Credit and debit card payments have made life easier for many people, but it’s a sad reality that card fraud is a daily threat faced by businesses and their customers. Being aware of fraud is an essential part of your day-to-day responsibilities as a business. Read on to learn out about some of the most common types of payment fraud, and how to keep your business protected.
Types of payment fraud
Card present fraud
The great thing about selling goods in person is that you can engage with your customers and become part of the community. While the vast majority of customers are law-abiding citizens, it’s important to stay vigilant when it comes to taking payments using a card machine. In-store fraud is a risk for many businesses, and one example could be when a customer is handed your card machine to enter their PIN but cancels the card payment without you knowing. They then change the transaction to a cash payment. At this point, the transaction goes through as a cash sale and you may not notice what has happened, so the customer then leaves with the unpaid goods as no funds have changed hands.
Here are some tips for preventing in-store fraud:
- Be attentive when a customer is using your card machine, and make sure you review the screen carefully when they return it.
- Check receipts after each transaction if you have handed the customer the card machine so you know the correct amount has been paid in the proper tender.
- When a lost or stolen card is used to make a purchase, a ‘pick up card’ message will be displayed on your card terminal. It’s possible the customer could be using a card they’ve already cancelled by mistake, but it’s also a sign of a potential fraudster attempting to use a stolen card.
Card not present fraud
Taking payments online or by telephone is a great way of accepting orders in advance and providing extra convenience for those customers who can’t complete payments in-store, but it can also increase the risk of fraud.
It's important that you're extra careful when you're taking payments over the phone. Majority of card not present transactions are genuine, but as you can't see your customer or their card when taking this type of payment, there's a higher risk of fraud.
Some tips to help to protect against this type of fraud:
- Collect and verify customer information. When a customer makes a purchase, be sure to collect their name, address, phone number, and email address. You can also verify their billing address with the credit card company. You should also always request to see the payment card or some form of ID if the goods are picked up by the caller to ensure their details match what was provided over the phone. You should never write down or record your customer's data, including the CVV code to keep their details secure.
- Use a reputable payment processor. Look for a payment processor that is PCI compliant and has a good track record of fraud prevention.
- Implement strong authentication measures. Consider using multi-factor authentication for all transactions. This will require customers to enter a code from their phone or email in addition to their password, which can help to prevent unauthorised access to accounts. Find out more about Strong Customer Authentication (SCA).
- Monitor transactions for suspicious activity. Look out for transactions that are made from unusual locations or times or that involve large amounts of money. You can use a fraud detection solution to help you identify and flag suspicious transactions.
A chargeback is the process followed when a cardholder disputes a transaction on their bank account. Cardholders are able to dispute any transaction they have on their bank account, but the chargeback process is in place to ensure that only fraudulent transactions are refunded back to the cardholder.
Read our article about chargeback fraud to learn more about how to protect yourself against chargebacks.
It’s not always the easiest thing to accept, but sometimes fraud can come from within your own business. This occurs when non-genuine refunds are processed by members of staff and means that someone has potentially taken goods along with having their payment refunded. It’s important to keep a close eye on and review refunds processed through your business to make sure they’re genuine. While majority of employees would never commit this type of financial fraud, it’s important that you only give authorised personnel the right access to process refunds. Having a second pair of eyes to approve refunds – known as a ‘four eyes’ approach – is a good idea.
Refund fraud is also a risk when it comes to your card machine itself. When asked for payment, a fraudster may attempt to process a refund on the card machine rather than enter their PIN. To protect your business from this type of fraud, you can disable the refund settings if you have a Clover card machine for different profiles. So when you need to issue a refund, only authorised employees can log into their separate refund-enabled profile.
Who is liable for fraudulent payments?
It’s important to understand that you face different levels of liability for fraud as a business owner depending on whether you take card payments in-store, over the phone or online. If you take in-store payments with a reputable PCI-compliant card machine, then more often than not, the liability rests with the customer's bank if there’s any fraudulent activity.
If fraud occurs through card-not-present telephone or online transactions, then this increases your liability of having to refund the customer which is known as a ‘chargeback’
Potential signs of fraud
You can protect your business and customers against fraud by paying attention to various warning signs:
- Large orders. If you usually sell two or three products at a time and you receive an order for, say 65, you should contact the customer directly to check that the order is correct.
- Multiple cards. Be alert if someone places orders to the same address using multiple payment cards or multiple addresses with one payment card.
- Declined purchases. Multiple declined purchases by the same person over the phone should also raise suspicions. Keep an eye out if a large payment is declined by the bank and smaller follow-up payments are made for the same amount of items.
- Suspicious telephone calls. If you’re taking orders by telephone, you should be wary if the caller is unable to give you billing information other than the card details.
- Irregularities. Keep an eye out for spelling errors, the use of ALL CAPS and what look like fake email addresses, e.g. addresses with obvious differences to the customer’s name or an excess amount of numbers.
Five ways you can protect your business against fraud
Sadly, fraud can strike a business from anywhere, which includes employees, suppliers and customers. Here are five steps you can take to help prevent fraud.
- Identify your weak spots. Knowing where your business is vulnerable could be the difference between preventing fraud and becoming a victim.
- Secure your valuables. Stolen laptops, computers and mobile phones can give fraudsters access to your data. Use encryption software and passwords, keep your property in a safe place and never record customer details in unsecured locations.
- Exercise caution. It’s good to cast a sceptical eye over any deals and opportunities presented to your business. Unrealistically generous offers can be a tell-tale sign of fraud.
- Request identification. If someone attempts to buy something and you suspect they may be a fraudster, you can ask for a photo ID if you’re selling in person or ask for their address over the phone.
And of course, if you’ve been a victim of fraud, you should contact the police or Action Fraud immediately.
This has been prepared by Tyl by Natwest for informational purposes only and should not be treated as advice or a recommendation. There may be other considerations relevant to you and your business so you should undertake your own independent research.
Tyl by Natwest makes no representation, warranty, undertaking or assurance (express or implied) with respect to the adequacy, accuracy, completeness, or reasonableness of the information provided.
Tyl by Natwest accepts no liability for any direct, indirect, or consequential losses (in contract, tort or otherwise) arising from the use of the information contained herein. However, this shall not restrict, exclude, or limit any duty or liability to any person under any applicable laws or regulations of any jurisdiction which may not be lawfully disclaimed.