How to protect your business from credit card fraud

In 2022, 42% of all global ecommerce fraud occurred in North America.

Such fraud not only impacts on the immediate revenue of a business. It can also lead to fines, increased fees from payment providers and reputational damage with customers.

Fraudsters exploit vulnerabilities in policies, procedures and payment systems. This guide outlines how US businesses can protect themselves from credit card fraud. It reviews the most common types of fraud, such as card-not-present fraud, chargeback fraud, phishing attacks and account takeovers.

It goes on to provide actionable steps that you can take to protect your business. This includes a review of fraud detection tools and recommendations on how you can implement strong authentication protocols, like 3D Secure.

After reading this guide you will have a firm understanding of the practices you need to adopt to safeguard your business from credit card fraud, comply with regulations, and maintain the trust and loyalty of your customers.

What is credit card fraud?

Credit card fraud is the unauthorized use of a credit card or credit card details to make purchases or withdraw funds. It affects both consumers, who may face stolen funds or identity theft, and businesses, which may bear financial, reputational and operational losses.

Credit card fraud targets businesses through fraudulent transactions, chargebacks, or the exploitation of weak security protocols. Such fraud may use stolen cards, counterfeit cards created using cloned card data, or digital data that’s been obtained from account takeovers, phishing or hacking.

Credit card fraud is a critical issue for businesses that requires robust preventive measures to minimize financial loss, safeguard reputations and build customer confidence. After a review of the types of fraud your business faces, this guide will outline the ways you can prevent fraud.

Common types of credit card fraud targeting businesses

1. Card-not-present (CNP) fraud

This fraud occurs in transactions where the cardholder isn’t physically present, such as online, over the phone or by post. For example, a high-value online order is placed using a stolen credit card, but the business does not verify the cardholder’s identity. The legitimate card owner disputes the charge, leading to a chargeback.

2. Friendly fraud

This is when a customer falsely disputes a legitimate transaction by claiming they never received the goods or didn’t authorize the purchase in the first place. For example, a customer orders a product, receives it, but is not happy with it. Rather than go through the hassle of making a return they simply contact their bank to file a chargeback claiming non-delivery.

3. Counterfeit cards

Skimming devices can be discretely added to ATMs or point-of-sale terminals and used to copy card data. This can then be embedded into fake cards. For example, a criminal uses a counterfeit card in-store, leaving the merchant liable when the bank identifies the transaction as fraudulent.

4. Account takeover

Hackers gain access to customer accounts through phishing emails or data breaches. They use the data they gain to make unauthorized transactions, often changing the login passwords to lock out the original user. For example, stolen data is used to access a customer’s account and place multiple orders. This bypasses security measures due to using stored payment details from the account.

5. Refund fraud

Lenient return policies can be exploited by using stolen payment methods to purchase items and request refunds to the fraudster’s own account. For example, a scammer may purchase high value electronic devices with a stolen card and then request a refund to a different card.

6. Merchant fraud

This involves fake businesses processing fraudulent transactions, often as part of a money-laundering scheme. For example, an online store is set up to process stolen card payments and it disappears before customers are aware their card has been used.

How to prevent credit card fraud as a merchant

Although the fraud landscape is constantly changing, much of the fraud that takes place relies on exploiting weaknesses in the prevention and protection strategies that businesses have implemented.

Effective fraud prevention requires an approach that combines technology, policies and employee training. In this section we outline the measures you should have in place.

1. Use advanced payment gateways

Payment gateways with fraud detection features built into them can flag suspicious transactions in real time using machine learning and AI to identify them and keep pace with the changing landscape.

Features may include:

• Address Verification Systems (AVS) to verify that the billing address matches the cardholder's address.
• CVV checks to ensure the customer has the physical card.
• Algorithms to monitor transactions in real time and flag any unusual patterns or activity identified.

2. Implement 3D Secure protocols

3D Secure adds an extra authentication step to online transactions, reducing the likelihood of card not present fraud. Examples include Verified by Visa and Mastercard SecureCode.

3. Monitor transactions

Your payment gateway may include the ability to use analytics to identify unusual patterns or known high-risk factors, such as:

• Orders from certain countries
• Multiple purchases made in quick succession
• Mismatched billing and shipping addresses

4. Train employees

Equip staff with the skills and knowledge so that they can recognize suspicious activities. This may include:

• Customers refusing to provide ID for large purchases
• Suspicious card behavior, such as declined attempts followed by approval on a different terminal

5. Ensure PCI DSS compliance

The Payment Card Industry Data Security Standard (PCI DSS) establishes guidelines for securely handling cardholder data. Compliance requires businesses to implement robust security measures such as encrypting sensitive information, maintaining secure systems and monitoring access to payment data. Non-compliance can result in fines and leaves your business open to increased risk of fraud.

6. Define strict refund policies

Implementing strict refund policies is a critical step in fraud prevention.

• You should clearly limit refund eligibility to verified transactions by requiring a proof of purchase, such as an original receipt or transaction ID.
• Your refund timelines, conditions and acceptable reasons should be clearly stated in your policy.
• In addition, you should have a return verification process in place, such as matching billing information and confirming the original payment method.

7. Regularly update security systems

Outdated software is vulnerable to attacks. Ensure any software you use has patches applied promptly and is using encryption to protect sensitive data.

For more information about action you can take to combat the latest fraud risks, review our guide on the e-commerce fraud trends merchants should know about.

How does credit card fraud detection work?

Fraud detection tools use algorithms and machine learning to identify suspicious activities. Below we outline how each type of tool works. You can learn more about these in our guide to fraud management tools to increase payment security.

1. Fraud detection tools

Tools like Worldpay’s fraud prevention solutions analyze transaction data for evidence of possible fraudulent behavior, such as mismatched IP addresses or transactions outside normal spending patterns.

2. Chargeback management software

Tools like Worldpay Dispute Management software offer specialized help for you to track, manage and reduce chargebacks.

3. PCI DSS compliance solutions

These compliance tools help your business to meet security standards by securing cardholder data and preventing breaches.

4. Data encryption services

Encryption scrambles sensitive data, making it unreadable to unauthorized parties.

How to report credit card fraud instances that occur in your business

If credit card fraud has occurred in your business, these are the steps you should take to minimize losses and act effectively.

Step 1: Notify your payment processor

Report the fraud immediately to stop any more unauthorized transactions taking place. Seek guidance on ways you can prevent further incidents.

Step 2: Document everything

Ensure that you maintain detailed records of:

• Transaction details
• Customer communications
• Evidence of fraud (e.g. IP logs, shipping discrepancies), and
• Any other record that may be relevant

Step 3: Report the fraud to your local authorities

In the US, you should report fraud to state authorities and law enforcement. These organizations can assist with investigations and recovery.

Step 4: Notify affected customers

Inform customers if their accounts or data were compromised, providing guidance on securing their information.

Step 5: Review your security practices

Analyze how the fraud occurred and strengthen any vulnerabilities that you can identify. These may include employee training, software updates or stricter implementation of policies.

Credit card fraud poses significant risks to US businesses – but proactive measures can mitigate its impact. Key steps that you can take using the information in this guide include:

• Understanding fraud types and implementing prevention strategies
• Using advanced fraud detection tools and maintaining PCI DSS compliance
• Reporting incidents promptly and reviewing security practices.

By adopting these measures, you can protect your business and your customers.

Start securing your operations and building trust by addressing credit card fraud with Worldpay Fraud Prevention.