A common type of fraud involves the use of credit cards as the form of tender to obtain goods or services and typically originates with the theft of the actual credit card or the account number. Credit card fraud detection is difficult. If a credit card or number is stolen, the cardholder may not become aware until receiving a billing statement several weeks later that the incident occurred.
Most businesses use a third party to process their credit card transactions when a purchase is being made. The processing company will process the date during a transaction and will provide an approval for the purchase. This is done electronically and is processed in a matter of seconds. If a stolen credit card is used, the merchant is generally not liable, providing they took the appropriate steps at the time of the transaction. These steps include the adoption of EMV chip card processing technology as of October 1, 2015.
Employees should be taught the signs of customer who uses a stolen credit card. Credit card fraud detection signs may include:
- A customer making purchases of multiple and/or expensive items (laptops, stereos, electronic games)
- Purchases being made at closing time, and the customer is attempting to rush the sale
- A customer who cannot produce identification matching the name of the card holder
- Random purchases with little regard to price of the items
- A card that swipes but the name on the card doesn’t match the name that was printed on the receipt
The liability for fraudulent credit card transaction increases when the information on a credit card is manually entered as opposed to being swiped through the point-of-sale system. A manually entered credit card could indicate that the employee accepting the credit card may have entered the credit card number without the credit card being present. Close attention should be paid to these types of transactions.
Internal Retail Fraud Incidents
Another common type of fraud occurs when a dishonest employee copies the credit card number from a legitimate transaction and later uses the same credit card number to make a purchase. This type of incident may involve the use of portable devices (skimmers) that read and record the credit card information for later use (often referred to as skimming).
The following examples may provide warning signs of potential credit card fraud involving employees:
- Manually entered credit cards.
- A chargeback dispute where the credit card was manually entered. It should be determined if this card was used on a previous transaction, was swiped and the charge not disputed by the customer. (Attention should be paid to the cashier who was involved in the original sale.)
- Customer complaints that they were not given their credit card back.
- Customer complaints that the last legitimate transaction they made before their card was stolen or fraudulently used, was at your establishment.
While the use of counterfeit credit cards is not new, the use of these cards has exploded in recent years as hackers steal millions of records from major retailers, and rings of thieves develop new ways to capture information. Major data breaches, like the recent Equifax hack, have been a prime source of stolen information. This has become part of a growing black market that connects sophisticated hackers to identity thieves making hundreds of fake cards to withdraw cash or buy goods.
In other instances, devices are inserted into ATM slots and other card readers (for example, gas station pumps) to copy the numbers and financial codes contained in the magnetic strips. The crooks then retrieve the devices or, using Wi-Fi, draw information from them into a laptop or other device. Encoders are used to transfer that information onto newly created cards.
The introduction of EMV chip cards (also known as chip-and-PIN cards) offered some solutions to the problem. Cards now come with an embedded security microchip in addition to the usual magnetic stripe. To make a purchase, the cardholder inserts the card into a chip reader slot in the payment device.
This improves security for two reasons. One, it eliminates the risk of the card’s magnetic stripe being skimmed and stolen. Two, the data encrypted on the chip is nearly impossible to replicate, as it is constantly changing.
EMV cards don’t yet provide complete protection against fraud, however. In Europe, customers input a PIN (similar to using a debit card) to authorize a transaction with an EMV card. Entering a customizable, secret PIN adds an additional layer of security to the transaction.
But in the United States, many merchants and banks have elected to bypass the PIN requirement in favor of a chip-and-signature transaction method. The reason? They’re afraid consumers won’t take well to too much change at once. A card that doesn’t require a PIN can conceivably be stolen and used elsewhere.
To learn more about developing leadership skills and the certification process, visit losspreventionfoundation.org.
This article was originally published in 2015 and was updated September 17, 2017.