Merchants face various risks when accepting card transactions. This information has been put together to help you understand the types of risk you face and the steps to take in order to reduce the risk of loss. One of the greatest risks to merchants is that of fraudulent transactions. If you are not careful, fraud could cost your business dearly. Some types of merchants - depending on the type of goods sold - are more vulnerable to fraudulent transactions than others. Merchants should be aware that they may be targeted.
It is essential to understand the term "authorisation" - what it does and does not mean.
What authorisation does mean:
- The account number is valid
- The card has not been reported as lost or stolen (although it may still be lost, stolen or compromised, i.e. the card details may have been unduly obtained or copied) and the card owner may be unaware of this)
- There are sufficient funds available to cover the transaction
What authorisation does not mean:
- Authorisation does not confirm that the person providing the card number is the legitimate cardholder - the risk remains that the person providing the number has either stolen or unduly obtained the card
- There is also a risk of the purchaser having unduly obtained the card number without being in possession of the card
Although it is important to obtain authorisation for each transaction, this alone does not protect you against the risk of fraud or chargeback. These risks remain even if authorisation has been obtained.
Due to their high value and suitability for resale, the following types of goods are frequently targeted by fraudsters:
- Household appliances
- Goods easily sold for cash
If you trade in any of these goods, be extremely careful before handing over/shipping items. Make sure you take all possible steps to confirm that the purchaser is the actual cardholder.
The following are indications of potentially suspicious transactions. Often it is the existence of more than one indication that suggests a potentially fraudulent activity.
- First-time shopper - Criminals are always looking for new merchants to steal from
- Larger-than-normal orders - Because stolen cards and account numbers have use only for a limited time period, criminals need to maximise their purchases
- Orders that include several varieties of the same item - Having more than one of the same item increases the criminal's profits
- "Urgent" or "overnight" shipping - Criminals want their fraudulently obtained items as soon as possible for quick resale and are not concerned about extra delivery charges
- Shipping outside of the merchant's country - There are times when items purchased in fraudulent transactions are shipped to criminals outside of the home country
- Inconsistencies - Information in order details such as a mismatch in the billing and shipping addresses, telephone area codes with corresponding near post office codes, e-mail addresses that do not look legitimate and irregular times of day when orders are placed.
- Multiple transactions on one card during a short period of time - This could be an attempt to 'run a card' until the account is closed
- Shipping to a single address via transactions on multiple cards - This could involve an account number generated using special software or even a batch of stolen cards
- Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses - This could represent an organised activity, rather than one individual at work
- For online transactions, multiple cards used from a single IP (Internet Protocol) address - More than one or two cards could indicate a fraudulent scheme
- Orders from Internet addresses that make use of free e-mail services - These e-mail services involve no billing relationships and often neither an audit trail nor verification that a legitimate cardholder has opened the account
Merchants can minimise the possibility of fraudulent purchases and chargebacks from online transactions by taking certain precautions:
- request the name of the cardholder's bank - fraudsters who have unduly obtained account details will not have this information. If the purchaser hesitates in giving the name of their bank, caution should be exercised;
- request the purchaser to provide a faxed copy of their driver's licence;
- the risk of goods not being received should be evaluated if goods are forwarded to a post office box;
- obtain a signed receipt from the cardholder when the goods are delivered;
- in the case of orders for a large number of different goods, telephone the cardholder after the order is placed to confirm the order. Also, have the purchaser read back all details of the order. Frequently, where an order is fraudulent, the purchaser is unable to confirm these details, as they were ordering at random, with no record of what they ordered;
- be suspicious in cases where multiple cards are used for a single purchase;
- do not continue to attempt authorisation after receiving a decline;
- exercise extra caution in relation to overseas orders - large orders should in all cases be held back for shipping until the enquiries above are made into the legitimacy of the purchaser. Merchants should not ship goods until satisfied that the purchase is legitimate.
By using the 3-D Secure authentication services, the merchant obtains chargeback protection (i.e. fraud liability shift) on a transaction in most events where a chargeback would normally be received on the basis of a claim that the customer did not actually participate in the transaction. These services provide customers, retailers and banks with greater security in online card payments.