Tips to Avoid Fraud

Maximize Profitability Through Effective Management of Magnetic Stripe Readers

Magnetic Stripes - built In fraud protection on the back of cards.

Did you know?
The magnetic stripe on the back of bank cards contains much more than the card account number and expiration date. Special security features are also built in to help you avoid accepting counterfeit cards and fraudulent transactions at the point of sale. The magnetic stripe is an active componet of the card, always ready to work for you! When a sales associate swipes a card through a magnetic stripe reader and enters the dollar amount of the transaction, the card account information contained in the magnetic stripe and the transaction ammount are sent electronically to the card issuer. The issuer uses this information in its authorization decision making process.

If the stripe can’t be read then what?
If the magnetic stripe on a card can’t be read, the sales associate must key enter the account information to request authorization and complete the sale.

However, key entered transactions have some real disadvantages.

Increased risk of fraud and counterfeit
Magnetic stripes contain special features to help protect you against fraud. This security information is not available to the issuer with key entered transactions. Consequently, your risk of knowingly accepting a counterfeit card or fraudulent transaction increases.

If, for example, you have a “read and compare” sales terminal (one that displays the last four digits of the account number from then magnetic stripe so sales associates can compare the displayed number to the account number embossed on the card), this opportunity to spot fraud is lost with key entered transactions.

Less Efficient
Key entered transactions take longer to complete than electronic transactions and are prone to key entry errors.

Lost sales
Authorization decline rates are higher for key entered transactions than for magnetic stripe read transactions. Thus, the potential for lost sales is also higher for key entered transactions.

Can key entry be measured?
Yes. You can easily rate the effectiveness of your magnetic stripe readers by calculating the percentage of key entered transactions when the card is present, compared to total transactions for each magnetic stripe reader. These ratings can be very revealing, pin pointing which stores, which readers, and which sales associates have high key entry transaction rates.

Key entry rate calculation
To obtain the percentage of key entered transactions occurring at a particular reader, divide the total number of key entered (card present) transactions for the reader by the total number of sales for the reader. Perform this calculation for each sales shift to determine the “reader rate per sales associate.” Repeat the process for each store if you have more than one location.

Investigate high entry rates
If the percentage of key entered transactions to total transactions is greater than one percent per reader or per reader/sales associate, try to determine the reason. Even if your key entered transaction rate is less than one percent, it’s a good idea to monitor key entry rates on a regular basis.

Increased cost
Key entered transactions may cost you more. One of the componets of the merchant discount rate is based on your ability to read and transmit the magnetic stripe at the point of sale.

12 potential signs of Card Not Present Fraud

Keep your eyes open for the following fraud indicators. When more than one is true during a card-not-present transaction, fraud might be involved. Follow up, just in case.

• First-time shopper: Criminals are always looking for new victims.
   
• Larger-than-normal orders: Because stolen cards or account numbers have a limited life span, fraudsters need to maximize the size of their purchase.
   
• Orders that include several of the same items: Having multiples of the same item increases a criminal's profits.
   
• Orders made up of “big-ticket” items: These items have maximum resale value and therefore maximum profit potential.
   
• “Rush” or “overnight” shipping: Crooks want these fraudulently obtained items as soon as possible for the quickest possible resale, and aren’t concerned about extra delivery charges.
   
• Shipping to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of the U.S.  Address verification (AVS) can't validate non-U.S., except in Canada and the United Kingdom or few other banks who participate in the US AVS program.
   
• Transactions with similar card account numbers: Particularly useful if the account numbers used have been generated using software available on the Internet.
   
• Shipping to a single address, but transactions placed on multiple cards: Could involve an account number generated using special software, or even a batch of stolen cards.
   
• Multiple transactions on one card over a very short period of time: Could be an attempt to "run a card" until the account is closed.
   
• Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses: Could represent organized activity, rather than one individual at work.
   
• In online transactions, multiple cards used from a single IP (Internet Protocol) address: More than one or two cards could definitely indicate a fraud scheme.
   
• Orders from Internet addresses that make use of free e-mail services: These e-mail services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account.

Card Not Present fraud prevention tools

Appropriate preventive action can help reduce fraudulent transactions and potential customer disputes. Make use of the tools and controls to verify the legitimacy of the  cardholder and the card in every card-not-present transaction.

Address Verification Service (AVS)

Allows card-not-present merchants to check a cardholder’s billing address with the card Issuer. The merchant includes an AVS request as part of the authorization and receives a result code indicating whether the address given by the cardholder matches the address on file with the Issuer.

Card Code Verification (CVV2- CVC2)

This is a three-digit number imprinted on the signature panel of the cards to help card-not-present merchants verify that the customer has a legitimate card in hand at the time of the order. The merchant asks the customer for the card code and then sends it to the card Issuer as part of the authorization request. The card Issuer checks the card code to determine its validity, then sends a result back to the merchant along with the authorization.

Verified by Visa (VbV)

Enables e-commerce merchants validate a cardholder's ownership of an account in real-time during an online card transaction. When the cardholder clicks "buy" at the checkout of a participating merchant, the merchant server recognizes the registered card and the “Verified by Visa” screen automatically appears on the cardholder’s desktop. The cardholder enters a password to verify his or her identity and the Visa card. The Issuer then confirms the cardholder’s identity.

SecureCode

MasterCard enables e-commerce merchants to actually validate that a MasterCard cardholder is authorized to use the card and qualify the transaction for a guaranteed payment that protects against cardholder unauthorized chargebacks.

MasterCard SecureCode runs on your website and interacts with both the customer and their card Issuer. When your customer is checking out, a simple pop-up box appears asking them to enter a private code that has been registered with their bank.

Their bank then validates that code and provides you with a means of achieving a fully guaranteed transaction.