Categories
Credit Card Processing Security

4 Tips on How to Avoid Friendly Credit Card Fraud

Let’s face it, fraud sucks.

Can we say that out loud?

Fraudsters everywhere are making money hand over fist scamming business owners just like you. It’s a game to them. It’s fun. To them, you’re just another faceless small business owner with a fat bank account that can afford it. They don’t care or know if that’s actually true and they don’t give a rat’s nether region either.

Fraud sucks and the worse kind of fraud is friendly fraud.

Friendly Fraud?

Yep. Friendly fraud.

I know the term includes two words you never thought you’d hear in the same sentence, but it’s real. Friendly fraud is when a customer makes a claim that on it’s face seems like a viable claim to the credit card company. And, since the perpetrator of the fraud is a customer of the credit card company, the credit card company does everything in their power to defend the customer.

What’s Friendly Credit Card Fraud?

The easiest way to explain it is to give you an example:

John wants a new G.I. Joe with the kung fu grip. He heads over to your online store where you sell vintage toys and buys one for $125.00. GREAT! You knew someone would want it and they did. It’s off your shelf and the 10 bucks you paid for it at the garage sale was well worth it.

Until it’s not.

You see John had a plan.

He was going to order the G.I. Joe with the kung fu grip and when he received it his plan was to call his credit card company and dispute the charge. You just happened to be the first person he found and now you’re left holding the bag. You see, the credit card company just took back the $125.00 directly from your bank account and charged you a $65 charge back fee that you couldn’t cover so the bank just charged another $29.00 insufficient fund fee.

Yay! Lucky you.

That’s friendly fraud.

Why is it Called Friendly Fraud?

It’s called friendly because any real and loyal customer may have a viable reason to get their money back. Maybe it’s a returned item. Maybe the item never made it. Maybe it was damaged. Maybe the order was canceled and not caught in time. There are any number of reasons.

The point being, it’s hard to determine what a real claim and a fraudulent claim is. After all, there are millions of transactions every year where something goes wrong, and the customer is entitled to a refund.

What Are Common Friendly Fraud Claims?

Some of the claims fraudsters may use when contacting their credit card company include the following:

  • The item wasn’t delivered
  • The item doesn’t match the online description
  • The item was returned but the refund was never processed
  • They canceled the order but the item was sent anyway
  • They don’t remember buying the item so the card must be compromised.

Great. Now that you know what some of the common fraudulent claims are, you probably want to know how to protect yourself. We’re getting to that, but I want to first reiterate that most of the times these claims are valid and that’s what makes this a very difficult type of fraud to combat especially for large merchants.

How Can I Help Prevent Friendly Credit Card Fraud?

Glad you asked!

Here are 4 tips you can use to avoid friendly fraud:

  • Require a signature upon delivery to verify the customer received the order. Having a paper trail that shows the product was ordered and delivered will help when working with the credit card company and hopefully give pause to the fraudsters.
  • Your refund policy should be clearly displayed on your website and be easily available to the customer. Make sure your refund policy states that a refund is issued when the item is returned and specify a period of time for return.
  • For returns, be sure to issue return labels with tracking information so there is a paper trail documenting the return. Providing a paper trail that confirms the customer did or did not return the item is important. You can also include an email and online account order history that clearly shows all transactions.
  • Collect as much customer information as you can. Having a customer database that includes order history, delivery dates, and call logs with your customer service representatives is a great way to deter fraudsters. If they know you’re being vigilant they will look elsewhere for a victim.

Yes. Friendly Credit Card Fraud is a thing and you can help prevent it from happening to you. Follow these simple steps and keep your house in order – fraudsters go after the easy targets.
Now please send me the link to the G.I. Joe with the kung fu grip because my husband is a 55 year old child and would love it.

Categories
Security

How Criminals Are Using Your Website To Verify Stolen Credit Cards

Over our twenty-year history of helping merchants with their payment processing and POS needs, we have found that criminals attempting to verify stolen credit cards has increased as the number of websites accepting credit cards has increased.  While this a serious matter we have found that it’s relatively simple to fix and prevent.

In recent years there were 28 million unauthorized transactions on credit, debit, and pre-paid cards totaling $4 billion in fraudulent charges. We all have a role in preventing this kind of fraud and the damages it inflicts on its victims.

Why criminals use your website to verify stolen cards

Criminals use poorly protected shopping carts on websites to test whether or not the stolen credit card numbers they purchased or are getting ready to sell are valid.
They do this using bots that can create thousands of transactions over several websites within minutes. They use small transactions generally less than $1.00 to avoid suspicion.

This generally happens to merchants because they’re not paying attention to their monthly statements and in an effort to lower as many barriers as possible for customers to easily purchase from them they are in turn decreasing the amount of security measures in place.

This is bad for you because even though it is a fraudulent charge it still counts as a transaction and you have to pay the fees. This may not seem like a big deal on a $1.00 charge but if you multiply that by eight, fifteen, or even 20,000 charges it becomes expensive.

This will cause your merchant account to be suspended and not allow any transactions at all on your website. You may not even know that this has happened for days or sometimes weeks. The loss of revenue could be catastrophic for a small business or an e-commerce store.

To avoid the problem there are some very simple things you can do.

  • Use human verification. This type of application is necessary to avoid bots from being able to make transactions on your shopping cart. You can go to Google reCAPTCHA to get a free human verification app. Be sure to have the human verification located at time of payment.
  • Enable Velocity Filters. With a Velocity Filter, you can prevent thieves from rapidly testing multiple credit card numbers against your business’s merchant account. This tool will reject transactions made based on specific filters you set. Some filter parameters are credit limit, sale amount or transaction count.

Preventing this kind of fraud on your website is not difficult. Simply make sure you’re checking your statements on a regular basis, limiting the number of transactions, and use human verification at checkout.

If you need some help or some free advice please feel free to give me a call at (540) 446-0826 or email me at [email protected]

Categories
Credit Card Processing Security

EMV and Counterfeit Cards

You have heard all the talk about the “Liability Shift” – well the October 1, 2015 deadline has past and the world has not come to an end.  As you are aware the new credit and debit cards that are being issued have a microchip embedded on the front of each card. The purpose of the microchip is to make it harder for criminals to use your debit/credit card fraudulently and is designed to meet the EMV standard. Now we all know that there will always be criminals and having this new technology is not going to prevent other forms of card fraud.

EMV- which stands for Europay, Mastercard, and Visa – is the global standard for smart cards.  Europay, Mastercard, and Visa were the original payment brands that came together to create the standard. The standard has since been regulated by American Express, Discover, JCB, MasterCard, UnionPay, and Visa and is now known as EMVCo.

Four things should be noted about the liability shift:

  1. The arrival of October 1 does not mean that all debit/credit cards need to be EMV, it means that merchants need to be ready to accept chip-enabled cards by that date if they do not want to be affected by the new fraud liability rules.
  2. Upgrading POS systems to accept chip cards is not legally mandated- it is an optional measure to protect your business from fraud liability.
  3. Even if you have an updated EMV-compliant POS machine, if you run a counterfeit chip card via the magnetic strip reader instead of the chip reader, you will be liable for the fraud.
  4. Even if the counterfeit card swiped at a traditional POS machine is in the form of a traditional card, you will be liable for fraud if the data on the counterfeit card was obtained from a legitimate chip card.

What is a Counterfeit Card?

Counterfeit credit cards are fakes that have real account information stolen from victims. Often, the victims still have their real cards, so they don’t know a crime has occurred. The cards appear legitimate, with issuers’ logos and encoded magnetic strips. To create a counterfeit card, criminals go into any local supermarket and grab prepaid debit cards you normally buy as gifts. Honest people go to the counter check out and activate the card by loading a dollar amount onto the card.  For criminals however, they are just shells – they want them to look like a real credit card and don’t care about the numbers embossed on the front or anything printed on the card such as: “A Gift For You”.  All they want is a card that looks like the real thing and has a mag stripe so they can load stolen data onto the back of this card and use it at another store.  Now the cashier that gets that card will think it’s just another one of the dozens of cards they accept each day and will just swipe away!  A counterfeit card created, sold on the street and used to buy goods and services is as easy as 1-2-3!  Scary, I know.

There are things that merchants can and should do even without EMV-enabled equipment to protect themselves.  By setting your current credit card terminal or POS system to prompt for the the last 4 digits of the card number on the front of the card and using the CVV/CID from the back or front (American Express) of the card are great tools to prevent fraud!  Why?  It really is quite simple – when card data is stolen and encoded onto a “shell” the information will not match.  For example:  The last four digits of your card are 6848 however the stolen data that was encoded on the “shell” end with 1298.  Unless it is a very sophisticated criminal group, most counterfeit credit cards are crudely encoded and are designed to just “get the job done” rather than impress.

Categories
Credit Card Processing Security

What is EMV?

We have been inundated with phone calls for the last few months, from our merchants – all asking the same questions:

What is EMV?
What is chip card technology?
Can I be fined or even arrested if my terminal is not EMV Capable?
Without an EMV machine,  will I lose ALL chargebacks on your account?
Is it true that EMV is the only way to process credit card charges after October 1, 2015?

610 Merchant Services is here to help put all of our merchant’s, and hopefully some new ones, minds at ease.  We all have heard or read something about the looming October 1, 2015 liability Shift.

Lets start off by defining Liability Shift: this simply means there is a change in the financial responsibility to the merchant, bank or credit card company should a fraudulent transaction take place.  Today, if a card present  in-store transaction is made using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fall back on the payment processor or issuing bank.   After the October 1, 2015, deadline (which was created by major U.S. credit card issuers MasterCard, Visa, Discover and American Express), the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction.

Now at this point you may be asking what is EMV?  EMV stands for Europay, MasterCard, and Visa.  EMV is a global standard for credit and debit payment cards based on chip card technology.

As the U.S. payment industry transitions to EMV technology, there’s a lot to adjust to, starting with what to call the new cards. You may have already heard or read these terms – don’t stress over the different terms either, they all mean the same thing.

  • Smart card
  • Chip card
  • Smart-chip card
  • Chip-enabled smart card
  • Chip-and-choice card (PIN or signature)
  • EMV smart card
  • EMV card

How will EMV Effect Your Business by 610 Merchant Services of Stafford VirginiaHere is how the new technology cards work:  Rather than a magnetic strip, EMV uses a microprocessor chip embedded in the card.

Unlike magnetic stripe transactions where typically the track 2 data containing the card number and expiry date is processed, every chip card transaction contain dozens of pieces of information to be exchanged between the card, the terminal and the acquiring bank or processors host.  This requires the terminal to perform many stages of complex processing, including cryptographic authentication, to successfully complete a transaction.

What does this all mean for merchants?

Pre-October 1st Scenario
1. A counterfeit card is used at a merchant location
2. Customer sees charge, calls credit card company to dispute and charges it back
3. Merchant supplies signed sales receipt and will win chargeback

Post-October 1st Scenario
1. Card data is stolen and encoded onto a fake credit card
2. This “counterfeit” card is used at a merchant location
3. Customer sees charge, calls credit card company to dispute and charges it back
4. If the counterfeited card was originally an EMV-issued card (i.e. a chip card) then:
Merchant supplies signed sales receipt and will win chargeback ONLY IF merchant has an EMV terminal;
Merchant will lose chargeback if merchant does not have an EMV terminal
5. If card was not issued as an EMV card then Merchant will supply sales receipt as normal and win chargeback regardless of type of machine they have (EMV-enabled or otherwise)

We have heard so many sales tactics (or lies) such as:

1) If you don’t have an EMV machine, the police will give you a $100 ticket.
2) Without an EMV machine, you will lose ALL chargebacks on your account.
3) EMV is the only way to process credit card charges after October 1, 2015, so without that machine, you won’t be able to take cards.
4) Your website needs to be able to take EMV cards. (Hint: There is no EMV acceptance ability – i.e. chip reading – on websites and there is no Liability Shift for e-commerce or Key-Entered transactions.)
5) EMV cards are cheaper than swiped sales.

Don’t be fooled by these sales tactics.  610 Merchant Services is here to answer any questions you have.