Fraud and Security

• Overview
• Schemes
• Standards
• Best Practices
• AVS
• 3-Digit Security Code

Best Practices for Face-to-Face Transactions

• Verify the cardholder's signature. Make sure the signature is the same as the name embossed on the card. If it is not, request another credit card or some form of identification.
• Obtain an authorization. An authorization confirms the validity of the card number and expiration date and determines that funds are available for the transaction amount. It does not guarantee that the sale is not fraudulent. As a result, other verification steps may be required.
• Swipe or obtain an imprint of the card. If you are unable to swipe a credit card through your point-of-sale terminal, be sure to obtain a manual imprint of the card. This provides proof the card was present for the sale.
• Delayed delivery. Merchandise should be shipped as close to the charge date as possible. If the sale is charged in advance, it may not be charged more than 7 days in advance of the shipping date and the cardholder must be notified of the advance billing. The longer you delay in shipping merchandise, especially longer than 30 days, the more likely you are to experience chargebacks.
• Proof of delivery. If merchandise is delivered or shipped after the sale, merchant should obtain the cardholder's signature at the point of delivery.
• Complete information. Ensure that all information on a sales draft is complete, accurate and legible before completing the transaction. Keep the ink cartridge or ribbon on your printer working.
• Process refunds quickly. When processing a refund, always use the same card number as the original sale. Never give a customer a refund by cash or check for a credit card sale. If your return or refund policy is limited, preprint or write the restrictions on each sales draft near the signature line, prior to the customer signing the receipt. Be sure the information shows clearly on all copies of the sales draft.
• Declined means declined. Do not continue to seek authorization on a declined transaction; do not reduce the amount requested, and do not repeat the request.
• Display your return policy prominently. Ensure that your customers are aware of your return policy by printing it on your sales slips directly above the cardholder signature.
• Keep accurate records. You may have to provide documentation to your card processing company should your customer dispute the transaction.
• Check the security features on the card. Card security features are designed to help you fight fraud. You should review the card for the holograms that change color in the light, non-erasable signature lines and comparing the name embossed with the signature on the back. Call INTRUST Card Center with any concerns regarding processing transactions that seem suspicious.

Best Practices for Mail, Telephone and Internet Transactions

• Late night orders. The likelihood of fraud transactions increases late at night, especially if the order is from certain high risk countries, including Israel, Eastern Europe, and South America.
• Placing a large order. Crooks don't care how expensive the sale is — since they don't intend to pay it. Carefully examine any order with an unusually high dollar amount or one that involves an out-of-the-ordinary situation.
• Physical address. The physical address must match the credit card billing and shipping address. If it does not match, additional verification should be done.
• E-Mail address. Names that have no apparent connection to the customer's name or include random characters could be attempts to mask identity.
• Repeated authorization attempts. Criminals can obtain fraudulent card numbers by using account number generating software programs. They will make multiple authorization attempts where the name, last few digits of the card account, expiration date and/or the 3-digit security code is slightly varied until the transaction is approved. In many cases, these attempts will happen consecutively.
• Customer responses. Educate operators to pay particular attention to anything suspicious in the way the customer speaks or responds to questions such as a long pause or a hesitant answer. Make it a policy to request the name of the credit card issuing bank for large purchases. If the caller doesn't know the bank's name, they may be using a stolen card number.
• Always ask for the cardholder's billing address. Ask for the cardholder's day and evening telephone numbers in case there is a question after the order has been placed. Orders with a “ship to” address that is different from the cardholder's billing address can be a warning sign. If you are suspicious, contact the cardholder using the second phone number they provided to verify the order.
• Develop and maintain a “bad” customer file. This should contain fraudulent names, addresses, zip codes, card numbers and companies you come across. Compile a zip code listing that spotlights areas in which you've experienced fraud.
• Delivery address is a P.O. box in a large city. Further checking is suggested, especially if the order is from a new customer. Mail delivery services require a street address and will not ship to P.O. boxes.
• “Rush order” request from a new customer. Be cautious when the caller appears ready to order whatever merchandise is in stock regardless of size and style.
• Utilize CVC2 (MasterCard) and CVV2 (Visa). These are the three unique digits on the back of a MasterCard or Visa card. When you enter card-not-present transactions, have your terminal or software program set-up to ask for these three digits. Learn more information on how to process transactions using the 3-digit security codes.

• Cardholder account information
• Purchase amount
• Card expiration date
• Merchant name
• Merchant location/address
• Sales associate's name