Fraud is one of the biggest challenges you face as a merchant, so it’s up to you to understand how to prevent common types of credit card fraud.
And as the way we purchase things continues to evolve, it is difficult to keep up with the new threats that come along. Despite efforts to combat it, card present fraud remains an issue, as does card not present fraud.
Moreover, mobile payment fraud is now a major concern and PoS fraud continues to rise.
Common Types of Credit Card Fraud
So, what are the most common types of credit card fraud anyway?
There are a few basic concepts, which we’ll break down below, but each one requires a slightly different approach in effort to avoid falling victim to fraud. Whether you’re just starting a business or you’ve been in business for a while, you need to understand these concepts in order to protect your business.
It’s also important to keep an eye on emerging technologies, including mobile payment for example, as these will pose new weaknesses in security.
Detailed below are some steps to lower your risk of fraud:
Mobile Payment Fraud
As the popularity of mobile payments grows, it is inevitable that the amount of fraudulent payments will also increase. Worldwide, mobile transactions are expected to exceed one trillion dollars by 2019 and mobile point of sales transactions are also on the increase.
Research shows that mobile transactions were expected to be worth $563.4 billion in 2016, and as stated onpymnts.com, 2014 data indicated that mobile transactions included$3.34 billion hidden costs for every dollar of fraud.
Research also indicates that small businesses receiving payments through mobile PoS systems, apps or browsers have a limited amount of fraud protection in place, which leaves their company at risk. However, there are some measures you can take as a retailer to reduce mobile payment fraud including:
- Ensuring authentication through mobile apps is as strong as possible to reduce the risk of payment fraud and to limit the chances of identity theft.
- Keeping up to date to understand the changing nature of threats. One way of doing this is through the Merchant Risk Council.
In addition, LexisNexis suggests recording mobile payment fraud separately so you can assess how much of a problem it is and act accordingly. You’ll find further tips on reducing mobile payment fraud here.
Card Holder Not Present Fraud
The rise in eCommerce has led to new opportunities for fraudsters; retailers are advised to be aware of high-risk countries. These include the Ukraine, Turkey and Malaysia, and Amsterdam, Africa and China are also high on the list. A full list of high risk countries can be seen here. eCommerce owners are urged to exercise caution when sending orders to these countries, and to carry out additional checks.
To further reduce your risks of cardholder not present fraud:
- Check if the shopper is choosing a free email address or a pay as you go mobile phone.
- Call the issuing bank to validate the card details and to confirm that the transaction is genuine.
- Check the zip code matches the area code and that the zip code is genuine.
- Look out for customers that place orders for numerous high value items within a short period of time. While these transactions might well be legitimate, this type of spending can indicate fraudulent transactions, and it is worthwhile making additional checks.
- Always ask for the CVV2 code from the back of the card; this shows the card is in the payer’s possession.
- The major credit card companies have tools to help prevent fraud like Verified by Visa and MasterCard’s Secure Code – make sure you use them.
- Be careful about accommodation addresses and PO Boxes. These might be genuine transactions, but take some extra checks.
Malware is increasingly targeting retailers in the form of PoS malware, and it is predicted these types of attacks will continue to grow.
Figures from 2015 show that 45 per cent of POS system attacks were against small businesses, While EMV aims to make PoS card transaction more secure, the PoS system itself can still come under attack and Wendy’s is just one business that recently fell victim.
Trend Micro say there are five common ways in which companies can fall victim to such an attack:
- A malicious attack from someone working for the company.
- Hackers who learn to exploit vulnerability, which is why it is vital to keep software and patches up to date.
- PCI DCI guidelines are not being followed, which leaves data vulnerable.
- Phishing and social engineering attacks.
- Or targeted attacks.
To reduce the risks of malware, it is recommended that retailers employ a 2-point security strategy to help secure their PoS against malware, and multi-layers of security should be in place, including vulnerability protection and endpoint application listing. Trend Micro has published a useful infographic with tips to reduce PoS malware attacks.
Card Holder Present Fraud
Each of the credit card companies has a set of best practices to help retailers lessen their risks of card present fraud. For instance, American Express advises merchants to:
- Check the CID number on the right/left edge of the card
- Confirm the signature on the card and the receipts match
- See if the card has a valid date and the codes match.
- Call for verification and using a point of sales device.
Visa tell merchants that the preference should be to use a chip-reading device and that the card ‘should remain in the terminal until the transaction is complete’. Merchants are then advised to check the features of the card, to confirm it hasn’t been altered in anyway and to get authorization by obtaining a signature.
If fraud is suspected, merchants are told to follow their store’s guidelines for dealing with potential fraudulent transactions.
The signature, the final four digits on the credit card and the signature should then also be compared with the information on the receipt.
How to Handle Suspected Fraud
Ensure that staff are trained so they know what to do if they suspect fraudulent activity; staff should all be aware of the best practice guidelines issued by the major credit card holders, and they should know the most common signs of fraud to look out for – you’ll find a detailed list on Visa’s website.
Although there are new methods to counter fraud, it will always be part of running a business, which is why it is crucial that every company – regardless of its size – has anti-fraud measures in place and that they keep up with the latest threats to lower the risks of fraudulent activity.