Avoiding Credit Card Transaction Fraud is Surprisingly Easy
What’s a business owner to do to combat fraud if the industry he’s in has no bearing on the likelihood the fraud will occur? There are special measures all business owners can take, mostly involving gathering more information about their transactions, since the more information the card-issuers have about a given transaction, the less likely it is that the transaction is fraudulent.
How to combat fraud in 3 easy steps
1. For card-present transactions, require customers to show ID. As well, upgrade your hardware to EMV chip-reading terminals.
The extra step for customers may seem like an annoyance, but it will make all the difference for you, as it will reduce the possibility of your customers using credit cards that don’t belong to them when making in-store purchases. EMV terminals aren’t much more expensive to buy than standard magstripe-reading terminals—and, they have the added benefit of being able to read EMV chips affixed to newer credit cards. The chips themselves provide an extra layer of security to physical credit cards.
2. For card-not-present transactions, require additional information from your customers such as a CVV code or billing ZIP code.
Although you can find a CVV code on the back of any credit card, the billing ZIP code isn’t so readily available, making it even better at curbing credit card transaction fraud. If you use a virtual gateway, you can call your processor to program your gateway to require a CVV code or ZIP code—or both—in order to process a charge.
3. For both card-present and card-not-present businesses, look into a tokenized data solution.
Tokenization as a concept is simply replacing something valuable with something that only holds value inside a closed system—for example, casino-specific chips (valueless) in place of cash (valuable), or, subway or arcade tokens in place of quarters. In data security, tokenization refers to replacing credit card information (valuable) with a string of meaningless numbers that can be programmed to expire or change at any time (valueless). If you utilized a tokenized data system and your server were to be compromised by a fraudster, that person would have access to your information, sure—but, it would be completely indecipherable, and you could change it or yank it away at any time. The mainstream data breaches of 2013 have made tokenization seem all the more attractive; since 2010 companies have experimented with the technology and some credit card processors now offer the technology as part of their standard virtual terminal package. Ask your processor if they offer a tokenized solution for credit card transaction fraud.