A 2019 study found that 30% of small businesses have been victims of fraud, with the average fraud-related losses totaling $150,000 per small business. While you might think scammers would prefer to target bigger fish, small businesses are usually preferred because they’re more likely to lack the oversight and internal controls needed to prevent fraud. That’s why the subject of credit card fraud merchant protection needs to be a high priority from the beginning, even if you think your business is still too small to be a target.
This is especially true considering merchants are often stuck footing the bill for credit card fraud. Whether it’s chargeback fees or being forced to pay your bank back for a bad check or for funds you already withdrew, it’s worth learning how to spot credit card fraud and what you can do to prevent it from happening.
Online Credit Card Fraud Protection
By far the most common form of credit card fraud is known as “card-not-present” fraud. For online purchases, the fact that a scammer just needs the information from a card makes it easy to place orders and make purchases without ever having the physical card itself.
If a scammer can simply steal that data, either by copying it from a physical card or by hacking, they can go on a spending spree before the victim realizes their card has been compromised. When the victim does find out, though, they will not only cancel that card but initiate chargebacks for purchases that were made.
Another issue that merchants have to worry about online is the software scammers use to generate valid credit card information. Programs are available on the black market that simultaneously places multiple small purchases using randomly generated numbers. Whenever one of those transactions goes through, scammers can use that card information to make future fraudulent purchases.
This is most commonly used by scammers who have stolen credit card information but are missing the CVV code from the back of the physical card. Since there are only 999 possible combinations, it’s relatively easy to use a random number generation program to find the right combination.
How to prevent online fraud:
While it can be trickier to catch, a few smart security measures can dramatically reduce the number of fraudulent transactions you’re exposed to online. Here are some of the best steps you can take:
- Use a payer authentication program like Verified by Visa or MasterCard SecureCode that requires customers input an additional security code to verify the true owner of the card is making the purchase.
- Use reCAPTCHA. The second version of the bot-detection tool simply requires users to check the “I’m not a robot” box, making it a painless security feature for customers and an effective way to prevent a scammer’s software from placing fraudulent orders on your sight.
- Use fraud screening services. Your eCommerce platform or payment processor may offer fraud protection tools. Make sure you’re taking full advantage of all of them. For example, some offer transaction filters that let you set custom rules to flag transactions that might be suspicious so you can personally review them.
In-Store Credit Card Fraud Protection
While it’s less common, it’s still relatively easy to commit credit card fraud in person. Most often, scammers do this by simply using a lost or stolen card. In some cases, they use a fake or doctored card that the merchant will need to input manually. By the time the merchant finds out the payment wasn’t approved, the scammer is long gone.
How to prevent in-store fraud:
Here are the best practices merchants can use to prevent credit card fraud in their stores:
- Refuse manual card entries without exception. When the magnetic stripe or chip isn’t working, customers might ask employees to manually key in the card information manually. However, scammers with fake or altered keys often use this manual entry option to complete their fraudulent purchases. To prevent this, implement a store policy to refuse manual payments no matter the circumstances.
- Use a POS system with a chip reader. Scammers can easily clone and make fake cards with magnetic strips. But chip technology uses constantly changing data to make it difficult to clone. Not only does offering a chip reader reduce fraud by as much as 76%, it may also reduce your liability for a fraudulent process.
- Use the guidelines below to request code 10 authorization for suspicious purchases.
When to Request Code 10 Authorization
Train employees to be alert to the following suspicious behavior and to call the card issuer to request code 10 authorization:
- Making a purchase right when the store opens or just before the store closes.
- Returning to the store multiple times to make purchases. Depending on your business, the number of repeat visits that constitute suspicious activity will vary. A café wouldn’t likely flag a daily coffee drinker as suspicious, for example. But an electronics store might raise the alarm on a single customer buying multiple expensive TVs in a single week.
- Trying to distract or rush the employee during the transaction.
- Making large purchases without asking questions or showing any apparent concern for style, size, or other relevant details.
These behaviors aren’t guarantees that the person is committing fraud, but they are irregular enough to warrant the extra step of contacting the card issuer for a code 10 authorization.
Choose a Payment Processor with Robust Credit Card Fraud Merchant Protection Tools
The payment processor you work with matters. While most will have their own fraud prevention protocols in place, some aren’t necessarily designed with the merchant in mind. Processors like Square, for example, are likely to simply lock or close a merchant’s account at the first hint of fraud. The hypervigilance keeps the processor safe but doesn’t do much good for merchants.
This is especially true for high-risk merchants where even legitimate transactions might be flagged as fraudulent by a processor who doesn’t know enough about your business. That’s why you need to shop around and choose a payment processor that implements credit card fraud protection in a way that protects merchants as well as the processor and customers.
At National Processing, for example, you can apply for a high-risk merchant account that comes with cutting-edge digital tools to prevent data breaches, fraud, and other risks that your business might be vulnerable to. In addition to fraud tools, the account comes with chargeback management integrations that make it easier to prevent credit card fraud, resolve chargeback disputes, and even automate refunds to avoid the chargeback (and the fees that come with it) altogether.