Credit Card Fraud: How to Protect Your Business
by Janet Attard
Credit card fraud is a problem most small businesses don't think about - until it hits them. If you sell online, or by mail, your business is particularly vulnerable to losing money due to fraudulent credit card orders. Here's what you need to know to minimize your risk from credit card fraud losses.
The possibility of your business losing money due to fraudulent credit card sales is probably something that rarely, if ever, crosses your mind. But if you accept credit cards, it's a threat you shouldn't ignore. Credit card fraud hit 16.31 $billion globally in 2015. 48.2 percent of that fraud occurred in the United States.
Credit card fraud can occur offline, as well as online, of course. One group of individuals alone was indicted in NY for perpetrating fraud that cost financial institutions and retail businesses more than $13 million in losses over a 16-month period.
No matter where it occurs, though, credit card fraud can quickly turn an otherwise prosperous holiday season or year into a huge nightmare for a small business. The owner of a small mail order business located in California had to borrow from friends and family to make good on $14,000 worth of fraudulent charges made on stolen cards one year. The following year, the owner implemented procedures to screen out possible fraudulent orders and refused to ship $25,000 in orders that seemed suspicious.
Spotting fraudulent orders
Fortunately, if you sell online or over the telephone there are a number of steps you can take to minimize the occurrence of fraud. One of the easiest to implement is to use address verification (AVS) and card code verification (CCV) for all card-not present sales (i.e., online and mail order sales).
Next, be on the look out for suspicious sales. These include:
- Unusually large orders placed through the Internet without any contact from the customer.
- Rush orders for large quantities or high-priced goods. Crooks may ask to have an order shipped overnight so they know exactly what day the order will arrive and they can be waiting to pick it up.
- Inquiries from buyers promising to place a large order, but who want you to send them a list of what you sell.
- Missing information, or information the customer refuses to give such as a day-time phone number.
- Orders that are shipped to a different address than the billing address.
- Orders from foreign countries
- Orders on US cards shipped to foreign countries
- Billing addresses that don't match the information on file with the credit card company.
By themselves, no one of these things are a sure sign that a credit card is stolen, but when several factors are present (say, your average ticket amount is $75 and you see an rush order for $5,000 being shipped to a different address than the address of the credit card holder) it's prudent to be suspicious and investigate the sale.
RELATED: Counterfeit Money: How to Spot Fake Bills
Even if there's only one factor that doesn't pass your "sniff" test, it's useful to err on the cautious side. As an example, not long ago, someone using a credit card with US address purchased a product from us and wanted it shipped to someone by a different name in another country. The particular product was one that wouldn't be a lot of use to anyone in the country it was being shipped to, so we called the credit card holder to verify the shipping address. The credit card holder hadn't made the purchase. Neither had anyone else authorized to use the card. The card and the cardholder's contact information had been stolen.
What should I do if an order does sound suspicious?
Under any of the above circumstances you should be particularly cautious and do everything possible to ascertain the person ordering the merchandise is actually the cardholder, or an authorized representative of the cardholder.
These tips, though not infallible, may help you decide if an order is legitimate:
- Get the complete name, address, ZIP code and phone number for the cardholder.
- Require customers to enter the 3-digit card code number from the back of their credit card.
- Verify that the billing address of the card holder is correct. Then, verify the information you are given by calling the merchant bank or using whatever other address verification system is in place through the ISO that processes your charges. If the address you were given doesn't match the address of the cardholder, don't ship.
- Implement a fraud detection service that blocks suspicious transactions based on where they originate, or other factors. (Online credit card processing gateways such as Authorizenet have these available for a fee.)
- Use an address verification service (AVS) to block sales when the billing address entered online doesn't exactly match the billing information on record for the cardholder.
- If a sale looks suspicious, find an excuse to call the customer back, using the phone number he or she gave you, and ask to speak to the cardholder. If you can't reach the cardholder, don't ship the merchandise. People who use stolen credit cards don't give out their real phone numbers.
- Look up the address and phone number of any local orders in the phone book.
- Send a reminder letter to people when you ship an item telling them the item has been shipped and when they can expect it to appear on their bill. This type of letter can reduce complaints and chargebacks from people who simply forget what they ordered or from whom.
NOTE: Don't automatically discredit an order that looks suspicious. I once had someone place an order and ask that it be shipped to Mickey Mouse. The address verification feature on Authorize.net didn't find any problems with the address. My order form includes a place for an e-mail address, and the person had included their e-mail address, so I sent them a note to ask about the order. The individual, who had used his real credit card data and real address for shipping had used the name Mickey Mouse, because he was afraid to use his real name on the Internet.
Copyright © 2016 Attard Communications, Inc.
May not be copied, reprinted, or reproduced without express permission from Attard Communications, Inc.