- 20 Jan 2023
- 8 Minutes to read
Preventing Card Present Fraud
- Updated on 20 Jan 2023
- 8 Minutes to read
Fraud can occur whenever you process a credit card payment, and while fraud is less likely to occur when processing card present transactions compared to online or card-not-present transactions, it's still important to be aware of potential red flags that may indicate a potentially problematic transaction. To help protect yourself and your business here are some potential red flags that you can watch for. You can use these tips to help identify when a transaction could be fraudulent.
How to Spot Potential Red Flags
If you're processing card present transactions here are some red flags that may indicate the transaction could be fraudulent.
EMV and NFC Transactions vs Swipe Transactions
If your customer has a debit or credit card that is enabled for chip and pin or tap transactions, then you should use the card's functionality, instead of simply swiping the card to process the transaction. Cards enabled with chip technology are harder to tamper with and copy compared to magnetic swipe cards. If a customer uses the magnetic swipe for a transaction, fraudsters are able to use "skimmers" to access the card information via the card reader or terminal used for the transaction. The data stored on chip cards is protected with sophisticated encryption and is constantly changing, making it more difficult to access compared to the data on magnetic stripe cards which is static and unencrypted. For a fraudster to access the data on a chip card, they would need to have extensive technical knowledge, expensive equipment, and direct access to the payment card to be able to access and manipulate the physical chip circuitry. By processing in-person transactions with chip cards, you are protecting your business and your customers with their added security features.
Watch out for Missing Card Signatures
If you suspect that a customer might be using a credit card that is not rightfully theirs, or the back of the credit card doesn't have the cardholder's signature, you can ask if you can see the customer ID and match the identification to the name and signature on the credit card. If you are asking for identification from customers, it's important to familiarize yourself with the card brand rules. For example, Visa states that you can ask for ID, but you are not able to reject the transaction if your customer refuses to provide identification. According to Visa, you are required to honor the transaction if you have proof of the card presence, a valid authorization, and a signature or PIN.
Beware of Cards that Don't Work
If a cardholder has tried unsuccessfully to complete a transaction with multiple cards or with multiple attempts, then this might be an indication of fraud. If someone is trying to process a fraudulent transaction, they may have multiple stolen cards with them and pull the card directly from their pocket, without a wallet, to avoid having to present identification. If you have multiple cards decline from one customer, it is a sign they may be stolen, particularly if you receive the PICK-UP CARD response.
Beware of Cards that have Multiple Errors including DECLINED, PICK-UP CARD, or CHIP ERROR
These error messages will show up on the terminal if the cardholder's bank is declining the card from being used. Each message indicates a different scenario and can give you additional insight into what may be going on with the transaction.
|DECLINED||The transaction has been declined by the issuing bank, if you receive multiple declines on multiple cards then this is an indication the customer may be trying to commit fraud. You should only try a card twice, then ask for another form of payment|
|PICK-UP CARD||This may indicate that the card is expired, or that it has been reported as stolen.|
|CHIP ERROR||This can be an indication that the card is counterfeit, or that the chip has been damaged, so the card is no longer usable for EMV transactions. A fraudster may be hoping that you will swipe or key-in the transaction and bypass the need for a PIN along with the added security measures provided with EMV transactions. If you receive this error, it is best to simply request another form of payment from a card with a working chip.|
Be Suspicious of cardholders who want you to key-in the transaction in person
If the customer is at your business for a face to face transaction, then they should be able to complete the transaction using their physical card and the terminal. It can be an indicator of fraud if the customer is requesting that the card is keyed in when they are in the store, and they may be doing so to avoid having to enter a PIN that they do not know. If you need to key in the card, then you can familiarize yourself with these instructions for preventing fraud on keyed transactions. You should also get the CVV code and AVS information for the transaction, as this can help you confirm the legitimacy of the transaction.
Know how to recognize fake cards
Pay attention to the customer body language and traits
High-value transactions may require additional diligence
Most cardholders take their time when making a major purchase using their cards, so if you notice a cardholder making a large purchase without asking to see the product, or with very little concern for the price, it can be a red flag. Fraudsters may be relying on your excitement about a large sale to distract you from the transaction itself. To protect your business, you can ask for additional verification, like ID, if a customer is making a large purchase to help ensure the credit card is not fraudulent.
Unattended terminals are at risk of modifications and card skimmers
Terminals that are left unattended could be at risk of having card skimmers installed on them. It's important to routinely inspect your terminals to ensure that they have not been tampered with. While card skimmers are becoming less common as more chip cards are introduced, it is still in your best interest to ensure your equipment has not been tampered with. If you notice something suspicious or an unfamiliar addition to your equipment, stop using it.
Don't leave the terminal unattended while customers enter their informations
Beware of cardholder who press more keys than usual
Setup your terminal so that it makes a sound with each keystroke, to help you notice if a customer is pressing to many keys. Customers who press more keys than expected during a transaction may be trying to access the terminal menu, key in their card numbers, or issue themselves a refund. Again, check the receipt once the transaction is complete and if the transaction type and amount are incorrect, reverse the transaction.
Ensure you have supervisor passwords on your terminals
Having a custom password, instead of the default password that the terminal came with, is a good way to ensure only authorized users have access to the menu and the different transaction types. This is a good way to prevent employees from refunding transactions without permission, and fraudsters from being able to access your terminal's menu.
If you think a transaction might be fraudulent
If you find yourself questioning the legitimacy of a transaction for any of the reasons we mentioned above, you can cancel the transaction by running a reversal before the batch settles to prevent the transaction from being processed. The reversal will also prevent your business from being charged the processing fees for that transaction.