Archive for July, 2007

Fraud Prevention – Processing Credit Cards

Tuesday, July 31st, 2007

Credit card processing online or card-not-present (keyed) merchants must take more precautions than merchants that process credit cards face-to-face, since they do not have the luxury of seeing the actual card or cardholder.

With internet merchant account transactions, there are a number of potential fraud flags to look out for:

  • International shipping address -International banks (except Canada & UK) do not support address verification (AVS), so you need to be extra careful when shipping worldwide. Having the cardholder fax or email you a copy of their ID & credit card (front & back) is a good way to verify you are working with the real cardholder.
  • Multiple orders placed on the same card in a short time period – someone could be attempting to “charge a card” until the account is shut down or overdrawn.
  • Big ticket items – items that are easy to resell for big profits.
  • First time shopper – scammers are always looking for new sites that are “card able” and don’t take fraud seriously.
  • Multiple orders for a single IP address – If someone is placing multiple orders using multiple cards from the same IP address this should throw up a big flag.
  • “Next day” shipping or “Rush” orders – Thieves want your product ASAP so they can accept delivery and resale before the fraudulent transaction is noticed or reported.
  • Orders from customers that use free email services – Since these services involve no billing, the user has not been verified and cannot be tracked.
  • Transactions placed on multiple cards but shipped to the same address – possible sign of a batch of stolen cards being used or account numbers being generated by a software program.

Here are some steps merchants can take to reduce the potential for fraudulent transactions:

  • Always obtain an authorization code.
  • Verify additional information on the card such as the expiration date, Card Verification Value 2 (CVV2), and address verification service (AVS). If the cardholder is unable to provide this additional information or it does not match up, it may mean they do not actually have the card on their person.
  • Look for general warning signs (listed above).
  • If you suspect fraud (but still obtained an authorization code), ask for additional information (the name of the financial institution that issued the card), contact the cardholder directly, confirm the order by sending a note to the customers billing address first (if shipping address is different), and have the cardholder fax or email you a copy of their ID & credit card.
  • Contact your processor ASAP to report suspicious activity

Two fraud protection tools you should use are:

Address Verification Service (AVS) -Most software & terminals support AVS on all “keyed” transactions. AVS verifies that the street number and zip code being used as the billing address matches up with the actual address on the cardholder’s credit card billing statement.

Card Verification Value 2 (CVV2) – 3 digit number found on the back right side of all Visa, MasterCard, and Discover cards used as an additional way to verify that the customer placing the order has the card in hand. On American Express the CVV2 code is 4 digits and is located on the front top right of the card.

Michael L. Rupkalvis

The Transaction Group