Avoiding Credit Card Fraud

Safeguarding your business against fraud is important, particularly if your business accepts credit cards either at the counter or online. While credit card fraud may always be a concern, it is something you can protect yourself against to reduce your risk of losses.

Preventing the Cause of Fraud

If you can and it’s appropriate, avoid the chance of any credit card fraud by offering alternative payment options for customers such as direct payments or online banking.

Additional steps to reduce the risk of credit card fraud:

• Take extra care to validate the customer’s full name, address, and contact details, especially if a business customer requests amendments to their credit card information. Confirm any changes with a trusted contact in that business.
• When arranging deliveries, choose an option that requires a signature. Use a trusted courier to reduce the risk of fraud or collusion. Make sure deliveries are sent to locations where someone will be available to receive them.
• All credit card information should be transmitted through encrypted, secure channels when processing payments.
• Use reputable payment processors that comply with Payment Card Industry Data Security Standards (PCI DSS).
• For mail or telephone orders, consider using click-to-pay invoicing solutions, which allow you to generate a secure payment link that can be emailed, providing a safer way to handle credit card details.

Verifying customer details and using secure channels for payments are essential steps in reducing credit card fraud risks. Equally important are monitoring transactions and securing systems. Here’s how:

• Use tools like the Address Verification Service (AVS) and Card Verification Value (CVV) to verify that the provided address matches the cardholder’s address and that the customer has the card in their possession.
• Watch for unusual transaction patterns, such as multiple orders from the same IP address, rapid purchases, or international orders where the shipping destination differs from the cardholder’s address.
• If you operate an e-commerce site, consider outsourcing payment processing to a trusted third-party provider, which offers additional security for online transactions.
• Secure your website with HTTPS/SSL certificates and consider adding two-factor authentication (2FA) or CAPTCHA on checkout pages to prevent unauthorized access.
• Keep your POS system and any related payment software up to date to ensure they benefit from the latest security improvements.

Proactively monitoring transactions and keeping systems secure can greatly reduce the chance of fraud affecting your business.

Protecting Your Business

Credit card fraud typically takes place online, so having the cardholder physically present to swipe the card and/or insert a PIN should lower the risk of fraud.

If your business falls victim to credit card fraud, you may first discover it through a chargeback, which is a reversal of a credit card payment from your account. To minimize this risk, take proactive steps to verify the purchaser’s identity and confirm that each transaction is legitimate.

Authorization Approval

This does not mean that you are guaranteed payment. Approval only indicates that at the time the approval was issued, the card hadn’t been reported stolen or lost, and the card credit limit has not been exceeded.

If someone else is using the credit card number illegally, the card holder has a right to dispute the ‘approved’ charges and the transaction could be charged back to your business.

Here are some other scams to watch for:

Refund Fraud

This is a common type of fraud which involves issuing credits (refunds) via your EFTPOS terminal. It is often committed by employees processing refunds to their own debit and/or credit card. To avoid detection, they may create a large sale on a fraudulent card then process a refund to their own card.

To guard against this type of fraud, we recommend closely monitoring all refunds, checking they all correspond to a legitimate sale and are refunded back to the card used in the original purchase.

Shipping Scam

These scams involve a malicious third party using a stolen credit card to pay for goods. The scammer contacts the business requesting goods to be shipped overseas and the price plus freight charges to be billed and split between several credit cards.

The scammer insists that the business use a particular shipping company and provides a phony email address. The business then contacts the so-called shipping company which requests the freight charges be paid upfront by cash wire transfer.

The business is persuaded to make the transfer after verifying that the credit cards have sufficient funds and do not appear stolen. However, the shipping company’s email address is actually a front for scammers, and the credit card details are stolen, likely from online card accounts, which may take some time to be identified as fraudulent.

The outcome is that a business can be out of pocket for the cost of the shipping even if they haven’t shipped the goods.

Chargeback Fraud

This occurs when a customer makes a purchase, then falsely claims they didn’t receive the item or service. They then dispute the charge with their credit card company. Where possible, provide evidence that the item requested was shipped to the agreed upon address and delivered as requested such have the shipping company take a photo of the object as it is delivered.

Next Steps

• Train staff on industry standards and fraud detection tools and set up alerts for large or unusual transactions.
• Attempt to stop the delivery of goods if fraud is detected and they are still in transit.
• Regularly audit payment processes to uncover vulnerabilities and ensure security compliance.
• Report suspected fraud to authorities, such as your local FBI field office or the FBI’s Internet Crime Complaint Center (IC3).

Protecting your business from fraud involves staying proactive. Train your team, monitor for unusual activity, conduct regular audits, and engage with law enforcement agencies such as your local FBI field office and the FBI’s Internet Crime Complaint Center (IC3) when fraud is suspected. Professional IT support can also be invaluable in strengthening your defenses, as is subscribing to Homeland Security email updates.