December 12th, 2017 by J B
Avoid The Holiday Season Grinch
Filed in: Monthly Newsletters |
Ways to protect your business against fraud through the holiday season.
The holiday season is a joyous occasion for businesses and consumers alike, however there is always someone out there looking to profit from the misfortune of others. It’s easy to get caught up in the in the spirit of the season and let your guard down, but this time of year it’s important to keep focus on defending your business from the Grinch’s trying to prey on you. In this article we are going to touch on a few different methods fraudsters use and how you might defend yourself.
Friendly Fraud
Unlike its name there is nothing friendly about friendly fraud. Friendly fraud is a broad term that encompasses fraud by legitimate customers who utilize chargebacks or other systems to steal merchandise or services or cash from a business. These types of fraud can be difficult to prevent and can be nearly impossible to recoup losses on.
Chargeback Fraud
Generally, chargeback fraud works when a person enters your business, or shops online, and legitimately purchases goods or services, and then disputes the charge with their card issuer.
Someone who knows what they are doing can easily dispute a transaction in such a way that the business owner will most likely not be able to fight it. Card issuers determine who wins chargeback, and they inherently favor card holders over merchants. There’s no question that the customer is stealing from you but police departments are reluctant to pursue friendly chargeback fraud cases, if they’ll even accept a report on them at all. Most of the time they will refer merchants to the civil court system which is time consuming, costly, and offers no guarantee of recourse even if the merchant wins in court.
The key to protecting yourself against chargeback fraud is to stop card holders from being able to claim they didn’t receive what they purchased, that it was defective or not as advertised, or that the charge was not authorized by the card holder. Unfortunately for online businesses, or situations where a card is keyed into a terminal or POS system, fighting this becomes very difficult, as proving the card holder made the purchase with the card in hand is all but impossible.
To prevent this method, you will want to swipe or dip (EMV Chip) as many transactions as possible. This can also prevent other forms of fraud such as duplicate card fraud. When you swipe or dip the card your customer gives you, it proves you were face to face with the customer, which aids in supporting your case that the card holder did make a purchase. Not everyone has the ability to swipe or dip cards, or even if they do they might also need to ship products to the consumer.
For ecommerce or mail/phone order businesses, the best thing you can do for yourself is to ship directly to the card holders billing address, and preferably ship everything with a signature required for delivery.
If you are shipping to an address different from the card holder’s address, you have no way of proving that they received the product. Not even a signed invoice with a photo ID attached will prove to the card issuer their customer actually made the purchase. Even with a delivery signature, the card issuer will usually side with the card holder. While it should go without saying, but if you’re not swiping or dipping the cards, you should be using address verification for both the street and the zip code to ensure the billing address provided by the card holder matches what the card issuer has on file. If you are not sure how to use address verification (AVS), contact your processor or payment gateway for more information.
AVS is not available in some countries or specialty cards like some gift cards, and it’s not uncommon for card holders to not know the exact address they are billed at, so it’s not by any means 100% fool proof. CVV is another mechanism that should be used on all non-present transactions. It at least verifies that the customer had the card in hand at some point as duplicated cards rarely store the verification code as well as the data on the magnetic stripe.
It’s a good practice to keep a clear return policy and always be willing to offer exchanges or refunds to you customers when appropriate. Many card holders will dispute a credit card charge instead of requesting a return if they feel it’s going to be a hassle, or they feel like the business won’t accept a return or exchange in a seemingly reasonable situation. Making these policies clear from the moment of the transaction can help decrease potential chargebacks.
Gift Card Fraud
This form of fraud is quite easy, has a low risk of being caught, and effects both the business and their legitimate gift card holders. Gift cards function very similarly to credit cards and therefore share some of the same risks. The data stored on the magnetic strip on a gift card can be copied and used to make cloned cards for a fraudster to use in stores. This is just one popular method of gift card fraud.
Many gift card providers offer the ability for card holders to set a PIN number on their cards to help prevent misuse, however not many card holders go through these steps. In the case of any card type, gift, debit, or credit, checking the physical number on the card against the number that a terminal or POS system electronically captures can tell you if the card is legitimate. This has become a more common practice by large retailers protecting themselves from duplicated card fraud. In the case where the numbers do not match, calling the police may be the best option, as there is a high likelihood the customer is trying to make purchases with a fake card.
Another risk that pertains primarily to gift cards is through credits or refunds. Crediting a gift card works differently than a credit or debit card as some cards will automatically receive the balance of a credit when it is run by a merchant. When this happens, the balance of the card is instantly increased by the amount returned to it. While that doesn’t sound like an issue, it gives you, the business owner, no time to identify accidental or fraudulent credits or make corrections.
Funding a gift card by mistake gives the card holder time to spend those funds before you can correct the mistake, or even settle your terminal, and can lead to the card issuer disputing your attempted correction later. There have also been cases where gift card holders attempt to distract a cashier so they can access the point of sale device and issue a return to their card. This is one situation where employee involvement puts a business in an impossible position to catch the fraud. The business is unlikely to notice a return has been processed until they settle out for the night, the fraudster is left with the rest of the day to make purchases on their newly acquired funds.
The best way to combat this and any other return or credit related fraud, is to have strict controls over the ability to refund and credit a customer’s card. All refunds should require manager approval and a refund should never be made to a card other than the one used to make a purchase. Terminals and POS devices should be in areas where customers do not have easy access to them and return and credit functions should be password protected at a minimum.
Return Fraud
Return fraud can be a huge problem for retail merchants, especially retailers who are large enough that employees do not have the ability to remember most of their customers, and ones who stock widely available products.
The most common form of return fraud is when a person returns goods that were purchased cheaper from another store or stolen goods for cash. A merchant, at the very least, pays the retail price for the product which causes any future sale to be unprofitable, and if the goods were stolen, there’s a chance that the police show up looking for the product. It’s also common that the person stole the product from the same store they are trying to return it to.
But, even in cases where goods aren’t stolen, merchants can suffer substantial loses from customers returning used or broken items, old items put in the box of a newer one, or items outside of a reasonable return window. Return fraud is one form of fraud that is frequently aided by employees who relax return policies or in more nefarious cases steal products themselves and have an acquaintance return them for a split of the cash refund.
Thieves are smart enough to target businesses during the busiest times of the year for returns which is typically immediately after the holidays when stores are extremely busy and often overlook or do not have the capacity to properly vet every return they are receiving. The NRF estimated that in 2015 alone, US retailers would lose over $2 billion dollars due to return fraud.
Combating return fraud can be difficult. Clear return and refund policies should be posted and strictly adhered to. Refunds should only be issued in the same form the payment was received, and in the case of electronic cards, should only be returned to the same card as the sale. Merchants should outright refuse refunds they are unable to determine are legitimate, refunds unaccompanied by a receipt, and refunds that contain obviously used or replaced products, unless they cover refunds on those products.
Merchant’s can employ proprietary or hidden tagging methods so that they can determine if a returned item actually originated from their store. In any case, if employees are helping defraud the business, it can be nearly impossible to prevent, so controls over who can accept returns and process refunds should be in place.
Also, it is worth noting that someone trying to defraud a business isn’t going to look obviously like a thief, they’re going to look just like a normal customer, and will usually have a believable story as to why they don’t have a receipt with their item. At the end of the day, a business will still lose the same amount of money regardless of whether it’s to someone who looks like a stereotypical cartoon thief or your favorite aunt, which is why policy adherence is so important.
General Good Practices
Require a positive AVS match and CVV match on all non-present transactions
Ship only to a customer’s billing address unless you feel comfortable shipping to another address, but know you will likely not be able to win a chargeback no matter what other verification you require
Restrict access to your terminal or POS system
Require owner or manager approval for all refunds and credits
Inspect all refunds for condition and verify the product is correct to the packaging
Do not issue a credit to any card other than the one used to make a purchase
Have and adhere to a refund policy without exception