Dealing with Suspected Fraud
There are many ways in which fraud can be carried out. Here are some tips on how to protect your business.
Card Present transactions
The best way to avoid fraud in a Card Present situation is to ask the Cardholder to enter their PIN on the terminal. If your terminal directs you to process a Chip and PIN card as either a swiped transaction, or a keyed transaction, then check the following:
Check the signatures. Do they look the same?
Do the signatures match? Does the signature panel look as if it has been tampered with?
Check that the number on the card matches the number on the terminal print-out.
Check that the last four digits of the embossed number on the card match the last four digits on the terminal print-out. If they don’t match, the card is probably counterfeit.
Check the customer.
Does the customer’s gender match the card details? Are they acting suspiciously in any way or trying to distract you from following procedures?
If you are suspicious of a card or a customer, do not hand the card back.
Call the Authorisation Centre and let the operator know you have suspicions by simply saying that you are making a Code 10 call. We won’t mind if it’s a false alarm – it is better to be cautious than to let a fraudster deceive you.
Do not key a card number into your terminal for a transaction where the card and cardholder are present, as this would leave you open to risk of a chargeback.
Above all, never put your colleagues, customers or property at risk.
Card Not Present transactions
- You may accept Card Not Present transactions ONLY if it has been agreed in your Merchant Services Agreement.
- Card Not Present transactions are done entirely at your own risk and we offer no guarantee of payment, actual or implied, for that type of transaction, even if you have obtained Authorisation.
The following are all acceptable as Card Not Present transactions:
- Mail orders: Written authority from the cardholder with the cardholder’s signature including:
- Completed order forms
- Facsimile transmissions
- Telephone orders: Authority from the cardholder by telephone.
- Internet orders: Card details provided by the cardholder.
When accepting a Card Not Present transaction, take extra care to ensure it is the genuine cardholder who placed the order.
Record all details of the transaction in writing. If conducted by telephone, record the time and date of the conversation. If the transaction is subsequently disputed, you may be asked to produce these details or the cardholder’s authority. If feasible, you should obtain a copy of the Cardholder’s signature authorising the transaction and keep it on file.
If a customer wishes to collect the goods, they must attend your premises in person and produce the card. In this case, destroy any sales voucher that was previously prepared and process an over-the-counter transaction.
Remember – Remain vigilant at all times and remember, if it seems too good to be true, it probably is.
Note: For more detailed information on fraud, please refer to the Merchant Procedure Guide.
3D Secure is the payments industry standard for authentication of internet/eCommerce purchases
- Visa calls their version ‘Verified by Visa’.
- Mastercard calls their version ‘Mastercard SecureCode’.
Known as 3D Secure, these programs are designed to ensure the very best security for cardholders when they pay online.
PSD2 now requires the card issuer to register their customer’s card for 3D Secure once the card is issued to the customer.
We support both Verified by Visa and Mastercard SecureCode. As per PSD2 guidelines, 3D Secure is the only way to successfully complete a Secure Customer Authentication and as such failure to complete this for Customer initiated transactions will result in declined transactions. It is mandated that AIBMS customers comply with the regulations and implement 3D Secure if they wish to receive a successful authorisation.
The details the issuing bank provide will be used to authenticate any future purchase from any enrolled member merchant. Cardholders are strongly encouraged by card issuers to deal online only with 3D Secure registered merchants.
If you wish to utilise 3D Secure transactions, you can obtain a merchant plug-in product suitable for use with your PSP which will support 3D. This will support the requirements of both Mastercard (through their SecureCode product) and Visa (through their Verified by Visa product).
Liability shift
If you are a merchant offering 3D secure, you are protected from liability for fraud (for most card types – refer to your PSP for more details) whether or not the cardholder opts to do 3D secure transaction.
This doesn’t stop the issuers reporting fraud however, and if your fraud levels are deemed to be excessive by the card schemes, they can place you in a chargeback window, which means you are no longer protected from liability for fraud, despite still being 3D secure enabled. This loss of benefit remains in place until either your fraud levels decrease to an acceptable level or until your merchant account is cancelled.
Fraud Prevention Tips
- You and your staff must follow the procedures set out in the Merchant Procedure Guide carefully at all times
- Analyse previous instances of chargebacks and fraud. This will help you to identify where your business is most at risk and how fraud can be prevented in future.
- Speak to AIB Merchant Services or your payment services provider about fraud screening services.
- Make sure that your staff are continuously educated on your risk management procedures. Your front line staff are key to identifying and reducing instances of fraud.
- If you are concerned that you may be vulnerable to fraud attack, perhaps because of your business location, the products or services you sell, or local intelligence, please contact the Merchant Support Centre and ask to speak to the Fraud Department, who will give guidance on good practice.
Terminal security – Protecting your POS equipment
- Ensure that all staff are properly trained in how to use your terminal(s) and in the procedures to be carried out when checking cards presented for payment.
- Supervisor cards should be used only by authorised and trained staff members.
- Supervisor cards must be kept secure in a location that is separate from the terminal.
If you have any concerns that the terminal has been tampered with, contact the terminal support helpdesk.
Card Security Code (CSC/CVV2/CVC2)
The Card Security Code (CSC) is the last three or four numbers on the signature strip on the back of the card.
- For all MasterCard and Visa cards, the code is preceded by the card number.
- On other cards, the code is preceded by the last 4 digits of the card number.
Dealing with Chargebacks
Here we will advise you what a chargeback is, how it can impact your business and outline some common reasons why a chargeback would be raised.
A chargeback is the reversal of a previously cleared transaction; the cardholder’s account is credited with the amount of the sale and the merchant’s account is debited.
A chargeback is initiated by the issuing bank, either at the request of the cardholder or when the issuing bank sees the need to do so.
Common reasons for chargebacks include:
- Fraud enquiries, where the cardholder denies participating in or authorising a transaction
- Non-delivery, where the cardholder disputes the sale for reasons such as failure to receive goods or services
- Quality, where the cardholder disputes the sale for reasons of quality
- Where the customer does not recognise the transaction on the receipt or statement
- Where no valid authorisation was gained
- Where no valid authorisation for current transaction (using old authorisation code)
In certain circumstances a cardholder or the card issuer has the right to question or dispute a transaction. Such requests can be received up to 180 days from the date of the transaction and in some circumstances beyond 180 days. If this happens, merchants should provide as much information as possible to connect the cardholder to the transaction, as this will assist in resolving the dispute.
All merchants accepting debit and credit card payments are liable for chargebacks in the circumstances outlined.
Related Topics
AIBMS has produced a AIBMS Chargebacks Handbook that provides detailed information on chargebacks and gives merchants advice on how they can minimise their exposure.
You can also download our Merchant Response Requirements form.
Start your journey
Request a call back
Providing support for your needs
