Preventing in-store credit card fraud
Six traditional security best practices that stand the test of time
Reports of credit card fraud today often focus on fraudulent activity that takes place online. Yet the vast majority of retail sales still take place in brick-and-mortar stores.
When it comes to in-store fraud, there is plenty of good news. Advances in credit card security technology have reduced fraudulent credit card use in-store. EMV chip card technology has proven extremely effective in fighting in-store counterfeit fraud: Visa reports that business implementing EMV technology saw losses related to counterfeit fraud drop 75% from September 2015 to March 2018.
But technology is only one part of the puzzle. In-store credit card fraud remains a costly menace to businesses. Many fraudsters have taken their crime online, yet plenty of criminals continue to work their crimes one at a time, the old-fashioned way.
Traditional defenses against fraud are important as ever. The following are six established best practices for preventing in-store fraud that will help protect your business by reducing your risk of card fraud liability.
1. Build defenses against fraudulent returns
Handling legitimate returns is an important customer service function. Criminals know this, too, and see it as a weak link they can exploit. Whether the return of stolen merchandise, employee return fraud, or the use of counterfeit receipts, return fraud remains a clear and present danger to merchants. The National Retail Federation estimates that 8% of all merchandise returns in the US in 2018 were fraudulent.
You can seamlessly deliver on the legitimate return needs of your valued customers and stay vigilant against fraud. Return policies should be transparent and designed to protect all parties. Minimizing the risk of return fraud starts with awareness—anyone that may be involved in processing returns should be trained to spot common return fraud red flags.
2. Don’t accept physically damaged cards
Be wary of customers who let you know right away that their card won’t read. A common fraud scheme is when defaced cards are presented that can’t be read, either by magnetic strip or chip readers. Counterfeit cards are often altered intentionally—the fraudster wants you to bypass their anti-fraud features.
Damaged cards are a red flag. It’s your right to ask for another form of payment or decline the transaction rather than manually enter data from a damaged card.
3. Know your own outliers
Payment processors continually monitor your transactions for fraudulent activity, using the power of data to uncover suspicious transactions. Transactions that fall outside the routine will often be flagged as potential fraud. Unfortunately those filters can flag legitimate transactions. That’s known as a false positive, something every business wants to avoid.
If you need to perform any transaction that is out of character for your business, give your processor a call first. If you are a restaurant that typically does $30 swiped or dipped transactions, call your processor before you manually run a $5,000 sale for a catered wedding. If you're going to run an unusually large transaction, call ahead to let processor know what you're doing.
4. Only accept cards only from the authorized user
There are no “borrowing privileges” with credit and debit cards. The only authorized user of any credit or debit card is the person whose name is on the front of the card. By accepting payment without validating ID, you may be liable for any chargeback in case of fraud.
Simple due diligence that takes seconds can save you time, money, and headaches down the road.
5. Don’t be bullied by customers
Don’t be intimidated by customer bullies. Bullies are more than just a nuisance to your hard-working staff. Criminals will often intimidate a cashier at the point of sale hoping to produce an improper checkout.
The old saying that “the customer is always right” has its limits. Empower your employees to always make sure the correct procedure is followed when authorizing every credit and debit purchase. Bullying isn’t always a smokescreen for fraud, but it is a clear red flag.
6. A merchant lifeline: Code 10
Whenever you encounter doubts about a credit or debit transaction, as a merchant you have a trusted recourse: calling in a Code 10 to your payment partner or merchant services provider. Code 10 allows you to request authorization discretely. If your provider sees anything is amiss, they’ll deny the authorization.
Anytime that you suspect fraud is the right time to use Code 10. Red flags that would warrant a Code 10 call include cards with missing or altered security features, cards that omit or misplace essential elements like Bank Identification Numbers (BIN), or many of the warning signs listed earlier.
Everyone needs a helping hand once in a while. A Code 10 can be used any time you feel a transaction may not be legitimate, without having to confront a customer.
Providing secure payments is great customer service
In our rush to provide great customer service we can unwittingly become vulnerable to fraud. Yet consumers want safe and secure commerce as much as retailers. Providing great customer service and following security best practices go hand-in-hand.
Following these and other best practices helps protect your business and your customers from in-store fraud. Learning to spot the red flags of credit card fraud is a small investment that can pay off big in reduced chargebacks from fraudulent returns.
Isn’t your business worth the investment? To learn more about how to reduce risk and keep more of what you earn, reach out to one of Worldpay’s payment experts today.