Credit card fraud is a common type of criminal activity in the retail setting that involves the use of credit cards as the form of tender to obtain goods or services, and typically originates with the theft of the actual credit card or the account number. If a credit card or number is stolen, the cardholder may not become aware until receiving a billing statement several weeks later that the incident occurred.
Most businesses use a third party to process their credit card transactions when a purchase is being made. The processing company will process the date during a transaction and will provide an approval for the purchase. This is done electronically and is processed in a matter of seconds. If a stolen credit card is used, the merchant is generally not liable providing they took the appropriate steps at the time of the transaction. Employees should be taught the common signs of a customer who is committing credit card fraud in the stores. These signs may include:
- A customer making purchases of multiple and/or expensive items (laptops, stereos, electronic games)
- A customer attempting to purchase large numbers of gift cards, especially if they are in large amounts
- Purchases being made at closing time and the customer is attempting to rush the sale
- A customer who cannot produce identification matching the name of the card holder
- Makes random purchases without little regard to price of the items
- A card that swipes but the name on the card doesn’t match the name that was printed on the receipt.
The liability for credit card fraud transactions increases when the information on a credit card is manually entered as opposed to being swiped through the Point of Sale system. A manually entered credit card could indicate that the employee accepting the credit card may have entered the credit card number without the credit card being present. Close attention should be paid to these types of transactions.
Internal Fraud Incidents
A common type of internal fraud occurs when a dishonest employee copies the credit card number from a legitimate transaction and later uses the same credit card number to make a purchase. This type of incident may also involve the use of portable devices (skimmers) that read and record the credit card information for later use (often referred to as “skimming”).
The following examples may provide warning signs of potential credit card fraud involving our employees:
- Manually entered credit cards.
- A chargeback dispute where the credit card was manually entered. It should be determined if this card was used on a previous transaction, was swiped and the charge not disputed by the customer. (Attention should be paid to the cashier who was involved in the original sale.)
- Customer complaints that they were not given their credit card back.
- Customer complaints that the last legitimate transaction they made before their card was stolen or fraudulently used, was at your establishment.
While the use of counterfeit credit cards is not new, the use of these cards has exploded in recent years as computer hackers steal millions of records from major retail stores and rings of thieves develop new ways to capture information. Major data breaches have been a prime source of stolen information. This has become part of a growing black market that connects sophisticated hackers to identity thieves making hundreds of fake cards to withdraw cash or buy goods.
In other instances devices are inserted into ATM slots and other card readers (for example, gas station pumps) to copy the numbers and financial codes contained in the magnetic strips. The crooks then retrieve the devices or, using wi-fi technology, draw information from them into a laptop computer or other device. Encoders are used to transfer that information onto newly created cards.
The evolution of “chip-and-PIN” technology offers some solutions to the problem. These “smartcards” come with an embedded security microchip (in addition to the magnetic stripe found on cards). To make a purchase with a chip-and-PIN card, the cardholder inserts the card into a slot in the payment machine, and a PIN is entered (similar to using a debit card). The microchip inside the card authorizes the transaction; the cardholder doesn’t sign a receipt. With chip-and-PIN, the number on the chip alone is useless—you need the PIN as well, and that can be changed any time. The chip also replaces the magnetic stripe, which is easily copied and therefore vulnerable to hackers.
By capitalizing on opportunities to enhance our knowledge and education, we are making an investment in our own future. To learn more about credit card fraud and the certification process, visit losspreventionfoundation.org.