Credit Card Fraud is Increasing: How Can You Fight It?

We read an interesting statistic recently: According to a 2019 article from the Motley Fool, only 5 percent of people do NOT use credit or debit cards of any kind.

Compare that to 22 percent in 2001 and 17 percent in 2002, and you can see just how widespread credit/debit card usage is.

And as credit card usage grows each year, you just know increased fraud and theft are not far behind.

According to a Greensheet.com article, card-not-present (CNP) fraud has grown exponentially in the U.S.

According to a 2018 study by the Federal Reserve, CNP fraud rose to $4.57 billion in 2016, up 34 percent from the 2015’s $3.4 billion. Analysts expect CNP fraud could break $6 billion in 2019.

It may be bigger than that though. According to Markus Bergthaler, director of programs at Merchant Risk Council, a nonprofit that teaches businesses how to combat fraud, 80 percent of all credit cards have already been compromised. That is, the numbers may exist in a hacker’s database just waiting to be sold or used.

For retail merchants who think EMV cards — Europay, Mastercard, and Visa — are more secure because they use embedded chips to reduce in-person fraud, that’s all fine and good, but there wasn’t a whole lot of in-person fraud to begin with.

And even if the chips are having a deterrent, all it’s doing is forcing the roaches to hide in a different part of the house, not leave it entirely.

In fact, said Greensheet, the shift to EMV was instituted to shift liability to merchants. Signatures, said the article, are not even required with EMV, even though many merchants still require it. Visa even made capturing signatures optional back in 2018. Which makes us think it’s not doing a great job at deterring fraud.

No, the whole point of EMV authentication was to follow the basic principles of Europe’s steps of Strong Customer Authentication. This is a system that requires merchants to use two of three components: Something you have, something you know, and/or something you are.

1. Something you have: A mobile phone or debit card.
2. Something you know: A password or PIN.
3. Something you are: Biometrics like fingerprint or facial recognition.

But even with these standards in place throughout much of the world, that doesn’t solve the problem of card-not-present fraud.

So merchant services providers are teaching their merchants certain steps they can take to reduce the risk of fraud in their own operation. It’s especially important for high-risk merchants that don’t have a retail storefront since you’re in the pool of merchants susceptible to this fraud.

First, says Greensheet, check the extent of your PCI DSS (Payment Card Industry Data Security Standard) validation requirements. The validation requirements will vary by credit card provider, but failure to meet them can result in penalties (usually in the form of additional percentage points on transactions), but could also lead to cancellation of your merchant account. This is something your merchant services provider should be able to help you with.

If you use a terminal or device, learn about how they can be tampered with and know what to look for. You can help improve your security by using cloud-based devices rather than local devices that transmit final transactions or could be tampered with, such as skimmers on gas pumps.

Keep a a database of attempted fraud and even chargebacks. We wrote recently about friendly fraud and theft in fast food restaurants, but the principles apply for anyone who sells services, especially subscription services. If you can keep track of the people who demand chargebacks, you can spot potential fraud patterns more easily.

Some technology companies are even using technology that shares fraud and attempted fraud across a community of other merchants that relies on machine learning to sharpen its outlook. This way, if a merchant is hit with fraud, that digital fingerprint is shared with the retail network. Then, if that same digital fingerprint tries to use the card again, the transaction can be declined.

Finally, look for patterns, such as multiple orders with the same shipping address but different credit card numbers of billing addresses. Or look for the same credit card submitted repeatedly with different expiration dates or CVV number, since those are sometimes the pieces missing from a crook’s stolen credit card information.

High risk merchants have their own burdens and issues to deal with, on top of everything else. So it makes sense to work with a merchant services provider who can show you how to prevent fraud, as well as help ensure your business is in compliance with the different credit card regulations.

If you want to learn how to protect yourself from growing fraud, Corepay can help. For more information, please visit our website or call us at (800) 408-0095.

Photo credit: Richard Patterson (Flickr, Creative Commons 2.0)