Credit Card fraud has been on the rise in the United States. One industry publication estimates that 47% of all credit card fraud took place in the United States in 2015, with an estimated 31.8 million Americans having their cards stolen or fraudulently used in 2014. In response to these concerning trends, credit card companies have started to use new security features. Chief among these is the EMV chip, and the implementation of new Point of Sale (POS) devices that can read these chips. These chips are so secure that, as of October 2015, that credit card companies now assume liability if any fraud occurs for in person transactions utilizing an EMV compliant device. But, the flip side is that merchants are on the hook for fraudulent activity if they are not using a chip-enabled EMV device.
Despite this shift in liability, some credit card processors have been slow to adopt the technology – mostly because it’s expensive. This negatively impacts small business because if locked into a long-term contract with an existing credit card processor, they cannot easily switch to processor with the latest technology. But even as processors and small businesses slowly switch to the EMV chip systems, other types of credit card fraud are expected to rise—especially in Card-Not-Present (CNP) scenarios. To be sure there are greater risks of fraud when taking someone’s credit card online or over the phone. And some industry analysists expect CNP fraud to double by 2018. And unfortunately, the merchant usually bears the risk of a charge back when this sort of fraud occurs—which may amount to a major liability if you are processing a card for hundreds or thousands of dollars. For these reasons, we’ve put together some tips below to help your business avoid credit card fraud.
How to Limit Card-Not-Present Fraud
A CNP transaction occurs when a business accepts a credit card when the card is not physically present in the store. This could be through an online shopping portal or website, or it could be over the phone. A customer might also submit written credit card information on order form. These methods of accepting payment render most built-in security features of credit cards ineffective. So to limit CNP fraud, your business should:
1. Utilize an Address Verification Service (AVS)
When conducting a CNP transaction, you should get several pieces of important information from the customer. This information includes the customer’s name as it appears on the card, the full card number, the expiration date, and the billing address and zip code. This information may then be plugged into an AVS system. An AVS system verifies that the billing address you received and the address on the account match. Oftentimes, this catches a fraudulent transaction because someone who stole a credit card doesn’t know the correct billing address on the account. If the billing address doesn’t match, don’t accept the transaction. You should talk to your merchant bank and/or processor about utilizing AVS for your business.
2. Utilize Built-In Features like the CVC Code
Similar to an AVS, the CVC (also called CID and CVV) code is a number that is unique to each card account. For most cards, this is the three-digit number on the back near the signature panel. For some cards, like those issued by American Express, this is a four-digit number that’s on the front of the card. This code only appears physically on the card, it is not transmitted when a card is swiped – so if the card was stolen in a data breach and someone is attempting to use it fraudulently, they probably can’t give you the the correct CVC code. Accordingly, if the CVC code comes back as incorrect, don’t accept the transaction. You should talk to your merchant bank and/or processor about utilizing CVC codes in your CNP transactions.
3. Pre-Authorize the Card or Require a Deposit
If your business engages in work that isn’t immediately available (for instance, manufacturing, design, or the provision of parts that you need to order from a supplier), consider pre-authorizing a card in a CNP transaction or requiring a deposit. Neither of these methods will prevent fraud, per se, but they will help in discovering it before you spend too much time and money filling a fraudulent order. A pre-authorization occurs when a processor places a temporary hold on a credit card account. This ensures that the funds are available, but it doesn’t complete the charge – it just reserves the funds until later, when you decide to complete or not complete the charge. Most pre-authorizations are only valid for a short period of time (on the order of 5-7 days) and so this may not be the best method for you to use, depending on the needs of your business. If you think utilizing pre-authorizations may be appropriate for your business, you should call your merchant bank and/or processor to learn more.
A deposit works in a similar way, but money will actually change hands. By requiring a portion of an order be paid up front you may learn about fraudulent credit card use earlier, thereby saving you time and money that would have otherwise been spent fulfilling the order.
4. Call the Card Company
If a transaction seems suspicious to you, you can always call the card company before completing the transaction. If you ask, most card companies will conduct what is called a “courtesy call” with the customer. What this means is the card company (or sometimes the bank who issued the card) will call the customer to confirm that it was them who placed an order at a business on a particular date. Some card companies do this as a part of their own in-house fraud prevention techniques, particularly if a transaction seems out of place based on a customer’s history of use with the card.
How to Limit In-Person Fraud
Due to recent improvements in credit card security technology, in-person credit card fraud is becoming more rare. The most significant security development has been the implementation of the aforementioned EMV chip. The chip operates by producing a unique code each time it is used that is matched to your account by the credit card companies. This means that even if someone steals the transaction data, all they have are random numbers instead of the card number and your name. As we said, some processors have been slow to adopt this new technology because it’s expensive. Therefore, it’s important be aware of other built-in card security features and methods to help limit fraud. They include:
1. Ask for ID
Asking for ID is one of the simplest ways you can help to limit in-person credit card fraud. If something doesn’t seem right, or even if you just want to get in the practice of doing it, ask the customer for a state-issued ID – like a driver’s license. This allows you to compare the name on the license to the name embossed on the card. You can also compare the signature on the driver’s license to the signature on the credit card, assuming the customer has signed their card. If the name or signature don’t match, don’t accept the card.
2. Look for Card Security Features
Some credit cards have security features on them, like holograms or other unique information. Holograms usually appear on the back of the card, and appear when the card is tilted in different ways. The appearance of a hologram makes it more likely that you’re holding a legitimate credit card, and not a counterfeit that has been loaded with someone else’s information. MasterCard usually utilizes a hologram featuring a map of world while Visa usually utilizes a hologram of a dove. Of course, not all card companies put holograms on their cards (for instance, American Express). For more on card security features, read the materials that Visa, MasterCard, American Express, and Discover publish about their card security features.