Safeguarding your business against fraud is important, particularly if your business accepts credit cards either at the counter or online. While credit card fraud may always be a concern, it is something you can protect yourself against to reduce your risk of losses.
Preventing the Cause of Fraud
If you can and it’s appropriate, avoid the chance of any credit card fraud by offering alternative payment options for customers such as direct payments or online banking.
Additional steps to reduce the risk of credit card fraud:
- Take extra care to validate the customer’s full name, address, and contact details and question any changes if a business customer requests you amend their credit card details. Talk to someone you trust in that business to confirm the change.
- Have deliveries made ‘signature required’ with a courier of your choice to minimize the risk of carrier collusion and ensure all deliveries are to premises where a person is present.
- When receiving card payments ensure all credit card information is sent through a channel that is encrypted and secure.
- Use reputable and secure payment processors that comply with Payment Card Industry Data Security Standards (PCI DSS).
- For paper invoices and mail or telephone orders, use options such as click-to-pay invoicing solutions. They allow your business to create a payment order that can be copied into an email. This is a far safer way of processing card details.
- Use Address Verification Service (AVS) and Card Verification Value (CVV) to ensure the customer address matches the cardholder’s address and the customer has the card in their possession.
- Monitor transactions for suspicious activity such as multiple orders from the same IP address, rapid transactions, or international orders, especially if the credit card address and shipping destination are different countries, or if the customer could purchase the goods locally for a better price.
- If you are an e-commerce merchant, using an approved outsourced third party to capture and process payments is the safest option.
- Secure your website, ensuring you have HTTPS/SSL certificates and consider having two-factor authentication or captcha on your checkout pages.
- Regularly update your POS system and related payment software to ensure you have the most current security enhancements.
Protecting Your Business
Credit card fraud typically takes place online, so having the cardholder physically present to swipe the card and/or insert a PIN should lower the risk of fraud.
If you do experience credit card fraud, possibly the first you’ll know is when you get a chargeback (a reversal of a credit card payment from your account). For this reason, it is important that you take steps to identify the purchaser and ensure that every transaction is legitimate.
Authorization Approval
Authorization approval does not mean that you are guaranteed payment. Approval only indicates that at the time the approval was issued, the card hadn’t been reported stolen or lost, and the card credit limit has not been exceeded.
If someone else is using the credit card number illegally, the card holder has a right to dispute the ‘approved’ charges and the transaction could be charged back to your business.
Here are some other scams to watch for:
Refund Fraud
Refund fraud is a common type of fraud which involves issuing credits (refunds) via your EFTPOS terminal. It is often committed by employees processing refunds to their own debit and/or credit card. To avoid detection, they may create a large sale on a fraudulent card then process a refund to their own card.
To guard against this type of fraud, we recommend you closely monitor all refunds, checking they all correspond to a legitimate sale and are refunded back to the card used in the original purchase.
Shipping Scam
‘Shipping scams’ involve a malicious third party using a stolen credit card to pay for goods. The scammer contacts the business requesting goods to be shipped overseas and the price plus freight charges to be billed and split between several credit cards.
The scammer insists that the business use a particular shipping company and provides a phony email address. The business then contacts that ‘shipping company’ which requests the freight charges be paid upfront by cash wire transfer.
The business is fooled into making the transfer after having checked that the credit cards have sufficient funds and are not stolen. But the shipping company’s email address is a front for the scammers and the credit card details are stolen, probably from online card accounts which may take some time to discover.
At the end of the day, you can be out of pocket for the cost of the shipping even if you haven’t shipped the goods.
Chargeback Fraud
This occurs when a customer makes a purchase, then falsely claims they didn’t receive the item or service. They then dispute the charge with their credit card company. Where possible, provide evidence that the item requested was shipped to the agreed upon address and delivered as requested such have the shipping company take a photo of the object as it is delivered.
Next Steps
- Follow industry standards, train your staff, and use fraud detection tools. Set up alerts for large transactions or unusual purchasing patterns.
- If you experience fraud, try to stop the delivery of the goods in question if they are still in transit.
- Regularly audit your payment processes and systems to identify potential vulnerabilities and ensure compliance with security standards.
- If you suspect fraudulent use of a credit card by a customer, call us.
- Contact your local FBI field office to report the crime and file a complaint with the FBI’s Internet Crime Complaint Center (IC3).
- Subscribe to Homeland Security email updates.
- If you’re unsure, get professional IT help.
