As more people shop online or use credit cards in stores, credit card fraud and cyberattacks grow increasingly common. If your store is the victim of a security breach, it can erode customer confidence.
You may also be liable for fines if it’s proven that your credit card security measures were not in compliance with today’s standards. You could also be on the hook for chargebacks and if your business experiences too many, your credit card merchant may drop you as a customer.
It pays to do everything you can to help spot and block credit card fraud, because being a victim of fraud is just not worth the risk, especially when you think about these statistics:
- 33% of customers said they would not shop at a breached retailer for at least three months.
- 19% said a cybersecurity breach would cause them to stop shopping at a retailer permanently.
- For every dollar worth of fraud, business owners lose up to $2.40 in chargebacks, fees and merchandise replacement.
How can you protect your company’s data along with your customers’ sensitive financial data? Whether you run an e-commerce site, have a brick-and-mortar location or both, here are seven steps to take if you’re wondering how to avoid fraudulent credit card transactions.
Be aware of phishing techniques and credit card theft
Phishing—a practice where cybercriminals send emails to try to fraudulently obtain information such as credit card numbers and passwords—tops the list of reported cybercrimes. In 2020, there were 241,342 cases of phishing reported to the U.S. Internet Crime Complaint Center (IC3). Worst of all, you don’t have to be the direct victim of a phishing scam for it to affect your business.
Many cybercriminals use low-tech methods like phishing to commit repeated credit card fraud. They might get their hands on a consumers’ credit card number, or even the actual card, through any number of techniques, such as phishing or merely pickpocketing the card in a crowded location. Some criminals commit identity theft and then open new credit card accounts using the victim’s name and information.
If any criminal uses someone else’s credit card information to complete a transaction at your store or on your website, you could be held responsible for allowing a fraudulent transaction — even if the criminal didn’t obtain the information through a security breach of your business.
On the other hand, if you can flag a fraudulent credit card transaction, you’ll save your customer a lot of headaches. You’ll also save yourself, your bank and your credit card merchant account provider time and money.
Watch for e-commerce credit card fraud red flags
Watch out for these credit card red flags during online purchases:
- Expedited shipping to an address that differs from the billing address.
- Mismatched IP location and credit card address.
- Suspicious-looking email accounts.
- Multiple failed attempts to enter a credit card number.
- Repeated declined transactions.
Your e-commerce software should be able to spot most of these situations and automatically block the transaction. Your customer will then have to take a few extra steps to approve the transaction and prove that it’s not a case of credit card fraud.
Watch for suspicious behavior in person
It’s extremely easy for cybercriminals to commit credit card fraud online. In fact, card-not-present fraud accounted for $4.57 billion in losses in 2016. But point-of-sale purchases can also result in fraudulent credit card activity, so retailers must remain vigilant about spotting and calling out suspicious behavior.
Here are some behaviors to look out for:
- Pulling the credit card out of a pocket rather than a purse or wallet.
- Purchasing many expensive and seemingly random items.
- Rushing the transaction.
- Avoiding swiping the card or inserting the chip (asking to process the transaction manually, instead).
- Unsigned cards.
- Refusing to show additional ID, such as a driver’s license, or presenting an ID from a different state than the store’s location. You have the right to ask for additional ID or an alternate form of payment.
If a transaction seems fishy, do not confront the customer, as this could endanger yourself or your employees. Instead, take the card and explain you need to call for additional authorization. When you call the issuer, say you need “Code 10” authorization. This alerts the issuer that you have spotted suspicious activity. They will know the appropriate steps to take, which may include putting a stop on the card.
Since the introduction of EMV technology, merchants who use EMV readers have seen a 76% decrease in counterfeit card fraud.
Choose a PCI-compliant payment gateway
Whether you deal in card-not-present sales or point-of-sale purchases, your payment gateway should be compliant with regulations set by the Payment Card Industry Security Standards Council.
Failure to comply will put both your business and customers at risk. Should your business experience a breach or attack, this will increase your liability and may require you to pay up to $500,000 in fines. A PCI-compliant payment gateway, which stores credit card data on your payment gateway’s system instead of your own, can help you adhere to these regulations.
Follow EMV compliance laws
In addition to adhering to PCI compliance, you’ll want to make sure your point-of-sale system supports EMV (Europay, Mastercard and Visa) chip transactions. An EMV chip is the small square chip in most modern credit cards. Because of the way EMV chip transactions are processed, generating a unique, one-time code for each transaction, EMV chip cards are considered more secure than cards with traditional magnetic stripes.
Stripe fraudulent activity has been a danger of magnetic stripe credit cards for decades. Criminals can use skimmers, surreptitiously installed in credit card terminals, to steal the data from magnetic stripe cards and then create new cards using that data.
Since the introduction of EMV technology, merchants who use EMV readers have seen a 76% decrease in counterfeit card fraud.
If you don’t have an EMV card reader available and a customer becomes a victim of credit card fraud at your establishment, you will be responsible for the chargeback costs, as well as fees. You may also face hefty fines for not being EMV compliant.
For most merchants, it’s not worth the risk.
Do not store your customers’ credit card information
With cybercrime on the rise, one way to protect yourself and your customers is by using a PCI- and EMV-compliant system that does not store customer credit card information locally.
You should not be responsible for storing customer credit card data in your system. Instead, choose a service provider with secure methods of storing customer data using SSL encryption.
If you ever take down credit card numbers by phone to process transactions in your store, don’t write it down. Enter it directly into your point-of-sale system. Also make sure that credit card data captured on phone recordings is encrypted.
Report suspected signs of fraud immediately
Protect yourself and your customers by reporting any signs of fraud immediately. If something seems suspicious, don’t make that judgement by yourself. Report the attempted transactions immediately to the credit card issuer and let them take the appropriate action.
Sometimes, suspicious activity may simply be a hurried parent trying to make a quick purchase, vacationers splurging outside their home state, or a grandchild making an online purchase for a grandparent who is not tech savvy and lives in another state.
But it pays to be cautious because the liability could fall on you, the merchant, if you aren’t alert to the signs of credit card fraud.
CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.
Follow us on Instagram for more expert tips & business owners’ stories.
CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.
