Fraud that is unintentional—often the result of a simple mistake—is called “friendly” fraud. In addition, chargeback fraud often at least begins without any intent to deceive. The most malicious and ill-intended type of credit card fraud is referred to as “true” fraud.
True fraud involves the use of a lost or stolen credit card (or credit card information) to make a purchase that was not authorized by the cardholder. One way this differs from the other types of credit card fraud is that it is usually not the cardholder committing the fraud, but instead a third party. The cardholder files a dispute and initiates a chargeback because he or she did not actually make the purchase or authorize the use of the card.
In addition to lost or stolen cards, the fraudster may use counterfeit cards, often with a duplicated magnetic strip. Using the credit card information (account number, PIN, card verification codes, etc.) without actually having the physical card (a card-not-present transaction) also falls under this category in certain aspects.
A fake card is sometimes used. A fake card differs from a counterfeit card in that, while the counterfeit card is created to actually function as a credit card, a fake (or disabled) card can be used to get the merchant to enter the information manually. This may create enough of a delay in the transaction being denied that the fraudster will be gone, merchandise in hand.
The loss and damage from true fraud can be enormous, particularly if it is combined with chargeback fraud. In such cases, the merchant loses the price of the merchandise twice—once when the product is fraudulently acquired to begin with, then again when a fraudulent chargeback is initiated. Be sure that you and all of your employees understand the seriousness of the risk and consistently implement measures to combat credit card fraud.
The following are some of the common ways to prevent or discourage true fraud.
Some fake or doctored credit cards are very skillfully and accurately created, making it difficult to tell the difference between them and real cards. If you have a basic policy of not entering card information manually, you can eliminate this risk completely. Naturally, you are still able to make exceptions for customers that you know and trust.
Using a chip reader takes away the ability of fraudsters to create counterfeit cards by tampering with the magnetic strip. The security functions of the chips continue to be improved, and their usefulness against fraud is expected to increase.
Another area of technology that continues to advance is technology to enhance the security of online transactions. A payment process that does not require the physical card to be present can be highly vulnerable to various types of fraud and tampering.
Fortunately, technology is now available to do things such as denying fraudulent transactions before they are processed. It is anticipated that this technology will continue to be improved as well.
One type of cybersecurity measure is the use of security codes for card-not-present transactions, whether online, over the telephone, or on a mobile app. Requiring a security code is one way to confirm that the individual making the purchase is in possession of the card.
There are still ways to get around this, of course, but like the other technological measures against fraud, improvements are expected to continue.
Although there is a growing pool of effective technology that you can (and should) use to protect your business from credit card true fraud, the best way to protect yourself is to pay attention and do your due diligence. Simply knowing how fraud occurs and what signs to look for automatically gives you a much better ability to avoid having your business become a victim.
As has been mentioned, one of the reasons that businesses may be given the label “high-risk business” is the higher frequency of fraud in the industry. It can, of course, be a factor in having your request to open a merchant account denied by a bank. A record of being the victim of fraud can also result in the bank terminating your payment processing agreement and canceling your account.
Realistically speaking, it is impossible to eliminate all risks of fraud, friendly or otherwise. However, it is possible to minimize that risk. Using the analogy of a castle under siege, you may not be able to build a truly insurmountable wall around your castle, but if the wall is still very difficult to scale, the enemy hordes are more likely to give up their plan and move on to a less imposing stronghold. (Unless it’s an orc horde. Orcs usually aren’t very smart, and they tend to be on the crazy side—even more so when in large groups—so you never really know what they’re going to do. Consult with a qualified wizard or hobbit for information on what to do in such cases.)
For those and other reasons, operators of high-risk businesses need to give particular care and be diligent in their measures against credit card fraud. If you are using a high-risk payment processor, talk to them about things you can do to prevent fraud, and how their measures and your company’s measures against fraud can be used together to give you the best protection possible.