Keep Credit Card Fraud from Hurting Your Bottom Line

Thanks to chip cards and smarter fraud detection by card issuers, credit card payments have never been more secure. But thieves are always looking for ways to break through these safeguards, so a watchful eye and some good practices can help keep your business safe.

These steps can give you an extra layer of protection:

For in-person transactions

  • Use chip-card readers at checkout. If you are still asking customers to swipe their cards instead of inserting them into a chip reader, you risk letting thieves use counterfeit cards on your system. Payment data encoded on a card’s magnetic stripe can be stolen and used to create a fake card for swipe transactions. If you don’t offer a chip reader, and a fraudulent swipe payment runs through your account, you’ll be liable for damages. Ask a First Citizens Merchant Sales Specialist about upgrading.
  • Train your staff to spot suspicious behavior. Thieves using a stolen card at checkout may show some telltale signs. They may act nervous or jittery; buy a lot of expensive things; attempt multiple transactions, even during a single trip to your location; and try to speed up the transaction or distract the cashier. Employees who see suspicious behavior should flag a manager or call the voice authorization phone number provided by First Citizens and run a \"Code 10\" authorization to alert the issuer.

For internet or phone transactions

  • Require billing address and card verification codes. Simply asking for a shopper’s address and verification code is often enough to scare away criminals using stolen card numbers. It’s recommended that you use something called the Address Verification Service (AVS) to make sure the numerical parts of the address, such as the zip code, match the real cardholders’ data. Also, requiring the user’s three- or four-digit card verification code helps make sure the user has the physical card in their hands, and that they aren’t just using a card number they lifted from elsewhere.
  • Limit failed transaction attempts. Criminals often use software that automatically makes thousands of attempts to guess correct customer addresses, card verification codes or other information. Rejecting a card after a few tries will help keep thieves from hitting the right combination. Using a payment gateway with built-in fraud detection velocity checks can help prevent this sort of phishing for the right combination.
  • Set up a system to flag suspicious activity. Keep an eye on large purchases, just like you would with in-person transactions. But criminals working online also often: request expedited shipping so they can get stolen goods before a stolen card number is cancelled; make purchases on multiple cards but ship to a single address, or vice versa; and ship to international addresses. Set your e-commerce system to flag these transactions for a closer look, or carefully examine phone transactions before you proceed with them. When in doubt, get in touch with the card issuer and ask that they contact the user to make sure the purchase is legitimate.

To recap, an up-to-date card reader and good training practices can help keep stolen card data from being used in person. You can help protect phone or online transactions by asking customers for more information, limiting checkout attempts and flagging certain transactions for a closer look. Talk to a First Citizens Merchant Sales Specialist about how your merchant services provider can help.