchant accounts to detect signs of fraud, stopping them before they occur.
But technology is only one part of the puzzle. Human error at the point of sale continues to be a thorn in the side of merchants. “Card-present” in-store credit card fraud remains a costly menace to businesses worldwide. When employees at the point of sale aren’t trained to detect common fraudulent practices, criminals see a wide open door to your back pocket.
Learning to detect the warning signs of fraud will help protect your business by reducing your risk of card fraud liability. These six best practices to avoid credit card fraud offer a baseline that can be integrated into your own policies and procedures to help secure the point of sale for your business.
Because nobody wants to be the weakest link.
Best practice #1. Accept cards only from the authorized user.
There are no “borrowing privileges” with credit and debit cards. If doesn’t matter if it is the wife or husband, daughter or son: The only authorized user of any credit or debit card is the person whose name is on the front and signature is on the back of the card. “Letters of authorization” for use of a credit card are not valid, even when accompanied by the best of intentions. By accepting payment without validating ID, you may be liable for any chargeback in case of fraud.
Simple due diligence that takes seconds can save you time, money, and headaches down the road.
Best practice #2. Accept physically damaged cards at your own risk. Or safer yet, not at all.
A common card-present fraud scheme occurs when cards are presented that are defaced so that they cannot be read by either magnetic strip or chip readers. Counterfeit cards are often damaged as pretext to bypass their anti-fraud features. If you have an electronic point-of-sale terminal, swipe or dip every card that is handed to you, no matter how damaged or worn. Be wary of customers who let you know right away that their card won’t read.
It’s your business, and therefore your right to simply ask for another form of payment, or to decline the transaction rather than manually key-in information from a damaged card.
Best practice #3. Beware of fraudulent merchandise returns.
The National Retail Federation estimates that in 2017, 10.8 percent of all merchandise returns in the U.S. were fraudulent. Whether the return of stolen merchandise, employee return fraud, or the use of counterfeit receipts, return fraud remains a clear and present danger to merchants.
Handling legitimate returns is an important customer service function. Criminals know this and see it as a weak link they can exploit. Your company’s return policies need to be transparent to all parties, and designed to protect all parties. With a little upfront effort, you can seamlessly deliver on the legitimate return needs of your valued customers while staying vigilant in the fight against criminal fraud. If something seems amiss with a return, put on the brakes.
Small preventative investments in common sense procedures and the people that implement them will pay off big in reduced chargebacks from fraudulent returns. Making sure that your return policies are fully transparent to both your employees and your customers will minimize this risk.
Best practice #4. Know your outliers: understanding the how’s and whys of payment red flags.
Nobody knows your business as well as you do. When it comes to the payments end of your business, credit card processing companies can also identify red flags. Credit card processors continuously monitor your business transactions for fraudulent activity, partnering with merchants to learn the payment patterns of your business.
If you need to perform any transaction that is out of character for your business, give your processor a call first. If you are a restaurant that typically does $30 swiped or dipped transactions, call your processor before you manually run a $5,000 sale for a catered wedding. If you're going to run an unusually large transaction, call ahead to let processor know what you're doing.
Understanding why payment red flags are raised will help you manage legitimate transactions that fall outside your regular business patterns.
Best practice #5. Don’t be bullied: Reasonable exceptions to “the customer is always right.”
As merchants fighting to grow our businesses, we live in a mindset where the customer is always right.
But there are very appropriate limits to customer infallibility. A no-tolerance policy for customer bullies is important on a number of fronts. Bullies are not just a nuisance to your hard-working staff, and they are not nearly limited to those committing fraud. But criminals will often intimidate a cashier by causing a fuss at the point of sale. Criminals will try to rush the purchase with the goal to produce to improper checkout, complain about the service, or anything to keep the cashier’s attention off the authorization of the credit card.
Don’t be intimidated by bullies. Empower your employees to always make sure the correct procedure is followed when authorizing every credit and debit purchase. Bullying behavior may not necessarily be a smokescreen for fraud, but it is a red flag.
Best practice #6. A merchant lifeline in cases of suspected credit card fraud: Code 10
Whenever you encounter doubts about a credit or debit transaction, as a merchant you have a trusted recourse: calling in a Code 10 to your credit card processor. A Code 10 allows you to call for an authorization without the customer becoming suspicious. If the card center determines something is amiss, he or she will deny authorization.
Any time fraudulent activity is suspected is the right time to call in a Code 10. Be aware of cards that don't swipe or dip and check these cards for other security features. If a card does swipe or dip, make sure the card number and the number that appears on the terminal match. If there is no Bank Identification Number (BIN) above or below the first four digits, that’s a red flag. If the name on the card does not match the signature or there is a misspelling, that’s another red flag, call in the Code 10.
A Code 10 can be used any time you feel a transaction may not be legitimate.
Due diligence still matters, even in the age of “frictionless commerce.”
The age of the enabled consumer with perpetually rising expectations poses a constantly evolving set of challenges. Merchants seek to provide “frictionless commerce” by serving the needs of our customers wherever and whenever they are, instantly, before they gravitate to the competition.
In the rush to provide our empowered customers the best possible service, merchants can unwittingly make themselves vulnerable. Avoiding credit card fraud requires merchants to think about balance. Smart merchants invest in procedural guardrails by training those who operate point-of-sale transactions to spot the red flags of fraud.
Due diligence matters when it comes to your money. Following these best practices will help take the target off your back by ensuring that your business is not the weakest link.