The explosion in credit card fraud is costing businesses more than consumers. Reason being is consumers enjoy plenty of built-in protections and legal remedies against of credit card fraud. Charges made on stolen credit cards held by individuals are routinely dismissed by credit card companies and consumer credit accounts can be shut down within minutes of a card holder having discovered a lost or stolen card. Unfortunately, someone has to pay -- and in this case, it's the merchants. Not only must they repay the credit card company for the cost of the goods fraudulently charged in the name of the swindled customer, but they also will be assessed a chargeback-related administrative fee by the credit card company and they likely will never be able to recover the contested merchandise.
10 Steps to Minimizing Credit Card Fraud
Online1. Ship to the billing address only. Every credit card has a primary billing address associated with it. This is where you should ship orders. You may miss out on a few gift purchases that the buyer wants to send to someone else, but you'll also miss out on a lot of fraudsters who try to have orders shipped to their addresses, not the addresses on the cards they've stolen.
2. Ship by restricted mail. Many scammers do not want to sign for their packages in person and with identification, and will therefore be dissuaded by restricted mail.
3. Check foreign addresses. Credit card fraud is now a global phenomenon, and global scammers attempt to have orders delivered to their addresses abroad. Be aware that orders emanating from Nigeria, the former Yugoslavia, Pakistan, Indonesia and Romania are likely to be fraudulent. Review these orders with extra care.
4. Ask for CVV codes. These four-digit codes appear on the backs of credit cards. Asking for them in conjunction with the credit card number reduces the chance of fraud.
5. Protect your website code. These days, savvy programmers can use contact forms to send malicious code your way that can afford them access to your website or databases containing sensitive data such as Social Security, credit card numbers and merchandise prices. On the last point, some hackers may try to do such things as manipulate a merchant's prices so then can easily pilfer goods from online sites that way. Some business owners wrongly assume they are safe from such code injections because they employ firewalls or SSL encryption. However, neither of these tactics provides real protection from code injection attacks, in which hackers "piggyback" malicious code onto good code through an input field in the application. Therefore, a business's protections must come from the code within the application itself.
6. Employ Verified By Visa and MasterCard Secure Code. This gets the two largest credit card providers on your side, as they will authenticate customers on your behalf. There is a small charge per transaction, but well worth it for the added security. This is a service that you can install on your own, but it is also maintained by transaction processors such as CyBerSource and others. Once a customer enrolls in Verified By Visa and MasterCard for any e-commerce website, they cannot claim a chargeback for any reason. This not only lowers a merchant's fraud exposure but also eliminates the chances of a customer with buyer's remorse or some other issue contesting the charge and winning a chargeback. This is important because plenty of credit card fraud is committed by legitimate cardholders, who can lie about transactions just as easily as professional fraudsters.7. Don't telegraph your fraud protection policies. Fraudsters are constantly on the lookout for cracks in your system. Never let the outside world know what you do behind the scenes to prevent fraud.
8. Trust yourself. You know your business better than anyone else. Thus, you may have a sixth sense about certain credit card transactions. Some locations of origin, order sizes or order timings may set alarm bells ringing in your head: for example, a new customer who places an expensive order and asks for overnight shipment. As long as you exercise the utmost courtesy in reaching out to potential customers for further verification, it's your right to be skeptical.
In-Store and Online
9. Enlist the assistance of a credit card authorization services provider. This could be your bank or a dedicated merchant services company. Ask the provider about their ability to manage both retail and e-tail locations, the strength of their transaction processing software and the ability of their authorization gateway to detect fraud electronically. Make certain that an address verification service is part of the provider's online package.
10. Check all transactions manually. Unless your transaction volume runs into tens of thousands of orders a month, it's easy to check all transactions manually before authorizing them. At the store, this means examining the signature on the back of every credit card and comparing this signature with the one that appears on the customer's driver's license. Always ask for a driver's license or other government-issued form of identification in addition to the credit card. Post the ID requirement prominently so that customers are aware of it before checking out. In an online environment, this means looking at transactions yourself before authorizing them. Transaction processing services will give you the option of automatically accepting verified transactions, or waving them through yourself. Using this second option may be a prudent move. If you see a suspicious charge attempt, you can try to verify it via e-mail or the telephone before accepting it.
