Preventing Card Present Fraud
How to Spot Potential Red Flags
If you're processing card present transactions here are some red flags that may indicate the transaction could be fraudulent:
EMV and NFC Transactions versus Swipe Transactions
If your customer has a debit or credit card that is enabled for chip and pin or tap transactions, then you should use the card's functionality, instead of simply swiping the card to process the transaction. Cards enabled with chip technology are harder to tamper with and copy compared to magnetic swipe cards. If a customer uses the magnetic swipe for a transaction, fraudsters are able to use "skimmersâ€ to access the card information via the card reader or terminal used for the transaction. The data stored on chip cards is protected with sophisticated encryption and is constantly changing, making it more difficult to access compared to the data on magnetic stripe cards which is static and unencrypted. For a fraudster to access the data on a chip card, they would need to have extensive technical knowledge, expensive equipment, and direct access to the payment card to be able to access and manipulate the physical chip circuitry. By processing in-person transactions with chip cards, you are protecting your business and your customers with their added security features.
Watch out for Missing Card Signatures
If you suspect that a customer might be using a credit card that is not rightfully theirs, or the back of the credit card doesn't have the cardholder's signature, you can ask if you can see the customer ID and match the identification to the name and signature on the credit card. If you are asking for identification from customers, it's important to familiarize yourself with the card brand rules. For example, Visa states that you can ask for ID, but you are not able to reject the transaction if your customer refuses to provide identification. According to Visa, you are required to honor the transaction if you have proof of the card presence, a valid authorization, and a signature or PIN.
Beware of Cards that Don't Work
If a cardholder has tried unsuccessfully to complete a transaction with multiple cards or with multiple attempts, then this might be an indication of fraud. If someone is trying to process a fraudulent transaction, they may have multiple stolen cards with them and pull the card directly from their pocket, without a wallet, to avoid having to present identification. If you have multiple cards decline from one customer, it is a sign they may be stolen, particularly if you receive the PICK-UP CARD response.
Beware of Cards that have Multiple Errors Including DECLINED, PICK-UP CARD, or CHIP ERROR
Be Suspicious of Cardholders who want you to Key-in the Transaction in Person
If the customer is at your business for a face to face transaction, then they should be able to complete the transaction using their physical card and the terminal. It can be an indicator of fraud if the customer is requesting that the card is keyed in when they are in the store, and they may be doing so to avoid having to enter a PIN that they do not know. If you need to key in the card, then you can familiarize yourself with these instructions for preventing fraud on keyed transactions. You should also get the CVV code and AVS information for the transaction, as this can help you confirm the legitimacy of the transaction.
Know how to Recognize Fake Credit Cards
If you Suspect the Transaction is Fraudulent, Make a CODE 10 CALL
If the transaction, card, or cardholder have made you suspicious that something fraudulent might be occurring, then you can make a CODE 10 CALL. The CODE 10 is an authorization request that can be done at any point during the transaction to alert the card issuer of suspicious activity, without altering the customer.
Pay Attention to the Customer's Body Language and Traits
High-Value Transactions May Require Additional Diligence
Most cardholders take their time when making a major purchase using their cards, so if you notice a cardholder making a large purchase without asking to see the product, or with very little concern for the price, it can be a red flag. Fraudsters may be relying on your excitement about a large sale to distract you from the transaction itself. To protect your business, you can ask for additional verification, like ID, if a customer is making a large purchase to help ensure the credit card is not fraudulent.
Unattended Terminals are at Risk of Modifications and Card Skimmers
Terminals that are left unattended could be at risk of having card skimmers installed on them. It's important to routinely inspect your terminals to ensure that they have not been tampered with. While card skimmers are becoming less common as more chip cards are introduced, it is still in your best interest to ensure your equipment has not been tampered with. If you notice something suspicious or an unfamiliar addition to your equipment, stop using it.
Don't Leave the Terminal Unattended while Customers Enter Their Information
Some fraudulent cardholders are quite knowledgeable about terminals and may try to initiate a refund onto their card, key in the card number to avoid needing a PIN or conceal the error message from you. Watch while your customer enters their information and if they are taking longer than usual so you can offer assistance. If you are concerned about a completed transaction, check the receipt to make sure the transaction type and amount are correct.
Beware of Cardholder who Press more Keys than Usual
Setup your terminal so that it makes a sound with each keystroke, to help you notice if a customer is pressing to many keys. Customers who press more keys then expected during a transaction may be trying to access the terminal menu, key in their card numbers, or issue themselves a refund. Again, check the receipt once the transaction is complete and if the transaction type and amount are incorrect, void the transaction.
Ensure you have Supervisor Passwords on your Terminals
Having a custom password, instead of the default password that the terminal came with, is a good way to ensure only authorized users have access to the menu and the different transaction types. This is a good way to prevent employees from refunding transactions without permission, and fraudsters from being able to access your terminal's menu.