- Home >
- Information zone >
- Security and fraud advice >
- How to manage fraud when accepting cards >
- What you can do
- How to manage fraud when accepting cards >
- Security and fraud advice >
- Information zone >
What you can do
In the physical, traditional retailing world, where the cardholder and card are both present at the point of sale, merchants can adopt measures to confirm that the genuine cardholder is making the purchase. These include:
- Talking to Authorisations if suspicious
- Checking the card signature on the card with the signature on the receipt
Taking card payments over the Internet means that none of these checks can be carried out at the time of the transaction, because the process is fully automated and therefore no manual intervention can take place.
However, you will have collected information about the customer and their purchase on the order and payment pages of your website, which will help you to take measures to reduce the threat of chargebacks and stolen goods.
Ask yourself these questions about the purchase:
If your instinct tells you something 'isn't quite right' check it out! Remember - it is entirely your decision to deliver the Goods.
Who is the customer
Here are some simple checks that you can use to help you assess whether the customer is who they say they are:
- Check the email address against the customer's name
Names within the email address that have no apparent connection to the customer. Ask yourself why? Did they simply spell the email address incorrectly, or is it perhaps that it does not exist. - Check bounced emails
For example, if a purchase receipt email is returned before it gets to your customer, ask yourself why? Did they simply mis-spell the email address, or is it perhaps that it does not exist? - Billing address, Postcode validation
Barclaycard Business provides a Card Security Code and Address Verification Service designed to help protect businesses taking mail or telephone orders, or conducting transactions over the Internet. Information obtained from the cardholder during the transaction is sent to the card issuer for electronic verification. The service works by checking the card 'security code', together with numbers in the cardholder's postcode, and up to the first five numbers of the cardholder's full statement address. You can use this service if you process transactions through your own or a third party supplied payment system.
In addition, various other organisations provide services that allow you to check name, address and postcode details.
www.equifax.co.uk Provides a service to check details against the electoral register www.royalmail.com Provides a service to check the address against postcode and vice versa www.streetmap.co.uk Provides a facility to input a post code and view the address details
Note: you may be charged a fee to use all or some of the services provided by the above organisations. - Telephone Number
Ask your customers to provide a contact telephone number. Check the STD code of the contact telephone number against the address given by the cardholder.....do they match?
www.bt.com/phonenetuk/ offers a service where you can check the billing/delivery address against the telephone number.
Where is the customer
This is a good indicator because the occurrence of an overseas address at some stage in the transaction increases the risk. Here are some questions to ask yourself:
- Is the address given by the cardholder outside the UK?
- Would customers from that country normally be prepared to pay the shipping costs?
- Is the address given by the cardholder in one country and the delivery to another?
- Be aware of orders placed in the middle of the night, most genuine transactions do not take place during the early hours of the morning unless your customer base is outside the UK.
Remember - fraudsters don't care about the cost, as they do not intend to pay.
Is the card number valid
How can you assess whether the card details you have been given are valid? Here are some quick and easy checks:
- Does the card number have a valid expiry date?
- Is there an Issue number or start date for Switch or Solo cards?
- Incorporate a Modulus 10 check Digit Algorithm into the payment page of your website This can be used to reduce the chances of processing an invalid card number. It is referred to as a Modulus 10 Check because the result of a mathematical equation applied to the card number must be divisible by 10 to be valid. It must be appreciated that this check is not foolproof, and does not guarantee that a card has been issued with this number, or, that a person using the number has the authority to do so.
What are they buying
Some purchases simply do not "feel right". Listed below are some instances that should prompt you to enquire further before you send the goods out.
Check the order details
- Use Volume & Value Verification to monitor the number and value of orders from individuals. The trend in fraud over the Internet is to place a small number of modest orders and then to dramatically increase the volume and value of orders before the fraud stops. Beware of high value or multiple sales from a previously unknown customer. Look out for the same customer name, card number or address being used on a repeated basis.
e.g. would a customer really want three PC's or ten copies of the same CD. - Double check orders from international users - the Internet is accessible worldwide. Take note of the location of your Internet customers and bear in mind that standards of regulation and security differ from one country to the next.
- Remain aware of all previous losses or fraud attempts that you have experienced. For example, have the customer's details, email address or card number been associated with a previous loss?
- Be aware of the risk level for your products - a high risk product is one that has a resale value near to the original purchase price. Some examples of product classes which are prone to fraud are: gold, jewellery, mobile phones & airtime, cameras, electronic goods, PC hardware, software and tickets.
e.g. Electronic goods being delivered to an address outside the UK may not work
What is the delivery destination
Where are the goods going to and how are they getting there? Here are some easy pointers to remember:
- If the delivery address is outside the UK and your usual customer base or product is UK based, exercise care. If in doubt, do not send the goods out. Try contacting the customer to establish that the transaction is genuine.
- Never allow collection or delivery of the goods by a third party e.g. taxi drivers or messengers.
- Arrange delivery through recorded or registered post or a reputable carrier. Where possible obtain signed proof of delivery. You should instruct your delivery agent to obtain a signature as you may be asked for this information if the transaction is charged backed to you.
- Do not allow the carrier to receive instructions to change the delivery address.