All businesses are potentially vulnerable to credit card fraud. Help protect your business with these seven tips.
Credit card fraud is a widespread problem across Ireland. In 2017, fraudsters attacked an Irish retailer 172 times in only two weeks. Had all transactions successfully processed, the retailer would have lost €16,000 in revenue.
A number of tactics fuel the growth of CNP fraud — fraudulent misuse of a credit card over the phone or internet. Such tactics include email phishing, skimming, telephone solicitations, and hacking. As a business owner, a single instance of credit card fraud can put your whole company at risk.
Maintain Secure Network Access
Avoiding credit card fraud starts with securing network access. This involves utilising encryption for all transactions. Your network administrator must also regularly update all software to the latest versions. Continually updating software is essential because it helps prevent cyber criminals from using keyloggers, Trojans and other types of malware.
Make sure to create and enforce a strict employee access program. Only employees who need access to certain pieces of data should have access to it. After all, why would your janitor need access to payment transaction data?
Another tip is to have all workers use separate devices for personal and business use. This applies to senior-level employees and lower-level workers. The goal is to have as few devices as possible with business data on them. The fewer the devices, the less the chance of a cyberattack.
Follow PCI Security Standards
The Payment Card Industry (PCI) sets payment security standards for small businesses. These standards guide businesses on how to securely accept, send and manage cardholder data. Maintaining PCI compliance is one of the best ways to ward off credit card fraud. Showing you are PCI compliant increases your brand’s credibility, too.
Leverage AVS and CV2 Fraud Checking Tools
Subscribe to the AVS checking system. The system communicates with credit card companies to verify billing addresses. If a credit card user doesn’t give you the correct billing address, the system rejects the transaction. The system isn’t free to use, but it can minimise your losses from fraudulent credit card attempts.
You can sync AVS to run automatically through your virtual terminal or payment gateway. Although MasterCard provides AVS, all major credit card brands in the US, UK and Canada utilise the system.
If you ship products, you must always ship to the address that matches the AVS. If you don’t, you are very unlikely to win a chargeback dispute.
AVS doesn’t work with addresses outside of the US. As an Irish business, you probably process transactions from non-US customers. This makes CVV tools of the utmost value.
CVV stands for card verification value. A CVV represents the 3-digit security code on the back of a credit card. On AmEx cards, it’s a 4-digit code. With CVV tools, you can reject transactions according to four pieces of criteria directly related to the CVV.
1) Reject if CVV is not provided
2) Reject if CVV does not match CVV on file with credit card company
3) Reject if CVV should be on card but is not indicated
4) Reject if issuer is not certified or fails to provide encryption key
Using a CVV tool is one of the most effective ways to prevent credit card fraud. This is especially true for non-US businesses and US businesses that conduct numerous transactions with non-US consumers.
Stay aware of suspicious customer behaviour
Use these warning signs to stay aware of odd customer behaviour that indicates potential credit card fraud:
- Customer pulls credit card out of pocket instead of a wallet or purse.
- Customer buys an unusual number of expensive items.
- Customer buys large number of unusual items in many colours or sizes.
- Customer comes in at last minute and attempts to rush through the checkout process with expensive items.
- Customer asks you not to insert or swipe the card, stating it doesn’t work; customer asks you to write down credit card numbers.
- Customer hands you the phone claiming a banking representative is going to verify his or her identity (the ‘banking representative’ is usually part of the scam).
Be careful with over-the-phone transactions
Over-the-phone transactions are very tricky. You don’t have the physical card nor the buyer in front of you to verify identity. To make over-the-phone transactions more secure, always ask for the following:
- Complete card number
- CVV number
- Expiration date
- Shipping address
To make phone transactions more secure, only accept transactions where the billing and shipping addresses match. Fraudsters are well known for providing different shipping addresses. They don’t want their items sent to the actual cardholder’s address.
You’ll also want to require delivery confirmation on high-dollar phone orders. This makes it difficult for the buyer to claim “goods not received.”
Report fraud immediately
Even with the most extensive fraud prevention plan in place, you can’t completely eliminate credit card fraud. Fraudsters are smart. They do a really good job at staying a step ahead of retailers and even some of today’s state-of-the-art security measures.
Any time you even suspect fraud, report it immediately. Call the card issuer’s authorisation center and put in for a code 10 authorisation request. You can also call your payment processor or bank to report fraud.
Keep yourself and your staff up to date on tactics
As consumer and business owners start to wise up to some methods unheard of a few years ago such as phishing and skimming, the fraudsters are moving on to ever more sophisticated techniques. It is a game of cat and mouse with the authorities and unfortunately business owners need to keep in the loop about tactics and maintain their suspicions for anything out of the ordinary. You may end up annoying some legitimate customers but the potential losses make it worth it.