As more and more consumers opt for swiping credit cards rather than use cash, there has been a steady increase in the incidence of fraud with more criminals using stolen or counterfeit cards.
While the use of counterfeit credit cards isn't new, their use has exploded in recent years as computer hackers steal millions of records from major retail stores and rings of thieves develop new ways to steal data. Major data breaches have coincided with a growing black market that connects sophisticated hackers to identity thieves making hundreds of fake cards to withdraw cash or buy goods.
In other instances, devices are inserted into ATM slots and other card readers (for example, gas station pumps) to copy the numbers and financial codes contained in the magnetic strips. The crooks then retrieve the devices or, using Wi-Fi, draw information from them into a laptop or other device. Encoders are used to transfer that information onto newly created cards.
The introduction of chip-and-PIN (EMV) cards offers some solutions to the problem. These cards come with an embedded security microchip in addition to the usual magnetic stripe. To make a purchase, the cardholder inserts the card into a chip reader slot in the payment device. This improves security for two reasons. One, it eliminates the risk of the card's magnetic stripe being skimmed and stolen. Two, the data encrypted on the chip is nearly impossible to replicate, as it is constantly changing.
Still, if your company accepts cards, it is your responsibility to join the fight to stop the use of counterfeit versions. If you aren't diligent in efforts to avoid fraudulent charges, you stand to lose on several fronts:
- You're out the cost of the products or services.
- Card processors will probably charge you higher fees.
- Processors won't give you the best rates.
- The card companies may drop you.
Given the risks, you should take steps to protect your company. Set up a policy and make sure everyone on your staff who handles credit card transactions is familiar with the guidelines.
To formulate a strong policy, include the following actions, particularly if you haven't yet adopted EMV card readers:
Verification of Transactions in Person
- Make sure the card has embossed numbers, expiration and effective dates and the hologram of the card company (for example, Visa or MasterCard).
- Inspect the expiration and effective dates.
- Check the signature on the card against the signature on the receipt.
- Don't accept a credit card that hasn't been signed.
- Be wary when a customer tries to rush a transaction.
- When in doubt, get more verification. If a signature is questionable, ask for a driver's license.
Online Transactions
- If accepting transactions over the Internet, be cautious with large dollar transactions and orders that come from free e-mail services. These services do little to verify a customer's name or address.
- Require the credit card verification value, or CVV, which is the three-digit number on back of every VISA or Mastercard. Of course, that will only help if the credit card number was lifted from the Internet, and not if the thief actually has possession of the card.
- Use an account verification service, also known as AVS, which checks to make sure the zip code and other information match. Unless the thief has access to the credit card owner's billing address, this can be very effective in deterring fraud.
- Check into setting up a secure socket layer or SSL, which is the most popular way to safely transmit information over the Internet. You or your Web host provider will need a Web server that is capable of supporting an SSL, and you'll need a digital certificate to show you are a legitimate business.
- While a customer may have a good reason to have the item shipped to an address other than his billing address (for example, it's a gift for a spouse being shipped to an office), such transactions warrant additional scrutiny.
- If an Internet order raises an eyebrow, call the cardholder's bank or delay shipment until funds are received. While the customer may not like the delay, those few extra days may be the difference between a good transaction and a fraudulent one.
Bottom line: It's more important to make sure that credit card sales are valid — not sales that will be subject to chargebacks in the future.