How to evolve alongside card-not-present fraud.

By: Joshua Griffin


The migration to EMV chip cards has been beneficial for businesses looking to decrease how in-store credit card fraud affects their finances and customers. Visa reports as of June 2018, counterfeit fraud dollars have dropped 75 percent for merchants who have completed an EMV chip card update for their point-of-sale equipment, compared to 2015. For all merchants, counterfeit fraud dollars dropped 46 percent in the same time frame.

While that news is certainly encouraging, improved security standards in physical credit card transactions means fraudsters are getting more sophisticated. Card-not-present credit fraud, which occurs when credit card payments are made online or over the phone, is on the rise. According to the October 2017 Global Fraud Index, ecommerce fraud increased 5.5 percent year-over-year.

Regardless of whether your business accepts online payments, every merchant still faces threats that require credit card fraud prevention. From micro charges to Wi-Fi credit card theft, here are some tactics that may be affecting your customers – and your business – so you can improve your credit card fraud detection.

Card-Not-Present Credit Card Fraud

There's been a 15 percent increase in credit card fraud alerts from banks, with 31 percent of American adults reporting that they’ve received a credit card fraud alert in 2017. Most of these alerts come by phone call, which makes scam calls from fraudsters pretending to be bank representatives a dangerous concern.

When a thief steals credit card information over the phone or through an email phishing scam, they can use that to make online purchases. In some cases, they'll use stolen information to make “micro” purchases, which consumers may not notice. For example, a $10 purchase here and there may go undetected if a consumer isn't vigilantly monitoring their credit card statements.

As well, if a consumer has a joint bank account, say with a spouse, they may assume that the spouse made the purchase and not investigate it. One way fraudsters might confirm that stolen credit card information works for online purchases is by first making a small donation to a charity, which may go undetected or not be questioned. Once seemingly insignificant purchases succeed, fraudsters can go for bigger-ticket items or continue to rack up small purchases over time.

Not-So-Free Wi-Fi Hot Spots

 If you've ever been in search of Wi-Fi and saw an open network without a password requirement, be wary. Thieves can set up free Wi-Fi hot spots, only to scam login details and credit card information when you use their networks.

As scammers gather information from you through the hot spot, they can also use personal info to target you through other scams. If they gain access to your phone number and bank provider, they could call you claiming to be your bank, asking for information about your credit card. Criminals can also sell personal information to other thieves online, making it vulnerable to multiple scammers.

Fraudsters Targeting Non-EMV-Ready Merchants

According to PaymentsSource, fraudsters are targeting merchants that still haven't migrated to EMV chip card equipment, as well as the remaining 3 percent of credit cards that are still being used without EMV chips (about 15 million). Some of the threats include:

  • When fraudsters use counterfeit cards at merchants that don't use EMV chip card technology, the liability is placed on the merchant.
  • Fraudsters who steal magnetic strip credit cards can still clone them and use them.

Gas stations and their customers in particular face greater risk for fraud, because gas stations have until 2020 to convert their equipment to EMV equipment before having to be liable for fraud. Credit card criminals can plant devices in terminals to skim credit card information and make counterfeit cards.

Businesses must also be suspicious of customers who have EMV chip cards, but who claim the EMV chip is not working and ask for the card to be swiped instead. The customer may actually be a scammer who created a fake EMV chip card. If you swipe the fraudulent card even when you have EMV equipment, you'll still be liable for the fraudulent charge.

Credit Card Fraud Protection for Your Business

When offering online shopping, protect your business and its customers from credit card thieves by using a secure virtual terminal that doesn't store customer information and uses encryption as customers input their data, so it is protected from theft. Also, the more information you require from online shoppers, the less likely fraud can occur. For example, if you only require a card number and expiration date, that makes the cardholder more vulnerable to fraud than if you request a full billing address and card security code.

You can also use multi-factor authentication. For example, if the person inputs all the above information, you can require an additional step for security, such as texting the customer a unique code to their cell phone that they must enter within a certain amount of time to complete the purchase. According to the 2018 Global Fraud and Identity Report by Experian, two-thirds of customers appreciate security protocols and say security protocols make them feel more protected.

You may even want to have a business representative call a customer to confirm the online order before proceeding. If you accept orders over the phone, you should also have multiple verification steps in place to confirm the customer's identity. Investigate online and phone orders where billing and shipping addresses do not match.

In a brick and mortar, using EMV chip point-of-sale equipment is essential. Not only does this lift the liability off your business, but customers will also feel more secure when they purchase from you, knowing their credit card information cannot be duplicated during the transaction. Get more information on credit card fraud detection here