Credit Card Fraud Protection for Merchants: How to Lower Risk

Credit card fraud isn’t fair, but it’s sadly a problem retailers can’t afford to ignore. 

The Australian Bureau of Statistics found that in 2022 8.1% of persons (1.7 million) experienced card fraud, with 21% of reported credit card fraud in Australia occurring via the internet.

It seems fraudsters are always finding new ways to make credit card transactions for criminal gain. To bring you up to speed, this article will explore:

• What is credit card fraud?
• What causes credit card fraud?
• Who pays when retailers are victims of credit card fraud?
• How to prevent credit card fraud
• How to report credit card fraud

What is credit card fraud? 

Credit card fraud happens when a lost card or stolen card details are used to make unauthorised purchases. 

Fraudsters can steal credit card numbers and expiration dates and then use this information to buy products over the phone or online. Organised fraudsters are also known for interfering with payment terminals or ATMs to acquire credit card information, which they then use to build counterfeit cards. 

What causes credit card fraud?

Credit card fraud tends to happen when you don’t have an effective detection strategy in place, including both monitoring customer behaviour and payment processors.

To proactively identify potential instances of fraud, be vigilant for indicators such as cards that are damaged, customers displaying agitation, avoidance if they need to sign receipts, disparities between the cardholder’s signature and the receipt, and unusually large purchases. These measures can aid in detecting fraud before it occurs.

Credit card theft: how it happens and leads to fraud

The most straightforward, though not always the most common, cause of credit card fraud is theft. Fraudsters steal either a physical card or the information on a card, then use that information to make purchases. Someone may not even be aware they’ve been the victim of theft until the fraudulent charges come through.

Lost or stolen credit cards or mail

Maybe a wallet was set down somewhere it shouldn’t be? Maybe someone went through your mail? Maybe you left your card behind in a store, or were even mugged—your credit card is gone, and unless you put a stop payment on it immediately, you might have fraudulent charges coming your way?

This kind of theft is not a very sophisticated way of performing credit card fraud, and is far more likely to be detected early compared to other methods. Still, since it is a risk, you should always train employees to ask for ID and cross reference it against the name on the card. 

Credit card skimming

Despite the widespread use of tap and chip cards, the practice of credit card skimming continues. Skimming costs victims up to $6 million a year.

Skimmers are devices that steal information from a credit card’s magnetic strip. Scammers often install these devices in ATMs at retail stores and gas stations. The information is then sold to other scammers or used to create charges on the card.  

Social engineering: what it means and how it causes card fraud 

Many instances of credit card fraud are caused by something known as social engineering.

Social engineering attacks are scams that trick unsuspecting victims into divulging personal information to thieves; these include email scams known as phishing, phone scams known as vishing, and text message scams sometimes known as smishing.

“Social engineering attacks exploit the fundamental human trait of trust,” says Cyber Security Connect’s David Hollingworth. “These tactics often involve impersonation, deception, and psychological manipulation.”

Malware

One of the most common social engineering attacks in retail is malware. According NordVPN cybersecurity advisor Adrianus Warmenhoven, “In the past, experts linked payment card fraud to ‘brute-forcing’ attacks — when a criminal tries to guess a payment card number and CVV to use their victim’s card,” Warmenhoven said.

“However, most of the cards we found during our research were sold alongside the email and home addresses of their victims, which are impossible to brute force.

“We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware.”

Phishing attacks

The most well-known social engineering approach is phishing. 

A phishing assault motivates its victims to act by sending them an email, a website, a web ad, a webchat, SMS or a video. Phishing attacks can imitate a bank, delivery service, or government agency or they might imitate a specific department within the victim’s firm, such as HR, IT or finance.

A call to action is included in phishing attack emails, that asks the victim to visit a fake website or click on a malicious link that includes malware.

Who pays when merchants are victims of credit card fraud?

If your business ends up as the victim of credit card fraud, bad news: you might be on the hook for the cost.

The credit card owner is rarely the one who ends up having to pay fraudulent charges. Banks and/or merchants have to cover them instead. 

As a merchant, you’re more likely to have to foot the bill if:

• It was a card-not-present transaction
• You’re using a swipe terminal instead of a newer chip and pin one

Banks are more likely to have to pay if it was a card-present transaction and your business is using the most up-to-date payment terminals.

Beyond just monetarily, fraud costs you your good reputation with processors and banks. Chargebacks due to fraud can contribute to your chargeback rate—your total chargebacks per month divided by your total transactions per month. If this rate gets too high, you’ll be labelled a high-risk merchant and have a hard time dealing with most payment processors.

That’s why it’s important to invest in preventing credit card fraud.

How to prevent credit card fraud as a merchant

To stop this from happening, retailers need to address the most avoidable cause of credit card fraud: inadequate fraud prevention tools. Here are some steps you can take. 

1. Train retail staff about fraud

When accepting a digital payment, there are some essential processes to follow. Staff should verify the cardholder’s identity by comparing the credit card to the sales receipt:

• Check if there is a match between the signature on the credit card and the signature on the sales receipt.
• Check if the credit card’s last four digits match the last four digits listed on the sales receipt. This is the most reliable method of detecting a tampered (counterfeit) card. Experienced fraudsters may have a matching identity to go along with the credit card, so if these numbers don’t match, you know it’s a fake. 
• Tell the person you need to call for authorisation—at this point, the fraudster will likely realise they’ve been caught and will leave the store.

But it’s often just as much about the purchase, as the person making it. 

2. Halt suspicious purchases

• Tell your staff to be wary of transactions involving multiples of fraud-prone items (such as two tablets, three Fabergé Eggs and so on). 
• Keep an eye out for transactions with large dollar amounts—a transaction value that is significantly higher than your average transaction value is a tell-tale sign. 

Although not all high-dollar-value transactions are fraudulent, they should be investigated.

3. Use PCI-compliant payment processors

The Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of regulations aimed at ensuring the secure processing of card payments and minimising the risk of fraud for financial institutions.

Developed by the PCI Security Standards Council (SSC), its primary objective is to safeguard cardholder data. Compliance with these standards is mandatory for all businesses that accept card transactions, as it is a prerequisite for conducting business with credit card companies, banks, and payment processors.

By adhering to the PCI DSS, organisations demonstrate their commitment to maintaining the integrity and security of cardholder information throughout the payment process.

4. Use the right point of sale hardware

In addition to training your staff on signs of fraud, it is also important to have a payment processor that includes fraud detection and prevention measures.

Integrate your POS setup

Software matters, which is why it might be a good idea to consider integrating your point of sale with your payment processing and accounting software. 

A POS system embedded with Lightspeed Payments will be secured with PCI compliance and end-to-end encryption, giving you a layer of protection against fraud in your business. Secure payment providers (like Lightspeed) also offer 24/7 server security monitoring. 

As a bonus, embedded payments cut down on the potential for human error when processing payments, as the terminal and point of sale automatically communicate without any manual input. 

Embedded payments don’t just help in person. They’re useful for combating fraud online as well.

How to report credit card fraud as a merchant

Sometimes, despite your best efforts, the worst happens. Here are the steps involved with reporting credit card fraud as a merchant.

1. Contact your payment processor 

If you suspect a fraudulent transaction has taken place in your business, contact your payment processor with as many details as possible. 

Chances are, if a fraudster has successfully used a card in your business, your payment processor will catch the fraud or the chargeback request before you do—in which case, they’ll reach out first and let you know what you need to do.

2. Seek legal advice

Contact a legal professional and let them know your business has been the victim of fraud. If there’s anything extra you need to do or watch out for, they’ll let you know.

3. Contact the police

Finally, if advised, contact police local to the location that was defrauded and let them know what happened. 

Stay one step ahead of fraudsters

Modern payment processing software and secure POS hardware can be key lines of defence against credit card fraud. 

Talk to an expert to learn more about Lightspeed Payments, a modern, secure payments solution that integrates seamlessly with a retail commerce platform designed to save you time running your business.