In 2014, credit card fraud cost U.S. merchants $32 billion, a jump of $9 billion from 2013. This is one of the main reasons for the EMV mandate – to protect merchants and consumers alike from card thieves.
EMV is the global standard for credit and debit cards, where embedded microprocessors are used instead of the magnetic strips we’ve all become familiar with. This means that they’re significantly more secure as they can prevent skimming and card cloning. Beginning October 2015, merchants will be required to have EMV-enabled systems or they risk being held liable for any fraud-related credit or debit transactions. So getting ready for October changeover by obtaining an EMV-ready system is a great way to guard against fraud.
Of course you can never be too secure. That’s why the National Federation of Independent Business, a leading small business association, recently issued a list of things that merchants can do to protect their business, especially now that so many transactions are made online or by phone:
- Get all the information related to the credit card.
Have the caller read the cardholder’s name—exactly how it appears on the card—along with all 16 account digits, the card verification number and the card’s expiration date, as well as the complete address and phone number associated with the account holder. Do not immediately ship goods to customers who are unable to or refuse to provide a full name or offer a possibly bogus name or address, such as Joe Smith or 123 Main Street. Make sure you get the card verification number in this case because three- or four-digit codes do not appear on credit card receipts.
- Be wary of orders that use different “bill to” and “ship to” addresses.
This can be a sign of fraudulent credit card use. Request telephone numbers for both addresses if the customer wishes to ship the order to a different “ship to” location. With the information you collected, you can use a Web site like www.anywho.com, which integrates telephone numbers, maps and e-mail addresses to check for bogus billing addresses.
- Watch out for unusually large next-day delivery orders.
Orders larger than the typical size of orders at your business should raise a red flag, as should orders requesting next-day delivery. Fraudulent users need to have their orders approved and delivered before the fraud is discovered, and the order is canceled. And fraudulent users are not concerned with cost, since they do not plan to pay. Also, watch out for to international orders. While of course not all overseas orders are fraudulent, some countries, especially developing nations, have a bad reputation for fraud.
- Do everything possible to validate the order before it is shipped.
When orders are not placed in person, it may be beneficial to have the customer fax copies of both sides of the credit card. It may also be helpful to request a copy of his or her state-issued identification card, which provides additional proof that the customer is the true credit card holder. If the customer does not know all the information you are asking for or have it in his or her possession, he or she may give up.
- Take immediate steps to reduce damage if fraud is discovered.
First, call the police to report the crime, then call the cardholder’s issuing bank and ask someone to place a courtesy call to the cardholder. Have the person at the bank mention that you have the address where the charged product is being shipped. When the cardholder returns your call, convince him or her to report the crime to the police in the city where the product was shipped. You may be able to recover the stolen merchandise.
Most importantly, trust your instincts. If the caller does not seem completely confident about the information he or she is supplying, or you do not feel comfortable sending merchandise, don’t do it. It may be better to lose an order than to risk giving away your merchandise for free.