Credit card fraud is on the rise and it’s been made worse by the pandemic. According to recent data from the Nilson Report, the US is responsible for a third of all losses to credit card fraud in the world. Since 2020, the US has seen a 140% increase in fraud attacks and US retailers are facing almost 1,800 fraud attempts each and every month. Attacks are growing in both scale and sophistication with every new technological advance introduced by businesses being exploited by fraudsters as a new attack opportunity. Preventing attacks can be a constant and seemingly impossible task, but there are measures retailers can do to protect themselves.
Understand the types of attacks
Before you can protect yourself from attack, you need to know where the threat is coming from. Some of the most common threats include:
- Lost or stolen cards: The simplest is also the most common – criminals steal someone’s credit card or use one someone has lost and use it for as long as possible until the user spots a problem and cancels the card. Thieves may simply steal these from a person or attempt to intercept cards in the mail.
- Card not present fraud: The internet creates opportunities for fraudsters to access the credit card along with personal information of targets and use them for purchases online or by phone. This can be difficult to prevent because there is no need for a card to be present. Victims may also be much slower to spot the loss of their personal data than a physical card.
- Credit card skimming: The use of devices at card readers in ATMs, in retail stores or other businesses enable criminals to steal personal information from the magnetic strip on the back of cards. This practice is still commonplace, although it has been made more difficult by the rise in contactless payments.
- Application fraud: Using stolen personal information, criminals can make fraudulent credit card or loan applications in a victim’s name. This will often go undetected until someone checks their credit score or tries to make an application for a loan. Although victims will not be liable for any purchases made, the damage done here is to their credit scores.
- Account takeover: Once fraudsters have access to personal information, they can impersonate the card holder, ‘persuading’ banks to change personal details and access. However, this approach will usually be detected as soon as the card holder attempts to use their card in a store or online.
Fraudsters will often take the data stolen from people and use it to make counterfeit cards. In many cases the victim will still have their real card so will not know their information has been stolen. The quality of these cards can vary, but some of the most sophisticated [counterfeit cards] can be relatively realistic, complete with account details, realistic branding and encoded magnetic strips.
Related: What credit card fraud is and how it can happen
Spotting fake cards
Fraudulent transactions can be immensely costly for retailers. Each one may result in chargebacks from card issues, each of which cost results in a fee of up to $100. Even if it is cancelled later, the retailer will still have to pay admin fees. If there are too many chargebacks, it could lead to disruption of service. While large corporations and superstores may be in a position to absorb these costs, the same might not be true of the average mom and pop grocery store.
Spotting fraudulent cards, therefore should be a top priority. Fortunately, there are ways that you can build defences – both through the adoption of new technologies as well as training staff.
Fraudsters are becoming more effective at creating fake credit or debit cards. However, there are tell-tale signals. The spacing of lettering on a genuine card will usually be even and clear. A fraudulent card might often come with gaps in the lettering or numbers. Just by looking at it, you may feel that something isn’t quite right. The magnetic strip or chip may also not be working. None of these necessarily mean that the card itself is fake, but they do represent big red warning flags.
Further warnings should be raised if the card is ‘damaged’. Fraudsters will often attempt to cover up the flaws in their forgeries by presenting a card as damaged – such as with a crack or a tear. They may also tell you that the magnetic strip will not work. It’s all part of an attempt to prevent you from swiping the card and simply keying in the stolen personal information.
Again, there are legitimate reasons why someone’s card might not work as good as new. However, as a retailer you shouldn’t take the risk. Train staff to ask for ID if a customer has a damaged card. Alternatively, you can simply make it policy to refuse the transaction completely.
Asking for a security code
Security or CVC codes are the three-digit numbers on the back of debit cards. They are an important part of the defence against credit card fraud, especially online. Crucially, these numbers are not embossed as with other numbers which mean they will not be captured if a card is swiped. Equally, a fraudster might access all other details about a customer’s debit or credit card, but this will be difficult to obtain without physically having the card in your hand.
Asking for security codes, therefore, is an effective defence in online transactions and may eliminate many of the most common card not present types of frauds.
Multifactor authentication is also being used to build defences – such as sending a security code to a registered mobile device. This adds an additional layer of security and prevents those fraudsters who only have stolen card details.
Added to these measures, store owners will often train staff to look for tell-tale suspicious signs such as people who are nervous, hesitant or cannot provide additional ID. However, technology can also provide support such as encrypted POS systems with fraud detection solutions. These fully integrated payment systems will ideally come with their own set of robust PCI compliant security features, including the ability to process secure payment methods such as EMV chips and contactless. Newer systems typically come with end-to-end encryption which helps prevent fraud as well. All these elements combined will keep your customers information safe while reducing the risk of chargebacks.
Management platforms for credit card systems can also provide more control over your fraud detection strategies, bringing in automation, machine learning and artificial intelligence to provide deeper insights and help you detect fraud which might otherwise have breached your defences.
Ultimately, protection is about a combination of good training and efficient use of the latest technologies. By building a network of protection, you’ll make life a whole lot harder for the criminals and easier for you.