If your business accepts credit cards, regardless of how you’re processing your transactions, it’s important to be aware of how you can help reduce your risk of fraud.
While online transactions carry a higher inherent risk of fraud, fraudsters still operate in the card-present world as well. If you’re regularly accepting credit cards in person, then you can use these tips to help you identify transactions that might be problematic and how to respond to them swiftly.
Signs That a Transaction Might be Fraudulent
- The Credit Card is Missing a Signature
Cardholders are required to sign the backs of their credit cards before using them, so if you notice that a credit card is missing a signature, then you can ask to see their ID to verify their identity. Be sure to match the name on the ID to the name on the credit card to validate if the correct cardholder is using the card. The card brands have their own rules for how to proceed with a transaction if the credit card has not been signed by the customer.
For example, Visa states that you can ask for ID, but you are not able to "require it as a condition of Visa card acceptance." They also state that "if the Cardholder does not provide identification, the Merchant may decide whether to accept the Card."
Mastercard states that "a merchant may request, but must not require, a cardholder to provide additional identification information as a condition of card acceptance unless such information is required to complete the transaction, such as for shipping purposes, or the standards specifically, permit or require such information to be collected."
At Helcim, we recommend that you process transactions using Chip and PIN on EMV enabled equipment to avoid having to ask customers for their identification because they will need to present the physical card and know the PIN to be able to complete the transaction. Ultimately, recognizing and combating fraud is the responsibility of the merchant, so it's up to you whether you process the transaction or not.
- The Card Doesn’t Work or You Get an Error Message
There are occasions when a transaction might be declined and the customer may request to try a different card, particularly if you get a notice for insufficient funds. If you can, try to confirm that the name is the same on both of the cards the customer presents. Some fraudsters may have multiple stolen cards with them and will test them by trying the different cards to see which ones work and which ones will be declined.
You may also get an error message when a transaction is declined. These messages can include DECLINED; meaning the card is being declined by the issuing bank, PICK-UP CARD; which may indicate the card is expired, or that it has been reported as stolen, and CHIP ERROR; which might indicate the card is counterfeit, or that the chip has been damaged. While a CHIP ERROR can sometimes mean the card was inserted improperly or the chip is damaged, it could also mean the fraudster is hoping that you swipe the card instead, so they do not have to enter a PIN they likely do not know.
- The Cardholder Asks you to Key-In a Transaction In-Person
Whenever a customer is physically present at your store, you should request that they complete the transaction using their physical card and the terminal whenever possible. If a customer is trying to use a card that is not theirs, they may be asking that you key it in so they can avoid having to enter a PIN. As a general rule, manually keying in credit card information to your terminal should only be an alternative solution that you, the merchant, suggest, not the customer.
- Watch for Suspicious Behavior
If you notice a customer is behaving unusually while in your store, it may indicate fraud. Watching for customer behavior that seems nervous or rushed, or overly aggressive or overly nice, could indicate the customer is pushing to have the sale completed quickly and in the way they want. Trust your instincts and don’t process any transactions you’re not comfortable with.
What You Should Do When Processing Card-Present Transactions
There are a few easy ways you can help protect your business from fraud when processing in-person transactions. Start by ensuring your terminals are updated with the latest technology. Being able to accept chip and pin or tap transactions instead of swiping a card can help keep the transaction more secure because the cards are enabled with chip technology that is harder to tamper with compared to magnetic strip cards. Some fraudsters target businesses who still exclusively rely on swiping credit cards and are not using EMV compliant terminals, so you don't want your business to be a safe haven for fraudsters.
You can also add a custom supervisor password to your terminal to help ensure that only your employees will be able to access the terminal menu and the different transaction types. The password will act as a barrier to prevent an unauthorized user from refunding transactions without permission or accessing the terminal menu.
Finally, stay alert and aware of what your customers are doing in the store and the condition of the cards they’re using to pay for purchases. While it’s easy to get into a routine while processing transactions all day every day, it’s worth keeping an eye out for fake credit cards. Signs that a credit card might be fake are if the printing and the embossing on the card are misaligned, if there is no hologram on the front of the card, if the expiry date has passed, or if the last four numbers on the card do not match the transaction receipt.
Also keep an eye out for customers who might be pressing more keys than usual, as this could be a sign that they might be trying to access the terminal menu, key in their card number, or issue themselves a refund. If you want to be able to monitor which keys a customer is pressing on your terminal, you can configure the settings so that a sound accompanies each keystroke. If you notice they are pressing more keys than required, be sure to double check the receipt and confirm it shows accurate transaction information and that the terminal wasn't tampered with.
What You Should Not Do When Processing Card Present Transactions
There are a few key things you should avoid if you’re processing in-person transactions. Firstly, don’t leave your terminal unattended in a place where a potential fraudster would be able to tamper with it and potentially install a card skimmer. If you ever notice that there is something suspicious on your terminal, or it looks like there is an unfamiliar addition to your payment processing equipment, then it is best to just stop using the equipment until you can confirm it hasn’t been tampered with.
In addition to not leaving the terminal unattended when you’re not processing transactions, it’s just as important to not leave a customer unattended while they’re completing a transaction. Some fraudsters have an in-depth understanding of how terminals work and if they are left unattended, they may try to initiate a refund onto their card instead of processing the purchase you intended. This is especially important in restaurant settings where the customer can sometimes be left alone with the terminal while a busy server's attention is focused elsewhere.
What You Should Do if You Think a Transaction is Fraudulent
Even if you have a strong understanding of all the red flags that can indicate fraud, there may still be a situation where you end up processing a transaction that you suspect is fraudulent. In these cases, you should make a CODE 10 CALL, which is an authorization request that can be done at any point during a transaction to alert the issuing bank of suspicious activity, without notifying the customer.
You can also cancel a questionable transaction by running a VOID before the batch settles, this will prevent the transaction from being processed and prevent processing fees from being charged.
These tips can help you protect your business from fraud when processing in-person transactions. While it’s nearly impossible to completely remove risk from credit card processing, the benefits of being able to accept credit cards still outweigh the risks, especially if you’re vigilant when it comes to fraud.