Methods of protecting against payment security fraud

Be alert

Fraud evolves almost as quickly as technology, which makes it difficult to predict where a fraudster may target next. They’re always trying to find new ways around some of the more common fraud prevention tools (such as AVS, CVV and 3D Secure) by obtaining a cardholder’s personal data. And, our fraud reporter data typically shows up to 40% of fraud gets through systems undetected.

That’s why we offer a multi-layered approach to fraud management, utilising a range of the world’s leading solutions, support and advice. Build up enough layers of defence before, during and after each interaction with customers. Then you can discourage even the most determined fraudsters.

Know who you’re dealing with

Fraud screening – detection and prevention

In Card-Not-Present transactions, you can’t always be sure who’s on the other end of the payment. Our sophisticated fraud screening solutions can help you feel confident that the customer you’re doing business with is genuine.

Our decision engine provides over 200 global, sophisticated validation tests in one convenient portal. It helps you decide which transactions to accept, deny or review. We also offer solutions for employment screening, tracing individuals or businesses, and for ‘Know your Customer’ compliance.

Managing manual reviews

Link analysis – establishing trends

There’s been a rapid growth in Card-Not-Present transactions and the trend for more increased sophistication of fraudulent activity. It means manual review teams are facing significant scalability challenges. Link analysis, a feature of our fraud tool, is an effective tool that helps manual teams better identify the transactions that require attention.

Our expert fraud partners have access to a host of databases, with billions of records. We can identify links from one fraudulent order to another. We find connections in email addresses, telephone numbers, shipping addresses and card numbers. This brings hidden fraud to light and can even expose organised crime rings.

Data is power. You need to use it to establish trends, links and visibility to the scale of your fraud situation. That’s an essential part of a good fraud management strategy.

Expose fraud wherever it’s hiding

Fraud Reporter

  •  Identifies attacks from Fraud Alerts, so goods and services are stopped from being dispatched to fraudsters in as near to real-time as possible
  •  Gives you the ability to block suspicious accounts to prevent further fraud and loss
  •  Increases the visibility of fraud attacks where 3-D authentication protocols are used
  •  Gives advance notice of potential chargebacks, giving you more time to investigate and prepare a defence
  •  Analyses the most targeted areas and fraud trends to identify potential risks and threats
  •  Provides daily reports that help you monitor the effectiveness of the fraud prevention process.

The right protection for your business

Our independent fraud experts will work with you to develop a bespoke, multi-layered approach to effectively manage fraud and avert risk. They can highlight potential risks with a quick fraud health check. And help you with on-going projects and staff training. And more. They’ll give you the support you need to fight fraud in all its forms.

This service is offered through our partner, Retail Decisions and will attract a fee based on your business needs.

By providing insights into industry data, they’ll ensure your fraud management is benchmarked, reducing total fraud and identifying your key risks. They’ll help you deliver a more effective fraud management strategy.

Protection on the spot

There are a number of industry-wide measures in place to help you fight against Card Present fraud:

Chip and PIN

Since its full UK rollout in 2006, chip and PIN technology has had a major impact in the fight against fraud. Whereas a signature can be forged, chip and PIN is extremely difficult for criminals to crack. If you process physical card payments, this measure will help you feel confident the customer is who they say they are.

Mag stripe cards

If your business welcomes international customers face to face, such as a hotel, you may deal with cards from other countries that are Mag Stripe only. This is common in American-issued cards and requires you to take extra precautions during a sale, such as matching card numbers and expiry dates to receipts.

Card issuer security

The major card issuers have taken steps to ensure your customers’ physical cards are as secure and protected as possible.

How to spot a counterfeit card

MasterCard- and Visa-issued cards have a number of identifying features that most counterfeit cards aren’t able to copy:

  • First four digits of the embossed card number should also be printed directly below the main numbers. Check to make sure these match
  • Hologram – when the card is moved at the right angle, a brand image should become visible. Visa has a dove and MasterCard has a globe
  • Ultraviolet motifs – if you have a UV detector, you can check the card’s motif. If no image appears, the card may be a fake
 

Visa's front security features
Visa's back security features

Mastercard's front security features
Mastercard's back security features

If you’re a Barclaycard merchant and are suspicious about a card during a transaction after making the standard visual checks, you should make a Code 10 call:

  1. Call  0844 822 2000
  2. Enter your merchant ID and press option 9
  3. An advisor will speak with the cardholder and ask them a series of security questions
  4. Once the questions have been completed, you’ll be advised of the outcome.

Always protecting

You can’t be everywhere at once. That’s why it’s important to make sure you have the right measures in place to protect your business and your customers in Card Not Present transactions.

Authentication

Chip and PIN technology was a major step forward in the fight against fraud in face-to-face transactions. Authentication is a similar method of protection but for online shopping. Initiatives such as Verified by Visa and MasterCard SecureCode require your customers to identify themselves with a pre-registered password before each transaction. It adds very little time to the process and helps reduce credit card fraud online by declining transactions when the wrong password is entered.

Card security code (CSC) and Cardholder address verification (AVS)

For a fast and efficient way to validate the identity of a cardholder, CSC and AVS are hard to beat. The service works by electronically checking the last three numbers of your customer’s signature strip and the numeric of their address. It offers another level of security, helping you decide whether or not to proceed with the transaction.

Frequency checks

These are an effective way to monitor or control the number of transactions a customer makes based on a few different pieces of information, including:

  •  the card number being used multiple times
  •  the billing/delivery address
  •  the cardholder name
  •  their email address
  •  the type of product purchased (high value, desirable or easily re-sellable)
  •  their IP address (the unique address applied to each computer)

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry guidelines designed to reduce your risk to fraud. It sets out a clear framework for the way you accept payments, the way you should handle customer card data and the security measures you should have in place. Being compliant helps protect you and your customers from fraud, and the associated costs such as chargebacks and retrievals.

Want to know more? We can help you become PCI DSS compliant .

Keeping your security strong

Our dedicated, award-winning security team can help you manage the risks and impact of fraud from an investigation, compliance and relationship perspective.

They’ll work with you to create a bespoke package for your business, helping you ensure that your customers’ transactions are safe, secure and compliant with industry standards.

We provide:

  •  advice and guidance on industry-wide initiatives and best practices to mitigate financial loss, and brand and reputational risk
  •  support through the management of Card Scheme Excessive Fraud and Chargeback compliance programmes
  •  operational expertise to manage Card Scheme and UK Cards Association fraud strategies that impact on you
  •  an award-winning PCI DSS Merchant Compliance Programme to reduce your exposure to the risks and costs of fraud
  •  industry-leading payment card fraud solutions in one convenient package to help protect your business at key points in the transaction journey
  •  dedicated Fraud Relationship Managers to manage key customers and those operating in high-risk business sectors