Category: Security

Let’s face it, fraud sucks.

Can we say that out loud?

Fraudsters everywhere are making money hand over fist scamming business owners just like you. It’s a game to them. It’s fun. To them, you’re just another faceless small business owner with a fat bank account that can afford it. They don’t care or know if that’s actually true and they don’t give a rat’s nether region either.

Fraud sucks and the worse kind of fraud is friendly fraud.

Friendly Fraud?

Yep. Friendly fraud.

I know the term includes two words you never thought you’d hear in the same sentence, but it’s real. Friendly fraud is when a customer makes a claim that on it’s face seems like a viable claim to the credit card company. And, since the perpetrator of the fraud is a customer of the credit card company, the credit card company does everything in their power to defend the customer.

What’s Friendly Credit Card Fraud?

The easiest way to explain it is to give you an example:

John wants a new G.I. Joe with the kung fu grip. He heads over to your online store where you sell vintage toys and buys one for $125.00. GREAT! You knew someone would want it and they did. It’s off your shelf and the 10 bucks you paid for it at the garage sale was well worth it.

Until it’s not.

You see John had a plan.

He was going to order the G.I. Joe with the kung fu grip and when he received it his plan was to call his credit card company and dispute the charge. You just happened to be the first person he found and now you’re left holding the bag. You see, the credit card company just took back the $125.00 directly from your bank account and charged you a $65 charge back fee that you couldn’t cover so the bank just charged another $29.00 insufficient fund fee.

Yay! Lucky you.

That’s friendly fraud.

Why is it Called Friendly Fraud?

It’s called friendly because any real and loyal customer may have a viable reason to get their money back. Maybe it’s a returned item. Maybe the item never made it. Maybe it was damaged. Maybe the order was canceled and not caught in time. There are any number of reasons.

The point being, it’s hard to determine what a real claim and a fraudulent claim is. After all, there are millions of transactions every year where something goes wrong, and the customer is entitled to a refund.

What Are Common Friendly Fraud Claims?

Some of the claims fraudsters may use when contacting their credit card company include the following:

• The item wasn’t delivered
• The item doesn’t match the online description
• The item was returned but the refund was never processed
• They canceled the order but the item was sent anyway
• They don’t remember buying the item so the card must be compromised.

Great. Now that you know what some of the common fraudulent claims are, you probably want to know how to protect yourself. We’re getting to that, but I want to first reiterate that most of the times these claims are valid and that’s what makes this a very difficult type of fraud to combat especially for large merchants.

How Can I Help Prevent Friendly Credit Card Fraud?

Glad you asked!

Here are 4 tips you can use to avoid friendly fraud:

• Require a signature upon delivery to verify the customer received the order. Having a paper trail that shows the product was ordered and delivered will help when working with the credit card company and hopefully give pause to the fraudsters.
• Your refund policy should be clearly displayed on your website and be easily available to the customer. Make sure your refund policy states that a refund is issued when the item is returned and specify a period of time for return.
• For returns, be sure to issue return labels with tracking information so there is a paper trail documenting the return. Providing a paper trail that confirms the customer did or did not return the item is important. You can also include an email and online account order history that clearly shows all transactions.
• Collect as much customer information as you can. Having a customer database that includes order history, delivery dates, and call logs with your customer service representatives is a great way to deter fraudsters. If they know you’re being vigilant they will look elsewhere for a victim.

Yes. Friendly Credit Card Fraud is a thing and you can help prevent it from happening to you. Follow these simple steps and keep your house in order – fraudsters go after the easy targets.
Now please send me the link to the G.I. Joe with the kung fu grip because my husband is a 55 year old child and would love it.

You have heard all the talk about the “Liability Shift” – well the October 1, 2015 deadline has past and the world has not come to an end.  As you are aware the new credit and debit cards that are being issued have a microchip embedded on the front of each card. The purpose of the microchip is to make it harder for criminals to use your debit/credit card fraudulently and is designed to meet the EMV standard. Now we all know that there will always be criminals and having this new technology is not going to prevent other forms of card fraud.

EMV- which stands for Europay, Mastercard, and Visa – is the global standard for smart cards.  Europay, Mastercard, and Visa were the original payment brands that came together to create the standard. The standard has since been regulated by American Express, Discover, JCB, MasterCard, UnionPay, and Visa and is now known as EMVCo.

Four things should be noted about the liability shift:

1. The arrival of October 1 does not mean that all debit/credit cards need to be EMV, it means that merchants need to be ready to accept chip-enabled cards by that date if they do not want to be affected by the new fraud liability rules.
2. Upgrading POS systems to accept chip cards is not legally mandated- it is an optional measure to protect your business from fraud liability.
3. Even if you have an updated EMV-compliant POS machine, if you run a counterfeit chip card via the magnetic strip reader instead of the chip reader, you will be liable for the fraud.
4. Even if the counterfeit card swiped at a traditional POS machine is in the form of a traditional card, you will be liable for fraud if the data on the counterfeit card was obtained from a legitimate chip card.

What is a Counterfeit Card?

Counterfeit credit cards are fakes that have real account information stolen from victims. Often, the victims still have their real cards, so they don’t know a crime has occurred. The cards appear legitimate, with issuers’ logos and encoded magnetic strips. To create a counterfeit card, criminals go into any local supermarket and grab prepaid debit cards you normally buy as gifts. Honest people go to the counter check out and activate the card by loading a dollar amount onto the card.  For criminals however, they are just shells – they want them to look like a real credit card and don’t care about the numbers embossed on the front or anything printed on the card such as: “A Gift For You”.  All they want is a card that looks like the real thing and has a mag stripe so they can load stolen data onto the back of this card and use it at another store.  Now the cashier that gets that card will think it’s just another one of the dozens of cards they accept each day and will just swipe away!  A counterfeit card created, sold on the street and used to buy goods and services is as easy as 1-2-3!  Scary, I know.

There are things that merchants can and should do even without EMV-enabled equipment to protect themselves.  By setting your current credit card terminal or POS system to prompt for the the last 4 digits of the card number on the front of the card and using the CVV/CID from the back or front (American Express) of the card are great tools to prevent fraud!  Why?  It really is quite simple – when card data is stolen and encoded onto a “shell” the information will not match.  For example:  The last four digits of your card are 6848 however the stolen data that was encoded on the “shell” end with 1298.  Unless it is a very sophisticated criminal group, most counterfeit credit cards are crudely encoded and are designed to just “get the job done” rather than impress.

We have been inundated with phone calls for the last few months, from our merchants – all asking the same questions:

What is EMV?
What is chip card technology?
Can I be fined or even arrested if my terminal is not EMV Capable?
Without an EMV machine,  will I lose ALL chargebacks on your account?
Is it true that EMV is the only way to process credit card charges after October 1, 2015?

610 Merchant Services is here to help put all of our merchant’s, and hopefully some new ones, minds at ease.  We all have heard or read something about the looming October 1, 2015 liability Shift.

Lets start off by defining Liability Shift: this simply means there is a change in the financial responsibility to the merchant, bank or credit card company should a fraudulent transaction take place.  Today, if a card present  in-store transaction is made using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fall back on the payment processor or issuing bank.   After the October 1, 2015, deadline (which was created by major U.S. credit card issuers MasterCard, Visa, Discover and American Express), the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction.

Now at this point you may be asking what is EMV?  EMV stands for Europay, MasterCard, and Visa.  EMV is a global standard for credit and debit payment cards based on chip card technology.

As the U.S. payment industry transitions to EMV technology, there’s a lot to adjust to, starting with what to call the new cards. You may have already heard or read these terms – don’t stress over the different terms either, they all mean the same thing.

• Smart card
• Chip card
• Smart-chip card
• Chip-enabled smart card
• Chip-and-choice card (PIN or signature)
• EMV smart card
• EMV card

Here is how the new technology cards work:  Rather than a magnetic strip, EMV uses a microprocessor chip embedded in the card.

Unlike magnetic stripe transactions where typically the track 2 data containing the card number and expiry date is processed, every chip card transaction contain dozens of pieces of information to be exchanged between the card, the terminal and the acquiring bank or processors host.  This requires the terminal to perform many stages of complex processing, including cryptographic authentication, to successfully complete a transaction.

What does this all mean for merchants?

Pre-October 1st Scenario
1. A counterfeit card is used at a merchant location
2. Customer sees charge, calls credit card company to dispute and charges it back
3. Merchant supplies signed sales receipt and will win chargeback

Post-October 1st Scenario
1. Card data is stolen and encoded onto a fake credit card
2. This “counterfeit” card is used at a merchant location
3. Customer sees charge, calls credit card company to dispute and charges it back
4. If the counterfeited card was originally an EMV-issued card (i.e. a chip card) then:
Merchant supplies signed sales receipt and will win chargeback ONLY IF merchant has an EMV terminal;
Merchant will lose chargeback if merchant does not have an EMV terminal
5. If card was not issued as an EMV card then Merchant will supply sales receipt as normal and win chargeback regardless of type of machine they have (EMV-enabled or otherwise)

We have heard so many sales tactics (or lies) such as:

1) If you don’t have an EMV machine, the police will give you a $100 ticket.
2) Without an EMV machine, you will lose ALL chargebacks on your account.
3) EMV is the only way to process credit card charges after October 1, 2015, so without that machine, you won’t be able to take cards.
4) Your website needs to be able to take EMV cards. (Hint: There is no EMV acceptance ability – i.e. chip reading – on websites and there is no Liability Shift for e-commerce or Key-Entered transactions.)
5) EMV cards are cheaper than swiped sales.

Don’t be fooled by these sales tactics.  610 Merchant Services is here to answer any questions you have.