Credit/debit card fraud prevention
By Massage Therapy Canada
Credit/debit card fraud prevention
This article will outline some common credit and debit card fraud situations. As well, Jeff van Duynhoven, president, TD Merchant Services, shares advice and tips to help health-care practices combat and avoid debit and credit card fraud.
By Massage Therapy Canada
July 27, 2010 – This article will outline some common credit and debit card fraud situations. As well, Jeff van Duynhoven, president, TD Merchant Services, shares advice and tips to help health care practices combat and avoid debit and credit card fraud.
One type of fraud that business owners fall victim to is card-not-present fraud. This type of fraud refers to transactions that occur without the presence of the actual cardholder or their credit card. Clients provide only a credit card number over the phone, online or by mail. While the vast majority of these transactions are performed by legitimate clients, because the card is never presented to business owners, there is no way of checking its validity using the various security features of the card itself. This may not always be relevant to RMTs charging for treatments in their offices, but may apply to those who sell products to clients, or register attendees for seminars, courses, etc., especially through websites.
"Card-not-present fraud is the fastest growing type of fraud in Canada," says van Duynhoven "We hear stories too frequently about merchants falling victim to fraud and being responsible for chargebacks, which could be thousands of dollars.”
“Some helpful fraud prevention practices to follow in a card-not-present environment,” says van Duynhoven, “include using additional care when transactions are for unusually high dollar amounts, special requests, or any order which involves an out-of-the-ordinary situation. Orders involving any of the following should also be treated with suspcision: the transaction is split between several credit card numbers, the shipping address is different from the cardholder address (especially where the countries differ), the address is a P.O. Box in a large city, the customer has ordered unusually large quantities or multiples of the same item, items are to be shipped rush or overnight, or the caller appears ready to order whatever merchandise is in stock, regardless of size or style.”
Additionally, to help avoid card-not-present fraud, practice/business owners can approach their acquirer and obtain tools such as Address Verification Service and the use of Card Security Codes (the three-digit security code that appears on or to the right of the signature panel on the back
of the card) to help verify a cardholder’s identity in real time and provide business owners some added comfort when performing card-not-present transactions. However, these still cannot eliminate all instances of fraud and chargebacks.
IS IT A LOST OR STOLEN CARD?
With every transaction, whether the client pays in person or not, an authorization number can be issued. Van Duynhoven cautions that the fact that the card can be authorized does not mean the card may not be lost, or stolen.
"Practice owners need to be aware that obtaining an authorization number for a transaction only confirms that funds are available on the card. It does not confirm that the legitimate cardholder is authorizing the transaction, nor will it prevent a chargeback."
Therefore, he suggests that the business/practice owner employ vigilance to ensure that the credit or debit card presented, even when in person, indeed belongs to the person presenting it.
The following tips can help identify suspicious looking cards and alert your merchant services provider to these:
Ensure the account number shows no signs of re-embossing or other tampering.
Check that the validity dates do not appear to have been tampered with either.
Do not accept cards that are being used prior to, or after, their validation dates.
Of course, compare signatures with those on sales receipts. If they do not match, do not hesitate to ask for identification.
Never accept an unsigned card.
Check the signature panel for signs of tampering such as scratching, white tape or correction fluid.
The magnetic strip on the back of the card should be smooth and not show signs of tampering.
If it is a swipe card, make sure the numbers on the electronic terminal and sales receipts all match the number on the card.
If a card appears suspicious, in any way, you can contact your services provider to report the card while the patient is still present. (You are encouraged to familiarize yourself with the procedure for this, with your particular provider, in the event that you have suspicions about a card.) Your services provider may advise that you retain the card but it is advised that you do not try to detain the person or try to apprehend them in any way, should they leave your practice – rather, you are advised to note the person’s appearance and dress and be prepared to report those.
Another common type of fraud is known as skimming. Skimming refers to the fraudulent practice of capturing account information from the magnetic stripe of a debit or credit card in order to make a counterfeit card. In an effort to combat card skimming and the production of counterfeit cards, the payment industry in Canada is transitioning to a new generation of payment card technology, known as chip. Chip technology will significantly reduce card skimming and the production of counterfeit cards.
Jeff van Duynhoven offers these steps to prevent skimming from occurring in your practices:
If a client has a chip card and your point of sale terminal is chip capable, remind your client to insert the card. Avoiding the swipe will reduce the potential of your customer’s card being skimmed.
Treat your PIN pads like cash. Keep PIN pads out–of sight when not in use, and lock them up at closing;
Inspect your point of sale equipment regularly, including serial numbers, wires and cables. If any equipment looks unfamiliar, appears altered, or is missing, notify your acquirer immediately.
Install your debit terminal so that customers have enough room to comfortably shield the PIN pad when entering their PIN number.
Keep all transaction records on file (for the length of time specified in your processing service agreement), along with employee shift schedules and supplier information.
CREDIT CARD PROCESSOR FRAUD
Another type of fraudulent activity that can affect business/practice owners is that perpetrated by providers of the credit/debit card processing companies. Some of these companies have unethical practices, and once snagged into a contract, practice owners can have much difficulty untangling themselves.
These companies may offer contracts with low fees covering card transactions, machine rentals and other related costs. They may stipulate that the pratice/business owner can opt out of the contract if he/she is not satisfied with the company’s service, and/or offer a lease period after which the business owner will own the equipment. However, too many practice owners have entered into agreements with these companies only to find that they are, in fact, tied to contracts that flow, seamlessly, into a longer contract period (and that opting out is an expensive proposition); that the company outsources its processing functions, which increases the fees initially purported (one of the “fees are subject to change” caveats); that statements aren’t exactly transparent; or that owning the processing equipment actually requires paying out even more money.
Practice owners are advised to research the card processing company they will use very carefully, reading all fine print, asking for testimonials, seeking legal advice, determining whether other business owners have had problems with the company in question and basically keeping in mind that if a deal sounds too good to be true, it probably is. Furthermore, once a contract has been signed, practice owners are advised to continuously maintain vigilance with regards to card processing invoices and bills – it becomes too easy to get lulled into a pattern and forget to check invoices, but this might be necessary to protect the practice owner from fraudulent processing practices.
AND NOW, THE GOOD NEWS
The good news is that the federal government has devised measures to put the brakes on this type of fraud and has included these in the credit and debit card code of conduct draft that was released in November 2009. The draft now contains a provision that will allow merchants to exit a contract without penalty as well as rules to encourage more disclosure on average rates.
Many merchant services are available through most banks. If a practice owner wishes to investigate alternative providers, it is advisable to hook up with a bank manager he/she is familiar with, and trusts, for guidance regarding dependable services and, perhaps, some insights on who has already been identified for suspicious and/or fraudulent activities. The key is to be vigilant at all times, research service providers carefully prior to entering into contracts, and not be seduced by deals that seem too good to be true.
1. “Bad Credit: How to pick the right processor,” Canadian Florist, April 2010