Credit Card Fraud on the Internet, Detection and Prevention
There is a great deal of fear surrounding the issue of credit card fraud, especially on the Internet. However, a few simple ideas can help with detection and prevention. There are two general aspects of credit card fraud prevention:
- Ensuring that your "customers" do not perform fraudulent credit card transactions with you over the Internet or by telephone.
- Ensuring that you gather, process and store your customers' credit card information in the proper way, so that they do not run a risk of fraud arising as a result of your neglect.
Protecting Yourself from Credit Card Fraud
The following Internet and telephone credit card fraud prevention and detection guidelines are derived from APACS - Association for Payment Clearing Services. For full unabridged and up-to-date guidelines and advice on credit card fraud, please visit their website. To see how our TOPS software handles your credit card processing you can view our presentation.
In 2001 the banking industry introduced new security measures to help fight Card-Not-Present (CNP) fraud, i.e. mail, internet or telephone card purchases, namely, the Address Verification Service (AVS) and Card Security Code (CSC). These services are available to you if you use the automated electronic authorisation process. It verifies the additional information, supplied by the cardholder, to help you decide whether to proceed with the transaction. To further reduce the amount of credit card fraud, PIN (Personal Identification Number) has been introduced and is fast becoming the cardholder verification method for all UK credit and debit card face-to-face transactions but as yet do not apply to CNP transactions. However, do not be surprised if in the future some kind of online PIN verification system is introduced to help prevent credit card fraud on the Internet or over the telephone.
It is vitally important to note that the fact that a credit card transaction is authorised and an authorisation code is provided does not guarantee payment – it simply means that the card has not been reported lost or stolen and that there are sufficient funds available at the time of the authorisation. Even with an "authorised"" payment you could still be subject to credit card fraud.
Card Security Code (CSC) provides additional security digits to confirm that the card number given is genuine. For MasterCard, Visa and Switch cards, this code is the last three digits in reverse italics on the signature strip on the back of the card. In the case of American Express cards, this code is a four-digit number printed on the front of the card, above the embossed card number. CSC can be checked against all cards issued within the EU. This reduces the risk of credit card fraud in cases where the fraudulent user does not actually possess the credit card itself.
The Address Verification Service (AVS) helps in credit card fraud prevention by allowing you to confirm the numerics in a cardholder’s billing address with the issuer. AVS is available for all UK-issued MasterCard, Visa, Switch and American Express cards. Whilst a fraudster with a lost or stolen card may be able to supply a CSC, it is less likely that they will be able to provide the genuine cardholder’s address.
To prevent credit card fraud whether on the Internet or over the telephone or in a face-to-face transaction, the following information should be obtained from the customer:
- card account number
- cardholder’s name, as it appears on the card
- card expiry date, as it appears on the card
- card issue number and start date (if present)
- cardholder’s billing address
- cardholder’s address for delivery of goods
- contact phone number (preferably not a mobile number)
- the name of the issuing bank, building society or other financial institution that issued the card
If AVS is not used, personal customer address details can be checked in the Electoral Register, the telephone directory, with third-party suppliers or from BT’s Phone Disc CD-ROM, all of which are valuable resources in credit card fraud prevention and detection.
Other checks to help reduce the risk of credit card fraud and incurring a chargeback include:
- checking details of new business customers in a local business directory or register
- obtaining a phone number for the customer’s address through directory enquiries and
- contacting the customer to confirm the order
- using the 1471 call back facility – be wary if the phone number has been withheld
- using a caller display service to ascertain which telephone number a customer is calling from
- being wary if the contact phone number is a mobile number; a landline number should be requested where possible
- checking order records to see if there are a large number of transactions over a short period of time from a company or person with whom previous business has not been conducted
- checking if the delivery address has been used previously with different card details
- using BT Phone Disc or another commercial solution supplier to check the correct name and address has been provided
APACS provide ten tips to help spot and help you prevent credit card fraud and stop the card-not-present fraudsters:
- Is the sale too easy? Is the customer disinterested in the price or details of the goods? Are they a new customer?
- Are the goods high-value or easily resalable?
- Is the sale excessively high in comparison with your usual orders? Is the customer ordering many different items? Do they seem unlike your usual customer?
- Is the customer providing details of someone else’s card e.g. that of a client or a family member?
- Is the customer reluctant to give a landline contact phone number – are they only prepared to give a mobile number?
- Does the address provided seem suspicious? Has the delivery address been used before with different customer details?
- Is the customer being prompted by a third party whilst on the phone?
- Is the customer attempting to use more than one card in order to split the value of the sale?
- Does the customer seem to lack knowledge of their account?
- Does the customer seem to have a problem remembering their home address or phone number? Does the customer sound as if they are referring to notes?
Another very helpful set of credit card fraud prevention tips is provided by Catalogue & Ebusiness:
- Take time and effort to validate each order. Don't accept orders unless complete information is provided, including full address and phone number.
- Be wary of orders that come from free email services, as there is a higher incidence of fraud from them.
- If the contact phone number is a mobile phone (starting 07), ask for a landline number also. Many criminals who commit Cardholder Not Present (CNP) fraud use mobile phones, however that DOES NOT mean that all who give a mobile number are fraudsters.
- Take extra interest in orders that are larger than usual. Do they match?
- Take extra care with international orders and do everything you can to validate the order before shipping. Especially be wary of orders from Eastern Europe, Nigeria, Israel, Saudi, UAE and Iraq, as there has been a particularly high incidence of fraud relating to online purchases from these areas.
- Do not allow a consumer to make an alteration of the delivery address at short notice. Avoid sending goods to guesthouses or hotels unless you are confident that the customer is genuine.
- Be wary of a consumer who demands next day delivery and/or phones on the day of delivery asking what time the goods will be delivered.
- Do not accept orders from a consumer quoting someone else's card details, e.g., wife using her husband card.
- Be wary of a consumer who offers several card numbers to cover an order as they may be attempting to avoid authorisation detection, or working through a list of cards.
- If you have any suspicions, consider contacting the customer. It might cost money and take time, but if they are genuine, then you have a new customer and if they are trying to defraud you then you have prevented them…either way you win!
Protecting Your Customers from Credit Card Fraud
It is very important in credit card fraud prevention that you keep all records of credit card transactions in a secure place. This applies both to paper records and computerised records. With regard to the latter, you should make sure that any computers on which the records are kept are in a secure place, are password-protected, are properly firewalled and protected from spyware and viruses. We are able to provide friendly help and advice on all these matters.
Moreover, you must ensure that you only store the data you are legally allowed to store. For example, with regard to CSC, the storage of customers’ CSC data is strictly prohibited under card scheme rules. This applies to all CNP merchants capturing the CSC electronically, through a voice recognition system or manually. Specific rules for CNP mail order merchants are obtainable from acquirers. If you retain copies of card details or faxes where the CSC may be visible, you should blank this information out before storing. Card scheme rules state that merchants undertaking subsequent transactions must not re-use CSC data.
Credit Card Fraud Prevention: Conclusion
We hope you have found these guidelines helpful. However, we are not encouraging paranoia. We have rarely come across cases of credit card fraud. However, as the old saying goes, better to be "safe than sorry".
|
