Transaction Fraud: Red Flags and Mitigating Risk

It is important that anyone accepting payments monitor transactions to help prevent transaction fraud. Transaction Fraud occurs when a stolen payment card or its data is used to generate an unauthorised transaction via a customer not present transaction.

What is a customer not present transaction?

Customer not present transactions occur when payment is made online, over the phone or through mail order.

These Payment are known as Customer not present transactions as the card is not physically present for examination at the time of payment. These types of payments are more susceptible to fraud because they are not protected by Chip and Pin; merchants should be more cautious when receiving payments via these channels. 

What are common types of fraud for Customer not present transactions?

Payment fraud including identity theft: Occurs when a fraudster uses a stolen or fake credit card to buy goods/services or when fraudsters use stolen information, such as email accounts, user accounts, names, addresses, IP addresses, and personal devices, to complete their purchase.

Friendly fraud (also known as chargeback fraud): Occurs when a consumer (or fraudster) makes an online shopping purchase with a credit card but then requests a chargeback from the issuing bank after they’ve received the goods or services. The consumer may cite damaged goods or undelivered products as grounds for a refund. Depending on the original payment method, the merchant can be made accountable when a chargeback happens.

Interception fraud: Occurs when a fraudster uses a stolen credit card along with the same billing address and shipping address that is linked to the card and then intercepts the goods before they are delivered. This may occur by a fraudster calling after the order is placed and before it has shipped to ask for the delivery address to be changed. They may also contact the courier to change the route of the package to a different address of their choosing. Even simpler (and potentially riskier), they may just wait for the package to be delivered at the cardholder’s address, sign for it, and steal it from right outside the front door.

Just because a transaction is approved does not mean the card is genuine. It is important to consider this when processing MOTO (Mail Order / Telephone Order) and ecommerce payments.

Who is liable for transactions deemed fraudulent?

We encourage businesses to obtain important information from the cardholder during some or all cardholder not present transactions, including:

• Cardholder’s name as it appears on the card
• Card expiration date as it appears on the card
• Billing address
• Card security code
• Phone number and/or email address
• Account number

It also helps to keep copies of order forms and obtain proof of delivery to the shipping address provided by the buyer.

What should you look out for when accepting customer not present transactions?

It is vital to be aware of any Potential “red flags”, for example:

• Unusually large orders or orders for multiple quantities of the same item
• Several orders received within a short space of time, often in increasing value
• Orders using multiple credit cards, especially where the first 12 digits of the card are the same and only the last four are different
• Orders requiring ‘urgent’ shipping or delivery to a Post Office box or third party
• Orders from someone who is not the owner of the card
• The cardholder claiming they cannot provide the CCV
• Different shipping and billing address

If any of the above indicators are present then you should exercise caution. If you are not satisfied that a payment is genuine then we would recommend that you do not provide goods and services and that the payment be refunded immediately.

How can you minimise the risk of fraudulent transactions and chargebacks?

Complete additional due diligence by requesting:

• A short video of the card holder confirming their name, holding their credit card AND obscuring part of the card number along with,a picture of their photo ID showing their address. This allows you to evidence the cardholders identity and confirm the address to which the credit card is registered and to which you are shipping. For genuine customers, this will take less than two minutes. For fraudsters, it’ll put them off entirely.
• Always ensure the billing address and delivery address are consistent.
• Only deliver to the billing address and send via recorded delivery where possible. Obtain proof of delivery to the billing address provided by the buyer.
• Always request the cardholders name and card expiration date as it appears on the card.

If you have any concerns regarding any transactions and/or are not satisfied after completing additional due diligence, then we recommend that you do not ship the goods and that you refund the payment as soon as possible.

How does ClearAccept help prevent transaction fraud?

It is the merchants responsibility to excise due diligence on all payments received, however ClearAccept will also attempt to mitigate these risks by:

• Processing all transactions via our fraud monitoring solution, which are then assessed individually by an external vendor. Any transactions which are deemed out of line will be reviewed by the Risk and Compliance Team, who may contact the merchant to request further information regarding a transaction.
• Executing 3D Secure for all ecommerce transactions. This shifts most fraud liability from the merchant to their customer or their customer’s bank in instances where the transactions are fraudulent. If 3D Secure authentication is failed then ClearAccept will decline the payment automatically.
• Providing a result for the Security Code (CVV) on all transactions and Address Verification (AVS) on all ecommerce transactions. If the CVV is not a match then ClearAccept will automatically decline the transaction.