We’ve got some good news and some bad news for small business owners. The good news is this: According to the Federal Reserve Bureau, in-person credit card fraud is declining, thanks in part to the increasing use of EMV chip cards. Even better, overall fraud rates declined in 2018 for the first time in a decade, with 15% fewer reported incidents than 2017 according to Javelin’s 2019 Fraud Report.
What’s the bad news? Even though some forms of fraud are declining in frequency, both in-person and card-not-present fraud still place a frustrating and expensive burden on merchants. Credit card fraud continues to be the most common form of identity theft, and when a fraudster makes a purchase at your business, it can have significant repercussions on you.
So how can you get a leg up on fraudulent customers and fake credit cards? In this article, we’ll show you how to protect your business with proven credit card fraud detection and prevention techniques.
In 2018, 14.4 million people in the US were victims of identity fraud, and credit card fraud continues to be one of the most common complaints by victims. Credit card fraud occurs when a third party makes a purchase using credit card information without the express permission of the account holder. Fraudsters may also commit new account fraud by using your personal account information to gain a new credit card or create a fake credit card number.
Sadly, when a false charge is detected by either the victim or the credit card lender, much of the financial burden falls on the merchant. According to the Fair Credit Billing Act, identity theft victims have very limited liability for purchases made with their stolen information. If a card is reported stolen before any purchases are made, the cardholder actually owes nothing!
While this protection is essential and helpful for individuals, it means the banks aren’t getting paid what they’re owed for credit card purchases from consumers. Which means they turn to merchants to pay up. Credit card lenders may also penalize merchants for fraud via chargebacks, or in extreme cases, by canceling their processing account. In addition to those monetary losses, any goods purchased with a fake credit card account are also lost, which means the merchant ends up losing twice the value of the goods.
Merchant data are a major target for fraud rings, and data breaches can result in thousands of customers’ personal information being stolen, which can have severe implications for your business. For example, when Target was hacked in 2013, criminals stole information on up to 70 million customers. In addition to taking a revenue hit due to customer distrust after the event, Target was also the subject of a hefty, multiyear lawsuit which ended in an $18.5 million settlement. While a giant corporation may be able to brush off such a loss, most small businesses would be crushed by these circumstances.
Even as in-person credit card fraud rates have fallen, remote, or card-not-present fraud incidents are on the rise. From 2015 to 2016 alone, the value of remote card fraud increased by more than $1 billion according to data from the Federal Reserve Bureau. Additionally, Rippleshot’s 2018 State of Card Fraud Report indicated that “CNP fraud is 81% more prevalent than POS fraud.”
When accepting remote payments such as over-the-phone payments or online shopping payments you can decrease the chance of a fraudulent charge by using the following tips to increase your credit card security:
Use device identification tools to see computers that are associated with suspected fraud.
Ask for a phone number and shipping address; if the customer has bought from you before, make sure the information matches.
For shipped items, ensure that you keep detailed and signed proof of delivery documents on file; this can help protect you from chargeback penalties from credit card lenders.
Wondering how to prevent credit card fraud at your business for in-person charges? First off, make sure you’re using a PCI-DSS compliant credit card processing system in your POS. Requiring ID or a signature on high-value purchases offers another layer of security to protect your business.
You should also teach your team members how to recognize fraud “red flags,” from the customers themselves, as well as their physical cards.
Before processing a payment, make sure your cashiers and salespeople pay attention to customer behaviors, both as they move about the store and during the purchase itself. Is the customer:
Agitated, nervous or fidgety?
Making a purchase significantly higher than your normal average purchase (3x higher or more)?
OR purchasing several expensive items at once, without care for price, size, or color?
Taking a long time or concentrating “too much” on their signature?
Rushing through the transaction at the POS?
After completing a purchase, returning immediately for more items?
To help prevent fraud, it’s imperative to know what to look for in a credit card. For all in-person transactions, have your team members check for these common fake card indicators before accepting a credit card payment:
Does the card have a valid credit card number? Are the numbers aligned and evenly spaced?
Check the first number. AMEX cards start with 3, Visa with 4, MasterCard with 5 and Discover with 6. If the logo doesn’t match the number, the card is fake.
AMEX card numbers are 15 digits (other cards have 16).
Is the magnetic strip damaged or demagnetized? Criminals will do this to force you to input the information manually.
No EMV chip. Most new cards have a chip, so if the card is new (has an expiration date more than 2 years away), it should also have a chip.
After running the transaction, do the last 4 digits of the card on the receipt match the numbers on the physical card?
If you haven’t processed a purchase yet and you suspect fraud, the best way to prevent fraud is to simply not accept the payment. However, if the purchase has already been made, or was made online, here are the steps you can take to protect your business.
Contact the customer. Often, the phone number associated with a fraudulent charge is the number for your real customer. You can call them to verify the purchase, and alert them if there is someone else using their card.
Reach out to your payment processor. They’ve seen it all and can guide you on how to handle a fraudulent charge. Some also have verification and detection tools you can use to help prevent future incidents.
Delay shipments! If a remote payment is suspect, hold the items for 48 hours. This gives the real customer and the credit company time to detect a data breach and contact you accordingly (and even if there is a chargeback, you won’t have lost your goods).
SumUp maintains the highest level of standards for our POS software and payment processing systems to ensure that your information and your customers’ is protected at all times. That’s why our products are all PCI-DSS compliant, and use 256-bit encryption on all data transferred over the internet. Additionally, SumUp will never sell your customers’ information, or yours, except in cases where it is necessary to process a transaction.
Credit card fraud can be detrimental to your business, but by using these tips to prevent fraud proactively, you can save yourself from spending time and money paying for a criminal’s mistake. If you have more questions about fraud, or what to do if you see a suspicious charge, be sure to check out Visa’s extensive fraud guidelines.
If you found this article helpful, be sure to check out our other posts all about credit cards: