Staying safe

More help

Staying safe
Combatting fraud

Combatting fraud

Whether you’re selling face-to-face, online or over the phone, built-in security features can help protect you from fraudulent transactions.

Being aware of fraud is an essential part of your day-to-day responsibilities as a business. Thankfully payments technology has evolved and there now a number of built-in security features to payments products, helping you reduce the risk of fraudulent transactions and chargebacks.

Back to top

Card-present fraud

Card-present fraud can happen when the customer and the payment card are physically present during the transaction, but the card may be stolen, tampered with or non-compliant in some other way.

Card Validity check for Ingenico terminals
If you have an Ingenico Move or Ingenico Desk device with Tyl, you have access to an additional security feature available to reduce the risk of card-present fraud. You’ll find this on your device under “Main Menu” > “Services” > “Card Validity Check”. By performing a card validity check, a status check will be carried out on the card which will tell you if the card is valid. No authorisation charges apply for completing this check.

Back to top

Card-not-present fraud

This kind of fraud is when the customer and the payment card are not physically present during the transaction, such as making a sale over the phone or through your website.

Back to top

Phone payments

Address Verification Service

When taking card payments over the phone, whether you’re using a card machine or our Virtual Terminal you can make use of the Address Verification Service (AVS).

The Address Verification Service checks whether the address details the customer has provided match what is held with the card issuer (issuing bank or building society). You can then decide whether to continue with the transaction and ship goods or ask for additional information from the customer to confirm their identify.

To use AVS:

  1. Have the customer tell you their address details (the one registered to the card) and input the details into the prompted fields on your device or virtual terminal. For the verification check to work you’ll need at least the first line of the address and the postcode.
  2. You’ll receive a response from the AVS check alongside your authorisation code
    1. For phone payments on a card machine, this will appear on your terminal screen. Find out more about taking phone payments with Ingenico or Clover.
    2. For virtual terminal payments, you’ll see the AVS response in the approval code under the ‘Transactions’ tab. A typical approval code for a successful transaction will have four letters in the middle of the code. The first three letters are the results from the Address Verification Service. Three Y values indicates the street and postcode matched E.g. 0097820000019564:YYYM:12345678901234567890123.
    3. A full list of the possible return codes and their meanings can be found in the virtual terminal user guide.
  3. Decide whether to continue with the transaction based on the results from the AVS check. We do not recommend you continue with a transaction where the AVS check shows no match or partial match.

Card validity check for Virtual Terminal

If you have a Virtual Terminal with Tyl, you have access to an additional security feature available to reduce the risk of card-not-present fraud. By performing a card validity check, a status check will be carried out on the card which will tell you if the card is valid. No authorisation charges apply for completing this check.

To run a simple card validation check on your customer’s card:

  1. Go to the ‘Card’ section of the virtual terminal payment form.
  2. Select ‘Account authorisation’ if you only want to validate the card (Visa or Mastercard) with a ‘zero’ value transaction amount. The transaction amount will populate automatically.
  3. Enter the customer’s card details and billing address.

Blocking card numbers in Virtual Terminal

Here you can enter the card numbers you don’t want to accept payment from.

To add a card number to your blocked list:

  1. To change your fraud settings, select ‘Administration’ in the Main Menu Bar > then click on one of the links in the Fraud Settings section.
  2. Enter the card number you want to block in the Card # box on the left of the screen. If you don’t know the card number, you can use the Order Number of the transaction where the card’s been used instead.
  3. Then click Add. When you do this, the card number is added to your list of blocked card numbers. This means that if someone tries to use the blocked card to purchase anything on your website or whilst you’re taking an over the phone payment, the transaction will be declined. You can add as many card numbers as you like.

Blocking names in Virtual Terminal

This setting allows you to block payments from potential fraudsters with the names you add to this list. For payments made with our hosted payment page, we will check the “Cardholder name” and for over the phone payments we will check the “Customer name”.

The name you enter will be exactly matched to the name entered by the potential fraudster as their “Cardholder name” when making a payment via your website or a Payment Link and the “Customer name” when you take a payment over the phone. This means if you enter Sarah McDonald; Sarah Mcdonald, Sara McDonald or Sarah Macdonald would not be blocked.

To add a name to your blocked name list, just follow these steps:

  1. To change your fraud settings, select ‘Administration’ in the Main Menu Bar > then click on one of the links in the Fraud Settings section.
  2. Enter the name in the Name box on the left of the screen. You can also choose to block the Order Number of the transaction with the customer.
  3. Click Add. The name is then added to your blocked list.

Blocking domain names in Virtual Terminal

Here you can enter the domain names of people you want to stop buying from your store. If an individual from this domain attempts to purchase anything at your store, the transaction will be declined.

To add a domain name to your blocked domains list:

  1. To change your fraud settings, select ‘Administration’ in the Main Menu Bar > then click on one of the links in the Fraud Settings section.
  2. Enter the domain name in the Domain name input box on the left of the screen, then click Add. You must enter a domain in a valid domain name format (e.g. domainnameyouwanttoblock.co.uk)
  3. Click Add the new domain name appears in the box on the right of the page

Blocking class C and IP addresses in Virtual Terminal

Here you can enter the IP addresses of people you don’t want to accept payments from.

To add an IP address to your blocked IP list:

  1. To change your fraud settings, select ‘Administration’ in the Main Menu Bar > then click on one of the links in the Fraud Settings section.
  2. Enter the address in the IP input box on the left of the screen. You must enter IP addresses in the standard format, which is four numbers separated by 3 decimal points (e.g. 123.123.123.123). If you don’t know the address, you can use the Order Number of the transaction where the IP has been used instead.
  3. Click Add. The IP address is then added to your blocked list

Setting a maximum purchase limit in Virtual Terminal

You can choose to block transaction over a maximum purchase amount. No payments over that amount will be approved. The field will be pre-filled with the default maximum purchase limit we’ve set for your store or the limit you’ve chosen to set.

If you want to change this limit:

  1. To change your fraud settings, select ‘Administration’ in the Main Menu Bar > then click on one of the links in the Fraud Settings section.
  2. Enter the number in the Maximum Purchase Limit box with the limit you’ve chosen, then click Submit.

Setting auto lockout or duplicate lockout times in Virtual Terminal

When a card is declined, there’s a certain amount of time afterwards where a customer can’t make payments using that card – whether it’s via your website, over the phone or via a payment link. This is called an auto lockout time. For example, if you set it as 60 seconds, a declined card wouldn’t be able to make a further payment to your business until 60 seconds has passed.

If you want to change your auto lockout or duplicate lockout time:

  1. To change your fraud settings, select ‘Administration’ in the Main Menu Bar > then click on one of the links in the Fraud Settings section.
  2. Replace the value in the appropriate box with the new value, then click Submit.
Back to top

Online payments

3D Secure solutions

When taking payments through your website or sharing a payment link to your customer, to complete the payment your customer will need to authenticate the transaction using card schemes compliant versions of EMV® 3-D Secure.

Which system they use will depend on the card scheme associated with the debit/credit card they are using to make the purchase.

If the cardholder is not registered with their card issuer (the company that provided their debt or credit card) for Strong Customer Authentication the transaction may decline, in which case we recommend that the cardholder contact their issuer to ensure that their SCA registration is complete, so that the cardholder can process online transactions successfully in the future.

3D Secure” is a security system that helps protect your business from fraudulent payments and the resulting chargeback claims. When the transaction is successfully authenticated by 3D Secure, any liability to pay a related chargeback request passes to the cardholder’s bank (or similar).

Using 3D secure:

  1. The payment page automatically redirects the cardholder to their bank’s authentication page, so you don’t need to build this into your website.
  2. During checkout, card transactions with 3D Secure wait in a ‘pending’ state while cardholders enter their password or activate their card for 3D Secure.
  3. When the final transaction result is determined, you’ll see the approval code under the “Approval” column on your virtual terminal “Transactions” tab.
  4. If the session expires before the cardholder returns from the 3D Secure dialogue with their bank, you’ll see “N:-5103:Cardholder did not return from ACS” in the “Approval” column. In this case, the customer will need to start the payment process again, this time ensuring they promptly enter their credentials.
Back to top

Further tips, tricks and things to look out for

You can find out more about the types of card payment fraud, the tell-tale signs of card fraud and the ways to protect yourself against them in our Tyl Talks article, protecting your business against fraud.

If you have any other fraud worries, you can call the Tyl team Mon—Fri between 9am and 5pm, or report your concerns online at www.actionfraud.police.uk.
Back to top

Was this article helpful?

Search help and support

    Can't find the help you need?

    Online chat for our existing customers

    If you can’t find the answer in our articles, or need more help, you can chat to us online. 

    We're open Monday to Saturday 8am to midnight and Sunday 9am to 5pm (bank holidays may vary).

    New customers

    If you have a question about Tyl or want to get a quote, we’re open Monday to Friday 9am to 5pm (except bank holidays).

    0345 901 0001

    To contact us using Text Relay, add 18001 before any of our phone numbers.