Avoid Fraud - Card not Present

Fraud is a real problem in any business. It's an extra risk for merchants who support card-not-present transactions. Mail and phone order merchandising has exploded into a business that generates more than $100 billion per year. MasterCard® estimates that mail and telephone order fraud costs more than $225 million annually.

At Chase Paymentech, we take fraud seriously. That's why we created our efraud service and why we have put so much energy into creating fraud prevention strategies for you to study. We hope you find them useful.

And remember, it's important to start fraud prevention early - to make it a major part of new employee training - because they are in the best position to have a significant effect on your company's fraud losses. Reinforce training (including your seasonal temporary employees), especially as holidays approach and fraud potential is at its peak.

11 ways to reduce fraud

1. Train operators to pay particular attention to anything suspicious in the way the caller speaks or responds to questions. One simple tip-off is a long pause or a hesitant answer. Make it a policy to request the name of the credit card issuing bank for any sale over a pre-set amount. If the caller doesn't know the bank's name, chances are he or she is using a stolen credit card number.
2. Always ask for the cardholder's billing address. Ask for the cardholder's day and evening telephone numbers "in case there's a question." Orders with a "ship to" address that is different from the cardholder's billing address can be a danger sign. If you are suspicious, attempt to contact the cardholder on a second phone to verify the order. If your system lets you, compare the "ship to" and "bill to" addresses with the catalog's "mail to" address.
3. Develop and maintain a "negative file" of fraudulent names, addresses, zip codes, credit card numbers and companies you come across. Compile a zip code listing that spotlights areas in which you've experienced high fraud. An ongoing good rule of thumb is to decline "ship to" to prisons.
4. If the address is a P.O. box in a large city, further checking is suggested, especially if the order is from a new customer. Mail delivery services require a street address and will not ship to P.O. boxes.
5. Carefully examine a "rush" order request from a new customer. Be especially alert when the caller appears ready to order whatever merchandise is in stock, regardless of size or style.
6. Carefully examine any order with an unusually high dollar amount or which involves an out-of-the-ordinary situation.
7. For American Express® and Optima® customers, ask for the 4-digit, non-embossed CID number printed on the front of the card (on the right border of all American Express Cards; on the left border of Optima Cards).
8. For Discover Card® customers, ask the name of the bank on the back of the card. It should always be Greenwood Trust Company. If the customer can't identify the bank, chances are the customer is attempting a fraudulent purchase.
9. For Visa® cards, ask for the non-embossed number which appears above the first 4 digits. It should match the first 4 digits of the credit card number. Ask the caller to describe the embossed symbol (CV on Visa Classic, BV on Visa Business and PV on Visa Gold cards) to the right of the expiration date. Also, ask about the repetitive pattern of the Visa wordmark throughout the signature panel.
10. For MasterCard®, ask for a non-embossed 3-digit code on the back of the card following the card number. It should match the card validation code (CVC2). Also, ask for a description of the security character -- a stylized MC embossed on the line next to the valid dates on the face of the card.
11. You may be able to use Automated Number Identification (ANI). Verify that the telephone number returned to you is the same as the one provided by the caller.

Additional Weapons: address verification service and card security codes

Address Verification Service - AVS AVS immediately and automatically compares the billing address given to you by a customer against the billing address on file with the credit card issuing bank. Visa®, MasterCard®, American Express® and Discover® all offer AVS with virtually identical features. For a list of AVS response codes, click here.

• Approximately 65% of all unauthorized card use is by people who do not know the billing address of the person whose account number they are using.
• AVS is only a tool. You will need to coordinate its usage with the red flags we identified in the fraud tips. The instance of fraud is much greater when there is no AVS match and when the order is for a high dollar amount; the caller requests overnight delivery to an address that is located in a high fraud area; or the "mail to" address differs from the "billing address."
• AVS is most effective when you use it together with other fraud detection practices. You should analyze your actual fraud to determine the most common combination of suspicious conditions.

Card Security Codes - CVC2, CVV2 and CID Card security codes are the three digit codes printed in the signature panel on the back of Visa®, Mastercard® and Discover® issued credit cards or the four digit code printed on the front of American Express(R) cards. These non-embossed codes are printed on the cards when they are created and are determined by algorithms unique to each card number. Many card-not-present processing solutions support validation of card security codes and will prompt for them during a transaction.

• If the customer can not provide the card security code from the front or back of the actual card, it indicates that the card is not present and that the card number provided is possibly stolen.
• If the customer does provide the card security code, but it does not match what the issuer has on file, you will receive a response indicating that there was not a match. You may wish to ask the customer to confirm the code as it may have been given in error. If it still does not match, you should decline the transaction or take additional steps to confirm the validity of the transaction.
• For a list of common card security authorization responses, click here.

Be aware of internal fraud
Employee theft is a fact of life. One "game" that is unique to direct marketers is the misdirection of refunds to a thief's credit card. Monitor mismatches between the credit cards used for ordering and any subsequent refunds. Also, watch for employees who may purchase goods and charge them to customers' credit cards. Last but not least, take some extra steps to protect yourself:

• Monitor your employees
• Safeguard credit card numbers
• Balance your funds on a daily basis

Stay vigilant
You can significantly reduce credit card fraud by taking direct steps to counter criminals' weak points. Often, just your increased vigilance and scrutiny sends a message to thieves that your company is determined to protect itself against their illegal activities. And that can be enough to persuade them to try their scams elsewhere. Chase Paymentech regularly sponsors Regional Chargeback and Fraud Awareness Seminars to assist merchants in gaining a better understanding of fraud issues. Contact your Account Manager for information on a seminar in your region.