How to combat card fraud. A guide to detecting and preventing card fraud

Similar documents
Fraud Prevention for Merchants

Fraud Prevention for Merchants. Protecting business against credit card fraud

Merchant Business Solutions.

Merchant Business Solutions. Protecting business against credit card fraud.

ADCB Merchant Services - Business Solutions

Your Merchant Facility and Managing Risk

BOQ MERCHANT FACILITY

card fraud business Helpful information for Merchants Avoiding card fraud

protect fraudulent against transactions your business Introduction What is a fraudulent transaction? Merchant Responsibilities Card Present

Tips for Preventing Credit Card Fraud and Avoiding Chargebacks

Suncorp Bank EFTPOS. Terms and Conditions for a Suncorp Merchant Facility

minimise card fraud in your business.

Visa Merchant Best Practice Guide for Cardholder Not Present Transactions

How to guard against fraud

Experience business banking with more control.

Card and Account Security. Important information about your card and account.

General Information for Cardholder s on PIN & PAY

Visa Debit Conditions of Use

ANZ CREDIT CARDS CONDITIONS OF USE CONSUMER CREDIT CARDS

Merchant Agreement How to use your merchant facility

Recognizing Credit Card Fraud

Credit Card Conditions of use. Terms and Conditions

Credit Card Conditions of Use. Credit Guide.

Merchant Payment Card Processing Guidelines

Important Information on Security Regarding Electronic Account Access and Regular Payment Arrangements

Conditions of Use for Westpac Debit Mastercard and Westpac Airpoints Debit Mastercard.

Suncorp MPOS. Terms and Conditions for a Suncorp Merchant Facility

Loaded Everyday card terms and conditions

Product Disclosure Statement Spriggy Parent Wallet

Debit Card. Terms and Conditons

Westpac Business Debit MasterCard. Conditions. Effective date: 25 August Your future is our future

BSP CORPORATE MASTERCARD. Terms and Conditions

Warehouse Money Visa Card Terms and Conditions

Ball State University

Corporate MasterCard. Conditions of Use.

Credit Card Conditions of Use and Credit Guide

AMPLIFY CREDIT CARD. Business Conditions of Use.

Debit MasterCard. Conditions of Use. These are the conditions of use that apply to your Rabobank Debit MasterCard. You must read and retain them.

CONDITIONS OF USE FOR VISA CREDIT CARD

Business Debit MasterCard

Managing Chargebacks. April 2016

Corporate, Purchasing and Dynamic Card Funding Visa Cards Terms and Conditions

OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE

Business Vantage Visa Credit Card. Conditions of Use. Effective Date: 4 November 2016

Debit Card Conditions of Use

Gobsmacked Loyalty is a member of the following External Dispute Resolution Scheme:!!

BET365 MASTERCARD PRODUCT DISCLOSURE STATEMENT

Identity thieves use a variety of ways to gain access to your personal information:

CUA Credit Cards Conditions of Use and Credit Guide

increase your resistance How businesses providing lodging or accommodation can minimise the risk of losing money through chargebacks

Conditions of Use Visa Debit. As issued by Firstmac Assets Pty Ltd and Indue Ltd (Valid from )

WILDCARD PREPAID MASTERCARD PRODUCT DISCLOSURE STATEMENT

Visa Credit Card Conditions of Use

ENCOMPASS CREDIT UNION VISA DEBIT CARD CONDITIONS OF USE

Managing Chargebacks

Conditions of Use Visa Debit. As issued by Firstmac Assets Pty Ltd and Indue Ltd (Valid from )

CREDIT CARDS CONDITIONS OF USE

Effective Date: 1 March Corporate MasterCard. Conditions of Use

CUA Credit Cards. Conditions of Use and Credit Guide

Card Processing Guide Merchant Operating Instructions

BOBCARDS LIMITED MERCHANT EDUCATION GUIDE SAFE AND SECURE CARD ACCEPTENCE PROCEDURE

Conditions of Use. & Credit Guide EFFECTIVE JUNE 18

Suncorp Bank Freedom Access Account

Business Day means any day other than a Saturday, Sunday or national public holiday on which banks are open for business in Gibraltar and the UK.

Verifone User Guide. VX 820 VX 680.

Selected Terms & Conditions for Wells Fargo Business Debit, ATM and Deposit Cards

Conditions of Use and Credit Guide

Before debiting the Cardholder, the Merchant shall conduct the checks specified below.

THE NEW WAY TO CARRY CURRENCY USER GUIDE

Altitude Business credit cards.

Global Payments Asia Pacific

The person you authorise to hold your additional card will share your credit limit and you will receive one statement for both cards.

BNZ Business First Visa Card

Mastercard BusinessCard/ PurchasingCard. Conditions of Use

Diners Club Personal Card Terms and Conditions

Diners Club Personal Card Terms and Conditions

Conditions of Use Latitude Infinity

emoneysafe debit Mastercard Terms and Conditions of Use

Protected by. High convenience from a Low Rate Card. Low Rate Card

Important changes to CUA s Credit Cards Conditions of Use and Credit Guide

GUIDE TO BENEFITS MERIDIAN VISA * CASH BACK CARD M40001 (11/16)

Selected Terms & Conditions for Wells Fargo Consumer Debit and ATM Cards

Hume Bank Limited ABN AFSL & Australian Credit Licence No Conditions of Use. Hume Value, Clear and Business credit cards

Pockit Prepaid MasterCard General Spend Terms and Conditions of Use

Freedom Access Account

These are your General Purpose Card Terms and Conditions

Product Information Document Effective Date: 7 September 2018

WOOLWORTHS MONEY CREDIT CARDS CONDITIONS OF USE EFFECTIVE OCTOBER 2015

Protect your business.

Tesco Credit Card General Conditions

Terms and Conditions including General explanatory information Information statement effective

empowering Your Money

PRODUCT DISCLOSURE STATEMENT

VISA COMPANY CARD CONDITIONS OF USE

Procedure guide. For a smoother operation

Employee benefits card. Part 1: Facility Terms and Conditions. Part 2: Cardholder Product Disclosure Statement. Effective as at: 4 December 2017.

What you need to know about your HSBC Credit Card. effective 01 November 2017

Product Disclosure Statement. Gobsmacked Loyalty Pty Ltd is the issuer of the Concierge Plus membership and reloadable eftpos card.

Bendigo Business Credit Card.

City of Lawrence, Kansas. Purchasing Card Guidelines

Transcription:

How to combat card fraud A guide to detecting and preventing card fraud

Contents Introduction 3 Card Present fraud 4 Card Not Present fraud 6 Payment card industry data security standards Your guide to protecting cardholder data 9 A Merchant s website responsibilities 10 Is that transaction authorised? 12 Laundering leaves your business exposed 13 Ensure that your EFTPOS Terminal is secure 14 CARD FREUD 2

Introduction In the vast majority of cases, card transactions are a safe and convenient way to do business. However, merchants have always faced some risks when accepting card transactions and those risks have increased and become more complex as technology advances at lightning speed. Hi-tech crime is a major challenge, but Suncorp Bank can help you minimise your losses. Suncorp Bank has prepared this guide to give you a range of precautions and advice you can take to minimise these risks and continue to trade confidently and prosperously. Card fraud falls into two broad categories: 1. Card Present fraud This occurs face-to-face with the offender physically transacting with an illegitimate card. Illegitimate in this context means not authorized by the cardholder. 2. Card Not Present fraud This type of fraud is related to internet purchases or mail order or telephone order (MOTO). In both forms of card fraud, the items listed below are targeted by fraudsters because of their high value and/or ease of resale. If you trade in any of these items, be aware that you may be at higher risk of card fraud: Computers, laptops and tablets Electrical appliances Jewellery Furniture Goods which are easily disposed of for cash e.g. cigarettes, alcohol and gift cards. CARD FREUD 3

Card Present fraud While Card Present (face-to-face) fraud carries less risk than trading in a Card Not Present environment, there are still significant dangers. Below is a list of suspicious indicators. Beware of customers who: Appear anxious, nervous or impatient Try to rush or distract you while you re processing the transaction Make unusually large orders Arrive on closing time Make repeat purchases in a short period of time Split transactions i.e. Offer more than one card for a single purchase Purchase multiple numbers of the same item with no interest in size, colour, style or price Purchase large items, but reject home delivery even when it s included in the purchase price. Perhaps they don t want the merchant to know their address Make a large purchase on a newly valid card. You can determine whether the card is newly valid by having a look at the Valid From date on the front of the card. Sometimes cards are stolen while being mailed from the bank to the rightful cardholder. CARD FREUD 4

How to reduce the risks of Card Present fraud Merchants should also take the following precautions: Never enter a customers card number into the EFTPOS terminal if the card cannot be tapped, inserted or swiped. Request an alternate method of payment Inspect the card closely, checking that the valid from and valid through dates include the current date Check the card has the appropriate security features Closely inspect the card to determine whether it s been tampered with Visa cards only Ensure the first four digits of the embossed card number match the four digits printed immediately above or below the embossed number Check that the abbreviated card number on the sales receipt matches the corresponding digits on the card. If the digits don t match, this is a clear indication the card is counterfeit Tilt the card to check the hologram on Visa and MasterCard cards move and/or change colour Only process fallback vouchers if the EFTPOS terminal is faulty. Remember to immediately report the fault and phone for authorisation for all transactions. CARD FREUD 5

Card Not Present fraud As you would expect, Card Not Present fraud is more common than Card Present fraud. Fraudsters prefer to make Card Not Present purchases due to the anonymity. Because Card Not Present fraudsters operate via internet or mail order and telephone order (MOTO) transactions, it means they can commit their crimes all over the world. Below is a list of some red flags that you should consider when accepting Card Not Present transactions. Remember that one of the flags alone should attract attention while more than one should raise alarm bells: The order is unusually and inexplicably large The order is for goods that you do not normally deal in The order is for multiple quantities of the same item The customer places a number of orders within a short space of time The customer places the order using multiple cards When the order is placed and the first card offered is declined, a second card is immediately produced. This suggests they may have quick access to numerous, possibly stolen cards The order requests express freight The order is shipped to a country where the goods could easily be purchased locally. Why would the purchaser pay shipping expenses and wait longer for the goods to arrive? The order requests delivery to a post office box The order requests the goods be shipped to a third party The purchaser pays for an item with a card by phone but collects the goods from the store. This allows them to make purchases without supplying personal information You receive multiple orders within a short period of time on card numbers that are very similar, such as where only the last four digits differ Goods or services are ordered then cancelled with a request to refund the funds in ways other than refunding the card that was used for the purchase. CARD FREUD 6

A red flag for fraud Your fraud risk increases with any overseas order. All overseas orders should be checked, especially if they re from a country you don t usually receive orders. However, some countries pose a bigger risk. Transactions originating from the following countries are proven to have a disproportionate level of card fraud: Ghana, Nigeria, Ivory Coast (and West Africa in general) Indonesia Singapore Countries in Eastern Europe. CARD FREUD 7

How to reduce the risks of Card Not Present fraud Merchants can minimise fraudulent purchases from Internet and MOTO transactions by taking these steps: Ask the purchaser to provide the CVV2 (Visa) or CVC2 (MasterCard) three digit number located on the signature panel of the card Never send goods to a post office box Beware of split purchases. Multiple cards being used for a single purchase are highly suspicious and not permitted under our Terms and Conditions Request that the purchaser provides a fax, or scanned and emailed copy of their driver s license Ensure that the customer s billing and delivery addresses are consistent Verify addresses and phone numbers provided (an online White Pages search should do the job) Obtain a signed receipt from the cardholder when the goods are delivered When a large number of different goods are ordered, telephone the cardholder to confirm the order. Quite often fraudsters don t keep records and therefore can t confirm details Beware of customers that are unable to talk to you over the phone Never refund in any other manner than to the card the purchase was made on Don t continue to attempt authorisation if you receive a decline. CARD FREUD 8

Payment card industry data security standards Your guide to protecting cardholder data Your customers data is your responsibility Data theft is a growing global concern. It s your responsibility to safeguard your customers details whether you store the data yourself or use a third party data storage company. To help you ensure the security of highly sensitive personal financial information, Suncorp Bank has developed the booklet Payment Card Industry Data Security Standards Your guide to protecting cardholder data. Visit www.suncorp.com.au/banking/business/merchantservices/existing-customers to view the guide. CARD FREUD 9

A Merchant s website responsibilities You need to ensure when developing your website you consider the following: That it offers an accurate description of the goods and services you re selling That it contains clear explanation of shipping practices and delivery policy/timeframe That card logos are displayed wherever payment options appear That the refund/return policy is clearly displayed and explained and complies with the relevant consumer law That it displays total cost of the goods or services purchased (including shipping charges) That it contains all required contact details trading name, address and Australian Business Number (where applicable) That it only processes Australian dollar amounts and settles into Australian dollar accounts That the URL and trading name are not significantly different, thus avoiding cardholder confusion That it contains the security capabilities and policy for transmitting of payment card details That export restrictions are clearly outlined That your consumer data privacy policy is explained clearly i.e. what you do with any customer information you collect That each merchant s domain name has individual payment pages. It must not link to another website where payment is made for the goods or services offered on the originating site. CARD FREUD 10

When developing your website, you need to ensure your website does not: Sell illegal goods or encourages violation of export controls, obscenity or gambling laws. This applies to both Australian laws and regulations and those of any other jurisdiction you re providing you goods and services to Contain pornographic material Offer for sale goods or services that may be considered obscene, offensive or dangerous Use unaccredited payment pages Use digital certificates to establish a secure browser session Offer for sale goods or services that do not reflect the nature of goods or services for which the merchant facility was approved. CARD FREUD 11

Is that transaction authorised? Ensuring that you are dealing with an authorised card is fundamental. Please take the time to understand exactly what the term authorisation means. It could save your business from serious financial losses. A transaction is authorised if: The card number is valid It holds sufficient funds available to cover the transaction The card hasn t been reported lost or stolen (though it may actually be stolen or compromised and the rightful owner is unaware of the breach). Beware what authorisation doesn t mean: There s always the risk that the customer has somehow illicitly obtained the card number without being in possession of the card. That s why authorisation does not confirm that the person providing the card number is the legitimate cardholder Please be aware that obtaining an authorisation for each transaction doesn t guard you against fraud or chargeback. CARD FREUD 12

Laundering leaves your business exposed Laundering is a serious breach of Suncorp Bank policy and exposes your business to major financial loss. Put simply, laundering involves a credible merchant processing transactions on behalf of another merchant. Automatically the red flag must go up as to why this third party would want a credible merchant to take part in this kind of activity. Experience tells us that laundering happens because a disreputable operator doesn t have access to card facilities because of an unscrupulous past. Laundering is to be avoided at all costs even if you re offered an attractive inducement such as a percentage of the transaction. CARD FREUD 13

Ensure that your EFTPOS Terminal is secure Suncorp Bank provides our merchants with the very latest information on EFTPOS terminal and cardholder data security. Protecting your customer s data is a priority. To help merchants protect their terminals and customer information, we ve prepared the following list of suggestions: Always update your software to the latest version as soon as it s available Check regularly to make sure your EFTPOS terminal(s) hasn t been tampered with Lock your terminal(s) away when the store is closed Check that any nearby CCTV cameras aren t directed on cardholders entering details at your EFTPOS terminal(s) Always supervise your terminal(s) during operating hours Only allow authorised and fully trained staff to use your EFTPOS terminal(s) Only allow authorised Suncorp personnel, with correct identification, to perform maintenance on your terminal Never allow maintenance to be carried out on your EFTPOS terminal without prior notice from Suncorp Bank There should never be additional cables running from your EFTPOS terminal Secure and change regularly your Merchant (refund) password Notify Suncorp Bank Merchant Services (24 hours / 7 days a week) on 1800 836 055 immediately if: The EFTPOS terminal goes missing, is damaged or has been interfered with The EFTPOS terminal is printing incorrect receipts and other data Attempts are made to either exchange or remove your EFTPOS terminal, or carry out maintenance, without prior notification from Suncorp Bank Unauthorised personnel attempt to carry out maintenance on, or remove, your EFTPOS terminal without appropriate security identification. CARD FREUD 14

More information on terminal and data security is available at www.suncorp.com.au/banking/business/merchant-services/ existing-customers Suncorp Bank is here to help keep you safe from card fraud At Suncorp Bank, we re committed to helping our merchants protect their business, and their customers, from card fraud. If you have any questions regarding card security, or you suspect your business may have experienced card fraud, contact us today. CARD FREUD 15

Contact us Call 13 11 55 Online suncorp.com.au/banking Local store Various products and services are provided by different entities in the Suncorp Group. Merchant facilities are issued by Suncorp-Metway Ltd ABN 66 010 831 722 (Suncorp Bank) to approved applicants only. Fees, charges, terms and conditions apply and are available on request. The different entities in the Suncorp Group, including Suncorp Bank, are not responsible for, do not guarantee and are not liable in respect of products or services provided by other entities in the Suncorp Group. 28740 27/11/17 A

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback