Preventing Card Present Fraud
See the steps you can take to help prevent card present fraud
Fraud can occur whenever you process a credit card payment, and while fraud is less likely to occur when processing card present transactions compared to online or card-not-present transactions, it’s still important to be aware of potential red flags that may indicate a potentially problematic transaction. To help protect yourself and your business here are some potential red flags that you can watch for. You can use these tips to help identify when a transaction could be fraudulent.
How to Spot Potential Red Flags
If you’re processing card present transactions here are some red flags that may indicate the transaction could be fraudulent:
EMV and NFC Transactions versus Swipe Transactions
If your customer has a debit or credit card that is enabled for chip and pin or tap transactions, then you should use the card's functionality, instead of simply swiping the card to process the transaction. Cards enabled with chip technology are harder to tamper with and copy compared to magnetic swipe cards. If a customer uses the magnetic swipe for a transaction, fraudsters are able to use “skimmers” to access the card information via the card reader or terminal used for the transaction. The data stored on chip cards is protected with sophisticated encryption and is constantly changing, making it more difficult to access compared to the data on magnetic stripe cards which is static and unencrypted. For a fraudster to access the data on a chip card, they would need to have extensive technical knowledge, expensive equipment, and direct access to the payment card to be able to access and manipulate the physical chip circuitry. By processing in-person transactions with chip cards, you are protecting your business and your customers with their added security features.
Watch out for Missing Card Signatures
If you suspect that a customer might be using a credit card that is not rightfully theirs, or the back of the credit card doesn’t have the cardholder’s signature, you can ask if you can see the customer ID and match the identification to the name and signature on the credit card. If you are asking for identification from customers, it’s important to familiarize yourself with the card brand rules. For example, Visa states that you can ask for ID, but you are not able to reject the transaction if your customer refuses to provide identification. According to Visa, you are required to honor the transaction if you have proof of the card presence, a valid authorization, and a signature or PIN.
Beware of Cards that Don’t Work
If a cardholder has tried unsuccessfully to complete a transaction with multiple cards or with multiple attempts, then this might be an indication of fraud. If someone is trying to process a fraudulent transaction, they may have multiple stolen cards with them and pull the card directly from their pocket, without a wallet, to avoid having to present identification. If you have multiple cards decline from one customer, it is a sign they may be stolen, particularly if you receive the PICK-UP CARD response.
Beware of Cards that have Multiple Errors Including DECLINED, PICK-UP CARD, or CHIP ERROR
These error messages will show up on the terminal if the cardholder’s bank is declining the card from being used. Each message indicates a different scenario and can give you additional insight into what may be going on with the transaction.
|DECLINED||The transaction has been declined by the issuing bank, if you receive multiple declines on multiple cards then this is an indication the customer may be trying to commit fraud. You should only try a card twice, then ask for another form of payment.|
|PICK-UP CARD||This may indicate that the card is expired, or that it has been reported as stolen.|
|CHIP ERROR||This can be an indication that the card is counterfeit, or that the chip has been damaged, so the card is no longer usable for EMV transactions. A fraudster may be hoping that you will swipe or key-in the transaction and bypass the need for a PIN along with the added security measures provided with EMV transactions. If you receive this error, it is best to simply request another form of payment from a card with a working chip.|
Be Suspicious of Cardholders who want you to Key-in the Transaction in Person
If the customer is at your business for a face to face transaction, then they should be able to complete the transaction using their physical card and the terminal. It can be an indicator of fraud if the customer is requesting that the card is keyed in when they are in the store, and they may be doing so to avoid having to enter a PIN that they do not know. If you need to key in the card, then you can familiarize yourself with these instructions for preventing fraud on keyed transactions. You should also get the CVV code and AVS information for the transaction, as this can help you confirm the legitimacy of the transaction.
Know how to Recognize Fake Credit Cards
Like physical currency, most credit cards are equipped with different attributes that help keep them from being copied illegally. Some of these attributes are:
- Verify that the printing and embossing on the card are aligned, fake cards may look distorted or be off center
- Confirm that there is a hologram on the credit card as these are difficult for fraudsters to copy
- Double check that the expiration date is valid. If the card indicates it is expired, but the card is still working, that is a red flag that the card is a fake
- Confirm that the last four numbers on the card match the receipt from the transaction. If they do not match, then immediately void the transaction or make a CODE 10 Call
If you Suspect the Transaction is Fraudulent, Make a CODE 10 CALL
If the transaction, card, or cardholder have made you suspicious that something fraudulent might be occurring, then you can make a CODE 10 CALL. The CODE 10 is an authorization request that can be done at any point during the transaction to alert the card issuer of suspicious activity, without altering the customer.
Pay Attention to the Customer’s Body Language and Traits
How your potential customer is behaving can be a good indicator of possible fraud, here are some key behaviors to look out for:
- Customers who are especially nervous or wanting to rush through a transaction If someone is being overly aggressive, or overly nice, in an effort to ensure the sale goes the way they want it to
- Customers who visit the store right at opening or closing hours when staff are busy with other tasks and may not be as attentive
- If someone purchases a big-ticket item but avoids all assistance with having the item delivered, requests next day shipping, or wants to arrange for someone else to pick up the item at a later time
- Customers who seem intent on distracting you while processing a transaction to gain access to the terminal’s menu
- Requesting a large amount of cash back, or cash back if that is not your business’s usual policy, can be a red flag and may warrant further verification
- If the customer signs the receipt in an overly deliberate or odd manner, this may indicate they are not familiar with signing the name associated with the card they used
- If the customer wants you to key in a transaction while they recite the card numbers from memory
High-Value Transactions May Require Additional Diligence
Most cardholders take their time when making a major purchase using their cards, so if you notice a cardholder making a large purchase without asking to see the product, or with very little concern for the price, it can be a red flag. Fraudsters may be relying on your excitement about a large sale to distract you from the transaction itself. To protect your business, you can ask for additional verification, like ID, if a customer is making a large purchase to help ensure the credit card is not fraudulent.
Unattended Terminals are at Risk of Modifications and Card Skimmers
Terminals that are left unattended could be at risk of having card skimmers installed on them. It’s important to routinely inspect your terminals to ensure that they have not been tampered with. While card skimmers are becoming less common as more chip cards are introduced, it is still in your best interest to ensure your equipment has not been tampered with. If you notice something suspicious or an unfamiliar addition to your equipment, stop using it.
Don’t Leave the Terminal Unattended while Customers Enter Their Information
Some fraudulent cardholders are quite knowledgeable about terminals and may try to initiate a refund onto their card, key in the card number to avoid needing a PIN or conceal the error message from you. Watch while your customer enters their information and if they are taking longer than usual so you can offer assistance. If you are concerned about a completed transaction, check the receipt to make sure the transaction type and amount are correct.
Beware of Cardholders who Press more Keys than Usual
Setup your terminal so that it makes a sound with each keystroke, to help you notice if a customer is pressing to many keys. Customers who press more keys then expected during a transaction may be trying to access the terminal menu, key in their card numbers, or issue themselves a refund. Again, check the receipt once the transaction is complete and if the transaction type and amount are incorrect, void the transaction.
Ensure you have Supervisor Passwords on your Terminals
Having a custom password, instead of the default password that the terminal came with, is a good way to ensure only authorized users have access to the menu and the different transaction types. This is a good way to prevent employees from refunding transactions without permission, and fraudsters from being able to access your terminal’s menu.
What if You Think a Transaction Might be Fraudulent?
If you find yourself questioning the legitimacy of a transaction for any of the reasons we mentioned above, you can cancel the transaction by running a void before the batch settles to prevent the transaction from being processed. The void will also prevent your business from being charged the processing fees for that transaction.