Compiled and designed by Mark Fullbright , Certified Identity Theft Risk Management Specialist™ (CITRMS) as a free guide for merchants to protect themselves online & POS and to reduce their exposure to chargebacks and losses due to fraud.
• Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
3. FACTORING
Processing transactions through a merchant account for a
business or entity other than the specific business that was
screened for the merchant account
Also called credit card laundering
For example, if an individual operates two separate
businesses, they cannot process one store‘s sales through the
other store‘s merchant account.
Since you are ultimately responsible for all transactions that
run through your merchant account, if any items are charged
back, you are held responsible and your account will be
debited for theses transactions.
The crime? Factoring is used as a method to launder money
via credit cards. Visa and MasterCard can have your
merchant account shut down, and you can be substantially
fined, and placed on the TMF
4. CARD-NOT-PRESENT SCAMS
The risk of fraud increases greatly if your customer and their
credit card are not present at the time a purchase is made
because you don‘t have the opportunity to inspect the card.
―Card-not-present‖ transactions typically occur over the phone or
fax, or are Internet sales or catalogue purchases.
Without the card in hand, you are unable to inspect the card,
check for suspicious markings or verify the customer‘s signature.
As a merchant, you put yourself and your company at greater risk
by accepting these types of transactions.
If you are processing card transactions by telephone, fax or
Internet, make sure that you have signed the specific merchant
agreement required to perform Mail Order/Telephone Order
transactions where the card is not present.
Even after you have the proper agreement in place, it is crucial
that you take the precautionary steps to prevent potential
chargebacks.
5. SKIMMING
One example of skimming is where the fraudster uses a
device to read and copy the data on the magnetic strip of a
credit card – a process known as ―skimming.‖
Other times the information is received by tapping into phone
lines. Regardless of the method used, skimming is
responsible for millions of dollars of losses.
Typically, fraudsters ‗skim‘ the magnetic stripe in order to later
use it to Credit card skimming is when a person records the
information on a credit or debit card without the owner
knowing about it with the intention of using that credit card
information illegally.
Be on the lookout for devices used to swipe credit cards. They
are usually box-shaped cordless devices that look like pagers
and fit in the palm of your hand. Laptop computers have also
been used to accomplish the same thing.
6. DON‘T BE BULLIED
Here the ―customer― attempts to intimidate the cashier by
causing a fuss at the register so that the purchase is rushed,
which may lead to improper check out.
They may tell you that the card won‘t read and not to bother
running it through – that you‘ll have to key it in manually.
The crook may provide an authorization code they claim was
given to them by their bank. Don’t use it!
If the card in hand does not work, call your processor or bank.
If the crook demands anything else, give the card back and
deny the sale. It‘s better to lose a sell to a crook any day.
Don‘t be intimidated by these bullies; always take your time
and make sure the correct procedure is followed when
authorizing the card.
7. THE MANUAL KEY-IN
Often fraud occurs when the thief damages the card on
purpose so that you are forced to manually enter the number
in the electronic point-of-sale terminal.
Fraudulent cards are often damaged in order to bypass the
antifraud features that are placed on them – the magnetic strip
cannot be swiped and transmitted to the verification center for
authorization in the case of a manual key-in.
If you have an electronic point-of-sales terminal, swipe every
card that you come across – no matter how damaged or worn.
And be wary of customers who let you know right away that
their card won‘t read.
If the card doesn‘t work and you end up keying in the number,
make sure you take an imprint of the card.
If the card is severely damaged, simply ask for another form of
payment.
8. BORROWED CARDS
Beware of people waving letters of authorization for
use of a credit card.
Never accept any form of verification or
authorization.
Friends, coworkers, and spouses are not permitted
to borrow each other‘s cards.
The only person who should be presenting the card
to you is the person whose name is on the front of
the card and signature on the back of the card.
Chances are when the rightful owner gets the
statement a chargeback inevitably occurs.
9. THE TERMINAL REPAIR SCAM
This is a classic fraud scam.
Crooks come into your business and tell you that your POS
terminal needs to be repaired – offsite. But don‘t worry, they‘ll
replace your broken one with a loaner.
Once the loaner is in place, all of the information you scan
through is recorded, and now the information is theirs. You
may not even see it coming, as these criminals often pretend
to work for POS companies or say that they are attending to
other official business.
Any attempt to repair your terminal should be reported to the
police, and no replacement terminals should be accepted.
The safest thing you can do is to be cautious and report any
suspicious happenings immediately by calling your Merchant
Services Help Desk. They will help you verify whether your
device has been scheduled for pick up and repair and as well
as the authorized repair dealer.
10. THE LAST MINUTE SHOPPER
Be on the lookout for the shopper who is
purchasing expensive items just before closing
time, or someone who is hurriedly filling a
shopping cart with this type of item, without
paying much attention to price, size or quality.
These are the shoppers whose transactions
need to be handled with your utmost attention.
Crooks use this scam to catch merchants of
guard and not looking at the card carefully or
bypassing security protocol.
11. COUNTERFEIT CARDS
Stolen and counterfeit cards are a huge problem for
merchants and credit card issuers alike.
Because of the technology available to them, counterfeiters
are able to reproduce false cards that are high quality, even
without the benefit of the original.
All they really need is personal information and technology
to produce credit cards, debit cards, and smart cards. The
result is a huge financial loss to businesses around the
globe.
Protect your business by teaching your staff to recognize
the signs of a false credit card by checking the card
security features every time you make a credit card sale.
Call in a Code 10 if you suspect that the card presented to
you seems suspicious.
12. YOUR FIRST LINE OF DEFENSE
CALL IN A CODE 10
Any time you have doubts about something – a fraudulent
card, a signature or even a customer‘s behavior – call in a
Code 10.
A Code 10 allows you to call for an authorization without the
customer becoming suspicious. After dialing the authorization
center, inform the operator that you have a Code 10. The
operator will put you through to the correct person, who will
ask you a series of ―yes‖ or ―no‖ questions.
If the operator decides something is amiss, he or she will deny
authorization. The operator may even request to speak with
the cardholder to ask account information questions that only
the true owner of the card would know.
Call the voice authorization phone number provided by
your Merchant Services. Choose the prompt for "Code
10"
14. TAKE CHARGE OF CHARGEBACKS
Chargebacks are one of the most common – and
costly – ways that fraudsters take advantage of
merchants.
For example, some fraudsters, appearing to be
legitimate customers, will take both the ―merchant
copy‖ and ―customer copy‖ of the sales slip after
they have signed it.
When they receive their credit card statement, they
dispute the charge. And, since your company has
no record of the transaction, the full amount is
credited back to the consumer, and your business
loses the merchandise
15. FRAUD CHARGEBACK
A chargeback is a transaction disputed by the
cardholder or card issuer. There are many reasons for
chargebacks, but the most common are returned
merchandise, terminated services, disputes, errors, or
fraud. Merchants must be able to provide proof that the
disputed transaction is valid and in accordance with
Visa/MasterCard regulations or risk having their account
debited for the disputed amount..
For your business, a chargeback translates into extra
processing time and cost, a narrower profit margin for
the sale, and possibly a loss of revenue.
It is important to carefully track and manage the
chargebacks that you receive, take steps to avoid future
chargebacks, and know your representment rights.
16. AVOIDING CHARGEBACKS
Respond to retrieval requests and chargebacks promptly.
Another suggestion to prevent fraud is to require customers to
enter the 3 digit security code on the back of their card when
ordering products online.
Advertise honestly and have clear terms of service — these
can prevent customers from disputing transactions because
the product they purchased was not as described.
Make it as easy as possible for customers to get customer
service, and make the return policy clear at the time of the
transaction.
Follow the terms of service set by the card brands. Any
compliance violation can cause a merchant to lose its
chargeback rights.
Card-present businesses can prevent chargebacks by
requiring that cards be swiped, and get a signature whenever
possible.
17. CHARGEBACK GUIDELINES
Chargeback Management Guidelines for Visa
Merchants
Chargeback Guide For MasterCard
Merchant Chargeback guide-American Express
Chargeback and Exception Processing Guide
18. VERIFICATION NUMBERS
VISA Merchant Verification Service 800-847-2750
AUTOMATED
Option 1, Address Verification: enter in the numeric portion of the
street address, zip code, and VISA card number and it will advise
you if there is a match. Option 2, Issuing Bank Phone numbers:
enter the VISA card number and it will provide you with the 800
number for the issuing bank if available.
MasterCard Assist 800-622-7747
Select your language preference, then Option 2. Enter the
MasterCard card number and it will provide you with the 800
number for the issuing bank if available.
Discover Address Verification 800-347-7988 AUTOMATED
You will need your Discover Merchant number. Enter the
Discover card number and address information, and it will advise
you if there is a match.
American Express Address Verifications 800-528-2121
Option 3 allows you to verify the name and address of a
particular AMEX card number.
20. PROCESSING TRANSACTIONS MANUALLY WITH AN
IMPRINTER
When you process transactions manually, be sure to take an imprint of
the card every time a purchase is made with a credit card
Hold onto the credit card throughout the sale
Be sure to call in for authorization for every credit card transaction, if
required.
Make sure you neatly print and fill out the sales draft so that it is
complete, clear, and easy to read
Have the customer sign the receipt while you watch and verify that this
signature and the signature on the back of the card match
Don‘t divide one purchase onto more than one sales draft
Do not change or alter the sales draft after the customer has signed it – if
there‘s a dispute, the customer‘s copy is treated as correct
If a transaction has been cancelled by the customer, take the required
steps to stop the billing or reverse it immediately
Be sure to display your return policy at the point-of-sale – remember it is
your responsibility to inform your customers of this policy
Maintain a well-trained staff and ensure that they follow card acceptance
check-out procedures correctly
Save all copies of your sales draft in case of future disputes
21. MAIL AND TELEPHONE ORDERS
If possible, establish the customer‘s identity by writing their
name, address, credit card number, and expiry date on the
sales slip (also include name of issuing institution)
Be sure to call in for an authorization for every credit card
transaction, if required.
If you are taking an order over the phone, fax or Internet, only
ship items to permanent addresses – steer clear of post office
boxes or hotel lobbies, if possible.
Consider utilizing a shipping vendor that requires a customer
signature for delivery of merchandise. Moreover, use a
shipping vendor that can provide easy access to ‗proof of
delivery‘ information as this may assist in the chargeback
process.
Where applicable, utilize a billing system that provides
address verification or CVV processes
Always send a copy of the sales draft to the customer either
when the product is ordered or when it is shipped
22. ADVOCATE TIP#1
Understand the consequences of high risk
transactions and be proactive in preventing
unnecessary chargebacks and taking losses.
Be familiar with your processor‘s steps for potential
fraud. Have a list available with contact numbers for
employees to call if needed.
Consider training classes for employees using the
resources listed in this guide.
If you take a loss from a chargeback, follow up with
your processor or bank on how to prevent it from
happening again.
Repetitive losses could cost you in processing pricing
23. FRAUD RESOURCES
Look Up a ZIP Code – Validate if address is real
Credit Card Fraud Prevention & Security – Discover
Card
The FTC‘s Bureau of Consumer Protection
24. MASTERCARD FRAUD SECURITY
Arming You With Knowledge
MasterCard Security Features
Unsigned Cards
Design Features
Fraud Training
25. VISA FRAUD SECURITY
Visa Fraud Control
Key-Entered Transactions
Card Not Present
Know the signs of possible fraud
Skimming is a Scam
26. ADVOCATE TIP#2
Keep updated on current fraud trends and training
from your processor or bank.
Order flyers and/or posters from Visa and
MasterCard to post as reminders to employee to be
aware of fraud.
Avoid Force Posting transactions, if you are not
able to receive a valid authorization code, ask for
another form of payment.
If you received large international orders and you
had not before, use caution.
Think of what you have to lose, before thinking of what
you’ll make in profit.
27. VERIFIED BY VISA
Verified by Visa works to confirm an online shopper's
identity in real time by requiring an additional password
or other data to help ensure that no one but the
cardholder can use his Visa card online.
When customers see the Verified by Visa symbol on
your site at checkout, they can rest assured that their
online transactions are protected by the brand they
know and trust.
And, even if the cardholder isn't enrolled in the program
or their issuer isn't participating, the merchant is not
liable for certain fraud-related chargebacks on Visa
personal debit and credit card transactions.
Protecting both merchants and consumers against fraud
28. MASTERCARD SECURECODE
MasterCard SecureCode is a private code for your
MasterCard account that gives you an additional
layer of online shopping security. Only you and your
financial institution know what your code is –
retailers aren't able to see it. So you can trust that
your transactions get independent approval every
time.
MasterCard SecureCode®
29. CONSIDER EMV
EMV stands for Europay, MasterCard and Visa, a global
standard for inter-operation of integrated circuit cards (IC
cards or "chip cards") and IC card capable point of sale (POS)
terminals and automated teller machines (ATMs), for
authenticating credit and debit card transactions.
The EMV standards define the interaction at the physical,
electrical, data and application levels between IC cards and IC
card processing devices for financial transactions.
There are standards based on ISO/IEC 7816 for contact
cards, and standards based on ISO/IEC 14443 for contactless
cards (PayPass, payWave, ExpressPay).
The Future of Payments with MasterCard
Visa U.S. Merchant EMV Chip Acceptance Readiness
Guide
30. EMV IN THE NEWS
―Part of the October 2015 deadline in our roadmap
is what‘s known as the ‗liability shift.‘ Whenever
card fraud happens, we need to determine who is
liable for the costs. When the liability shift happens,
what will change is that if there is an incidence of
card fraud, whichever party has the lesser
technology will bear the liability‖ http://blogs.wsj.com/corporate-
intelligence/2014/02/06/october-2015-the-end-of-the-swipe-and-sign-credit-card/
―Visa and MasterCard require U.S merchants and
card-issuing banks to migrate to EMV technology
by October 2015 or face increased liability
exposure.‖
http://www.computerworld.com/s/article/9246424/EMV_smartcards_offer_security_benefits_even_without_PIN_V
isa_says
31. COMPANY NAMES MENTIONED HEREIN ARE THE PROPERTY OF,
AND MAY BE TRADEMARKS OF, THEIR RESPECTIVE OWNERS AND
ARE FOR EDUCATIONAL PURPOSES ONLY.
Compiled and designed by Mark Fullbright , Certified Identity
Theft Risk Management Specialist™ (CITRMS) as a free guide for
merchants to protect themselves online and POS to reduce their
exposure to chargebacks and fraud losses.
Stay Safe, Stay Secure