August 18th, 2015 by Jamie Estep
Credit Card Fraud, Now Serving Small Business
Filed in: Fraud, Merchant Accounts |
This is the first of a 2 part series on common but under-reported and often unknown types of fraud that many merchants experience. Part 1 will consist of specific example scenarios and types of fraud that merchants experience often without knowing it. Part 2 will consist of ways to prevent, minimize, and identify types of fraud that may be occurring.
Credit card fraud gets talked about a lot, but most of the time the focus moves to card holder protection or a large data breach. We hear little about the credit card scams that fraudster’s use against the small business owner because it’s hard to sensationalize one business who had a little bit of fraud. In this article we are going to go over some common approaches fraudsters use to go after business and ways your company can protect itself.
Pre-authorized transactions
If I hear about a card holder telling a merchant that they called their bank and got prior approval for a large transaction it immediately sets off my internal fraud alarm. For many people, this statement makes sense, we have all had one of our cards turned down for a completely legitimate transaction, so why wouldn’t a card holder call their issuer if they know they are about to process an abnormally large transaction. Also as a small business owner, a large sale can be a great thing and so it’s easy to get enticed by the sale and want to comply with the customer to make sure it happens.
Whatever you do, don’t take an authorization code from anyone other than your processor. EVER!!!
I can’t stress this enough, EVER! You need to control how the authorization code is obtained. Normally your point of sale (POS) transparently takes care of this for you during the transaction process, and rarely, you may need to contact your processor’s voice authorization system for approval. In both of these scenarios there is an electronic trail from your merchant account, through your processor, to the card issuer and back again. An authorization code will not be valid unless there is a trail connecting your sale to the authorization code. I also want to highlight that if you call the number on the back of the credit card they should not ever issue approval codes to you. The only authorization code you should ever trust is one obtained through your credit card terminal or POS system or if you call into “your” processor and obtain one over the phone.
So what do you do when presented with this scenario?
Taking any form of payment at this point is a likely business risk. I strongly advise you only accept cash from that customer if anything at all. You can simply tell the customer that your store policy states all authorizations have to come electronically from the terminal/POS (this should be your policy anyway). If you do decide to accept a credit card for the transaction and process it in a normal manner, there is still a measurable chance that the customer is still trying to defraud you. Know that there will be a substantially increased chance of receiving a chargeback. At the very least, make absolutely sure that the customer is the person who’s name is on the card and make sure to swipe the card through your terminal, get a signed receipt, and make sure it matches the signature on their card if there is a legible one. This is such a red flag for a deliberate fraud attempt, it would usually be appropriate to simply turn you customer out the door. The chances are better than not they are attempting to defraud you.
I need to return this
How often do you have a customer who wants to do a return for a refund? If the original purchase was made on a credit or debit card, without using a PIN number, then you should only refund to the card that was used to make the purchase. I hear from merchants quite regularly about someone coming to do a return but want cash instead of a credit to their card. Many times the customer says they just don’t have the card on them, or that it was a gift and if it gets refund to the card, then the cardholder will know their gift was returned. The unfortunate truth is sometimes you get this request its coming from a fraudster.
It’s a simple scam, the merchant takes back the product, gives the customer their cash refund, and the customer then calls their card issuer and disputes the charge saying the business refused to give them a refund. Of course the business will receive the chargeback notice, and respond that they gave a full cash refund, but there won’t be any electronic proof for that refund. The card issuer is basically forced to side with the card holder and the merchant will usually lose. It will then be on the merchant to take legal action against the fraudster. To make matters worse, the merchant’s loss is essentially twice the sale amount. They lose the chargeback, and they lose the money they gave for the refund.
This scenario only applies to credit based transactions. When you run a PIN debit transaction things are a little different. Some processors will allow you to do a debit return, however you are going to have to swipe the original card, and the customer will need to re-enter their PIN number to complete the transaction. Alternately as long as the card has a Visa, MasterCard, Discover, or Amex logo you can do you a normal credit return, without needing the card or the cardholder present. If the card does not have a major card brand logo on it, you only remaining option is a cash refund. Keep in mind that card holders can still dispute a PIN debit transaction, however it’s much more difficult.
To hedge your risk, you can offer an in-store credit to the customer. This allows the business to retain the money from the original purchase so if there is a dispute you are not losing a return and chargeback. If the card holder has not used their in-store credit you can revoke it or any remaining portion. Unfortunately if they used all of their remaining credit you will have lost the chargeback and a product, however your hard cost on that product will hopefully be less than having issued them a refund and paying for a chargeback.
A really large order
Let’s say you have a small hardware store, and you have a customer walk in and say I need 5,000 chainsaws. Your first thought might be something along the lines of “Cha Ching!”, and sometimes the idea of such a large sale clouds your vision as you have a quick dream of the vacation you will finally take when all that money comes in. Well come back down to earth and get your guard up as this should be the Chernobyl of red flags.
You need to start asking yourself some questions like the following, and try to look at them as an unbiased third party. Here are just a few quick examples.
- Why does this guy need 5,000 chainsaws? This is an abnormal purchase for just about anyone.
- In your experience does anything feel off about this customer? Let your gut feel be your guide.
- Do they seem to care about price? When people buy in bulk they expect the price to drop, if they don’t, something probably is not right. If they don’t even ask about price, or are willing to pay a premium, it’s even more of a red flag.
- Why is he/she wanting to buy them from me? This can be a hard question to not show your bias.
- Are there more oblivious, easier, cheaper, etc. ways for this customer to obtain what they want? This is more of an extension of the previous question.
- Can my business survive if this sales turns out to be fraud? Make sure you don’t take on more risk than your business can handle.
- Are they asking for the quickest shipping method possible?
- Are they shipping to a forwarding or foreign address?
- If I were going to legitimately purchase 5,000 chainsaws as a consumer, is this the way I would do it?
Admittedly this example sounds to be on the ridiculous side of things, but this actually happened to a small hardware store. Things that sounds too good to be true usually are. These questions will help keep a realistic view of the situation, and will give ideas as to what questions you want the customer to answer. If you are not comfortable with the situation you should probably not continue with the sale, or if you do, make sure you only accept cash or equivalent method that protects you from later disputes. I have seen businesses that refused to take this advice, and accepted credit card payment even after being specifically told by their processor not to. Sometimes the loss to the business is so bad, they had to close their doors after their transactions charged back.
Stay tuned for the next edition where we further discuss how to identify, prevent, and minimize the losses from certain types of retail fraud.