Fraud Prevention & Protection Efforts
August 26, 2020
According to a recent Nilson Report, credit card fraud in the U.S. hit $9.47 billion in 2019, accounting for 33.99% of gross card fraud losses worldwide. In addition, the costs associated with credit card fraud shouldered by merchants increased by 15% – a significant uptick considering total credit card fraud is projected to reach $35.67 billion within the next five years. It’s apparent that credit card fraud is a substantial threat to all businesses, with the potential to financially cripple small businesses.
There are two main types of credit card fraud: card-present fraud and card-not-present fraud. Card-present fraud happens when the merchant physically handles the credit card. Card-present fraud usually occurs when a credit card is stolen or spoofed via a counterfeit card. Detecting card-present fraud begins at the staff level, with employees trained to pay attention to red flags – like a faulty magnetic strip or missing signature – that could mean the credit card is stolen or fake.
So how can a small business protect itself and its customers? For card-present transactions, staff should be on alert if a magnetic strip is unreadable and ask for ID and check for a signature. Also, make sure your team knows how to identify a legitimate card:
- Security Holograms
- Starting number for each carrier: 37 or 34 for American Express, 4 for Visa, 5 for Mastercard, and 6 for Discovery.
- The last four digits are usually printed on the back of the card.
Purchasing behavior can also be a clue. Train staff to notice if the items seem incongruent or inconsistent with multiple sizes or duplicate products. If a customer is in a hurry to quickly finish the transaction or tries to distract the cashier, they may be trying to use a fake card. Finally, large purchases right before closing can also be a sign that something is amiss.
Card-not-present fraud is often harder to prevent because the credit card is not physically present for inspection, as is the case in most online or over-the-phone transactions. Unfortunately, merchants bear the cost of card-not-present fraud. Thankfully, credit card companies use sophisticated algorithms to monitor cardholder behavior and often spot card-not-present transactions quickly and deny a purchase. But the system is not foolproof.
Another solution is ensuring PCI compliance. PCI DSS (Payment Card Industry Data Security Standard) is a set of 12 security standards that help ensure that online card payments are processed securely. Maintaining PCI compliance helps businesses safeguard their sensitive data and protect customers from fraud or cybertheft. There are four levels of PCI compliance based on the number of transactions processed. Those levels determine how much security validation is required. For example, merchants at level 1 (more than 6 million transactions per year) must submit to an annual internal audit by an authorized Qualified Security Assessor (QSA). Levels 2-4, on the other hand, can provide a yearly Annual Self-Assessment Questionnaire (SAQ) instead.
The 12 PCI DSS Requirements are:
- Install and maintain a firewall
- Unique passwords and other settings
- Protection of stored cardholder data.
- Encryption of data transmission
- Malware and anti-virus software protection
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data
- Identify and authenticate access to system components
- Restriction of access to physical cardholder data
- Tracking and monitoring all access to network resources and cardholder data.
- Regular testing of security systems and procedures
- Maintain information security plans for all personnel
To protect against credit card fraud, whether or not the card is present, merchants need a payment processing partner they can rely on. Designed to provide compliance and security, the PayTech Gateway is built with a complete set of payment plans that deliver simplified data security, making PCI compliance cheaper and more manageable. Our payment environment is perfect for payment processing, including card-present point-of-sale, mobile payments, and e-commerce.
PayTech Trust offers secure merchant accounts and web-based solutions for businesses of all sizes to use for online credit card processing. With our collaborative suite of services and best practices to detect credit card fraud, PayTech Trust has the experience and the expertise to help your business with expertly crafted merchant service solutions.