The sad reality about credit card fraud is that there’s no way to prevent it from happening 100% of the time. Two years ago, Nielson reported that despite the advancement of technology, experts still expect credit card fraud to top out at over $30-billion a year in 2020.
As a small business owner, you can’t afford to take credit card fraud lying down. No business can afford it, in fact, but small business owners are hit the hardest by this crime.
Chargebacks due to fraud are a reality, and if you allow a fraudulent transaction to take place, you’re going to pay that money straight back to the credit card company.
1. First things first…
There are a lot of “experts” online that will tell you to look out for suspicious customer behavior in your store, such as:
- Pulling the card from their pocket rather than a wallet or purse.
- Making large purchases or buying a lot of really expensive items.
- Making strange purchases, such as similar clothing items in multiple sizes.
- Buying products known to be ingredients in street drugs.
- Asking you to put the card through manually (always refuse to do this, obviously).
Fact is, you run the risk of offending an honest paying customer when making snap judgments. Not to mention, credit card companies don’t allow you to turn away a transaction to someone even if they refuse to show you ID.
If you live in a small town, it’s possible to know about the “riff raff” who don’t have a penny (or credit card) to their name. In most cases, though, refusing to allow someone to make an in-person, card-present purchase using a credit card is a slippery slope you don’t want to step onto.
2. You must use EMV chip readers in brick-and-mortar environments
Do NOT count the cost when it comes to adopting EMV chip readers in your stores. Service providers will often rent you a reader if you can’t swing a few hundred dollars to buy one.
EMVs are more resistant to fraud, and — the big AND — you as a merchant are guaranteed to be protected against chargebacks when you use one (the credit card company’s insurer will absorb this cost, for now).
3. Adopt the use of an AVS for online sales
An Address Verification System is a tool offered only by banks and credit card issuers. Most payment gateways, such as PayPal, etcetera, and various payment softwares don’t offer an official assessment of risk on a given transaction, even when they claim to use AVS during a transaction.
Basically, an AVS will tell you if a given address submitted during an order matches the address submitted by the registered user to their credit card provider. The results returned by the AVS can tell you how risky it might be to accept a sale, as opposed to declining the purchase at the time a payment is being made
Results that come back from an AVS:
- Full match: Low fraud risk.
- Partial match-address: Low fraud risk.
- Partial match-zip code: Low fraud risk.
- International: It pays to know what areas of the world are prone to fraud and assess all such orders carefully.
- No match: Could be legitimate, but if it isn’t, you’re the only one that stands to lose anything.
- Unavailable: Accepting payment here is taking a big risk.
An AVS is just one tool to be used in conjunction with others. Information does become outdated quickly, and none of the results detailed above guarantee fraud is taking place.
4. Stay off the phone
In this day and age, with gateways such as PayPal freely available to small business owners, it doesn’t make any sense to take credit card payment info over the phone from strangers. Long time clients, sure, if you know them well. However, it’s just as easy to confirm an order over the phone, and email a customer a link to a secured payment gateway to finish the transaction.
Recording phone calls simply isn’t enough, and the customer isn’t required to confirm their PIN or CVV over the phone either, meaning that once again, you’re on the hook if fraud takes place after you put a manual transaction through. Tell the customer you do this to prevent criminals from making fraudulent purchases with their card, and that you appreciate their cooperation.
5. Ensure all gateways and transactions are PCI-DSS compliant
This is a rather exhaustive topic to get into, and one that’s covered thoroughly on the PCI Compliance Guide Organization’s website. “Payment Card Industry Data Security Standard” is a set of standards and best practices that ensure everything you do with a consumer’s private payment data is as secure as it can be.
When dealing with chargebacks from credit card issuers, or lawsuits from card holders and actual fraudsters trying to make you culpable in their crimes; PCI-DSS compliance can work in your favor.
If you don’t follow the standards, you could be legally, and not just financially liable when fraud activity occurs. It’s particularly important for small businesses to be educated as much as possible about PCI-DSS, since you don’t have a big corporate compliance team watching your back.
Credit card fraud isn’t going away any time soon.
The fact that you’re a small, potentially struggling small business is never an excuse for letting credit card fraud take place at your business.
Keeping up on the trends taking place in the payment processing industry, reading the latest business news, and educating yourself on the latest safeguards against fraud is the only way to minimize your risks.