Credit and debit card payments have made life easier for a lot of people, but it’s a sad reality that card fraud is a daily threat faced by businesses and their customers. Being aware of fraud is an essential part of your day to day responsibilities as a business and as your payment partner we’d like to help you avoid becoming a victim of fraud.
Who is liable for fraudulent payments?
It’s important to understand that you face different levels of liability for fraud as a business owner depending on whether you take card payments instore, over the phone or online. If you take in-store payments with a reputable PCI compliant card machine, then more often than not the liability rests with the customers bank if there’s any fraudulent activity.
If fraud occurs through card-not-present telephone or online transactions, then this increases your liability of having to refund the customer which is known as a ‘chargeback’
What are chargebacks?
A chargeback is the process followed when a card holder disputes a transaction on their bank account. Card holders are able to dispute any transaction they have on their bank account, but the chargeback process is in place to ensure that only fraudulent transactions are refunded back to the card holder.
If a chargeback is made against your business be rest assured that Tyl is here to help. We’ll get in touch when a chargeback request is made so we can gather all the necessary information from you, which is then passed back to the card provider for them to investigate if the transaction was indeed fraudulent or not. If the transaction is found as being fraudulent then, unfortunately you’ll have to refund the money for the transaction, and it means you’ll also have lost out on goods or services provided. This really highlights the need to protect your business against fraud, and how important it is to be confident about the legitimacy of transactions where a card isn’t present. There are multiple checks you can do during a telephone order which we discuss later, and online transactions are extra safe when using Tyl’s payment pages or pay by link services.
Potential signs of fraud
You can protect your business and customers against fraud by paying attention to various warning signs:
- Large orders – If you usually sell two or three products at a time and you receive an order for say 65, you should contact the customer directly to check the order is correct.
- Multiple cards – Be alert if someone places orders to the same address using multiple payment cards or multiple addresses with one payment card.
- Declined purchases – Multiple declined purchases by the same person over the phone should also raise suspicions. Keep an eye out if a large payment is declined by the bank and smaller follow-up payments are made for the same amount of items.
- Suspicious telephone calls – If you’re taking orders by telephone, you should be wary if the caller is unable to give you billing information other than the card details.
- Irregularities – Keep an eye out for spelling errors, the use of ALL CAPS and what look like fake email addresses e.g. addresses with obvious difference to the customer’s name or an excess amount of numbers.
Types of fraud
Fraudsters can target businesses in a number of ways and are always trying to think of ways to beat the systems in place that protect merchants. To help avoid fraud from affecting your business, Tyl has identified key types of fraud you should be aware of.
In-store/customer present fraud
The great thing about selling goods in-person is you can engage with your customers and become part of the community. While the vast majority of customers are law-abiding citizens, it’s important to stay vigilant when it comes to taking payments using a card machine. In-store fraud is a risk for many businesses, and one example could be where a customer is handed your card machine to enter their pin number but cancels the card payment without you knowing. They then change the transaction to a cash payment. At this point, the transaction goes through as a cash sale and you may not notice what has happened, so the customer then leaves with the unpaid goods as no funds have actually changed hands.
Here are some tips for preventing in-store fraud:
- Be attentive when a customer is using your card machine, and make sure you review the screen carefully when they return it.
- Check receipts after each transaction if you have handed the customer the card machine so you know the correct amount has been paid in the correct tender.
- When a lost or stolen card is used to make a purchase, a ‘pick up card’ message will be displayed on your card terminal. It’s possible the customer could be using a card they’ve already cancelled by mistake, but it’s also a sign of a potential fraudster attempting to use a stolen card.
- If you have a Clover Flex terminal and want to be extra safe and not accept cash sales, you can remove cash as a payment option. On your Clover Flex open the apps and select ‘setup’, then ‘payments’, and under ‘tenders accepted’, simply untick ‘cash’ and save.
Taking payments by telephone is a great way of accepting orders in advance and providing extra convenience for those customers who can’t complete payments in store, but it also increases the risk of fraud.
It's important that you're extra careful when you're taking payments over the phone. Majority of telephone payments are genuine, but as you can't see your customer or their card when taking this type of payment, there's a higher risk of fraud. To protect against this type of fraud you should enter your customer's address details as part of the transaction and check that this matches the address the card is registered to. You should also always request to see the payment card or some form of ID if the goods are picked up by the caller to ensure their details match what was provided over the phone. You should never write down or record your customer's data, including the CVV code to keep their details secure. Something to be mindful of when taking phone payments is when customers insist on completing payment over the phone despite them having to visit your premises at some point to complete the transaction.
One tell-tale sign that you should be aware of before completing an order over the phone is if you’ve had a number of declined transactions from the same caller. You should always feel empowered to decline a customer if you believe there’s a risk of fraud.
It’s not always the easiest thing to accept, but sometimes fraud can come from within your own business. This occurs when non-genuine refunds are processed by members of staff and means that someone has potentially taken goods along with having their payment refunded. It’s important to keep a close eye on and review refunds processed through your business to make sure they’re genuine. While majority of employees would never commit this type of financial fraud, it’s important that you only give authorised personnel the right access to process refunds. Having a second pair of eyes to approve refunds – known as a ‘four eyes’ approach – is a good idea.
Refund fraud is also a risk when it comes to your card machine itself. When asked for payment, a fraudster may attempt to process a refund on the card machine, rather than enter their PIN. To protect your business from this type of fraud, you can disable the refund settings if you have a Clover card machine for different profiles. So when you need to issue a refund, only authorised employees can log into their separate refund-enabled profile.
5 ways you can protect your business against fraud
Sadly fraud can strike a business from anywhere, which includes employees, suppliers and customers. Here are five steps you can take to help prevent fraud.
- Identify your weak spots. Knowing where your business is vulnerable could be the difference between preventing fraud and becoming a victim.
- Secure your valuables. Stolen laptops, computers and mobile phones can give fraudsters access to your data. Use encryption software and passwords, keep your property in a safe place and never record customer details in unsecure locations.
- Exercise caution. It’s good to cast a sceptical eye over any deals and opportunities presented to your business. Unrealistically generous offers can be a tell-tale sign of fraud.
- Request identification. If someone attempts to buy something and you suspect they may be a fraudster, you can ask for photo ID if you’re selling in person, or ask for their address over the phone.
- Use a secure payment system. When taking payments, using secure, PCI compliant card machines is a no brainer. While phone orders are convenient you can always add an extra layer of protection with the Tyl portal and requesting your customers pay by link using a secure payment page.
And of course, if you’ve been a victim of fraud, you should contact the police immediately.
This has been prepared by Tyl by Natwest for informational purposes only and should not be treated as advice or a recommendation. There may be other considerations relevant to you and your business so you should undertake your own independent research.
Tyl by Natwest makes no representation, warranty, undertaking or assurance (express or implied) with respect to the adequacy, accuracy, completeness, or reasonableness of the information provided.
Tyl by Natwest accepts no liability for any direct, indirect, or consequential losses (in contract, tort or otherwise) arising from the use of the information contained herein. However, this shall not restrict, exclude, or limit any duty or liability to any person under any applicable laws or regulations of any jurisdiction which may not be lawfully disclaimed.