Spotting the most common credit card fraud schemes
August 29, 2012
Article courtesy of SBAM Approved Partner Midwest Transaction Group
Adoption of EMV (Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards and IC card capable point of sale terminals and ATMs, for authenticating credit and debit card transactions) in the U.S. brings a welcome new era of tighter anti-fraud security.
As the global standard for smart-chip payment cards, the technology helps reduce the risks for fraud but it’s not a cure-all. The interim challenge of managing magnetic stripe card security will be with us for some time as merchants are challenged to learn new effective ways of countering card-not-present (CNP) fraud that is part and parcel of the switch over to EMV.
Merchants need to be alert to both card present (CP) and CNP schemes and keep their guard up as EMV picks up momentum. Awareness is the best weapon, and knowing what to look for can significantly mitigate the risk of falling victim to fraud.
Here’s a list of the most common fraud schemes we see today:
- Card-not-present/shipment fraud: This type of fraud is initially solicited by email, followed with direct or TTY (deaf relay) calls for large sales orders. An unknown, out-of-area customer is common, as is a request for urgent shipping. Often, requests for the merchant to pay a bogus freight shipper in advance are made and the customer asks to use multiple cards for one order.
- Micro attacks: Hackers typically run a computer program that tests stolen card sequences against a merchant’s point of sale software/shopping cart authorization link. Good authorization counts in large quantities may be noticed for $0.01 to $1.00, or a large count against a merchant’s drop down choice for payment options. Settled transactions that are not identified may lead to fraud chargebacks and subsequent requirements for security enhancements.
- eCommerce fraud: Shopping cart merchants should be aware of multiple card entries for high-dollar orders. Any suspicious order size should be carefully evaluated. Review AVS and CVV match responses. When cardholder billing information and shipping information don’t match, those orders should be evaluated further. eCommerce merchants should also contact their payment gateway providers about enhanced security features and how to stay up-to-date.
- Data breaches: In addition to micro attacks, widespread data breaches continue to feed card counterfeiting and identify theft. Adherence to the Payment Card Industry’s Data Security Standard (PCI DSS) is your strongest defense.
Being alert to the multiple techniques thieves use to steal data is another useful way of staying a step ahead of fraudsters, increasing caution with each and every transaction.
- Phishing — Using websites, email links, and text and audio messaging to spoof a legitimate source and trick victims into giving away confidential information.
- Social networking — Ignoring privacy settings, users post photos and personal details or follow links that lead to compromised sites.
- Malware — Infected PCs are trawled for personal information, including passwords, or used to generate bogus alerts and sign-on information. This software is also finding its way onto POS terminals.
- Skimming — Originally found on ATMs, skimming devices that steal card details are now found at gas stations, on POS terminals, and on portable devices in restaurants.
Educating yourself, and your employees, about fraud is paramount. Transactions are the life of a business; reviewing these tips on a regular basis will continue to help keep them safe. When in doubt, call SBAM’s partner Midwest Transaction Group so we can offer assistance: 888.599.2209.