How to protect your small business against card fraud

Blogs 9 Jul 2021

FSB Payments shares how your small business can mitigate the risks of card fraud, common examples of scams to watch out for, and what to do if you’re affected.

A customer paying via a contactless card

COVID-19 has accelerated the switch to card payments and transformed consumer behaviour, with a new report by Worldpay showing that cash payments dropped by 13% in 2020. The report forecasts that by 2024, 7% of in-store purchases will be made in cash, with a third of payments being made by mobile.

While businesses are right to embrace digital transactions to meet customer expectations and streamline the experience at the till, there are new risks in the form of card fraud. UK Finance’s Fraud the Facts 2021 report found that fraud losses on UK-issued cards totalled £574.2 million in 2020.

Even though losses have been decreasing, the number of confirmed cases increased during 2020 and there was a rise in the number of cases involving remote purchase fraud (card not present). This occurs when someone uses stolen card details to buy something on the internet, over the phone or through mail order.

FSB Payments explains the risks associated with card fraud for your small business, common scams to watch out for, how to stay alert and what to do if you suspect card fraud.

What are the risks?

Excessive payment fraud could lead to monetary losses and impact customer confidence, potentially driving churn. While your liability is reduced in the event a cardholder-present transaction is disputed, the same is not necessarily true of card not present (CNP) transactions. You will be liable for mail and telephone order (MOTO) transactions if they are disputed by the authorised cardholder, for example.

If your website doesn’t utilise 3D secure authentication checks, you may also be liable for disputed transactions online. New Strong Customer Authentication (SCA) rules brought in by PSD2 to reduce online fraud mean that online retailers accepting payments must use 3D Secure for cardholders in the UK from 14 September 2021.

Fraudsters are looking to take advantage of the fact that, in a CNP scenario, you’re not able to physically check the card or meet the cardholder. They want to use stolen details to obtain goods for resale. While you don’t want to deny any legitimate purchases, it’s important to monitor closely for fraud. In the event a fraudulent transaction is approved, your business not only loses a sale and any associated products, but will also be required to reimburse the chargeback amount for the legitimate cardholder.

Common scams: What should you watch out for?

  • Sometimes a fraudster will make a payment over the phone or online using a compromised card and then request to collect the goods via a courier service, or friend/relative. This is because their address doesn’t match the legitimate cardholder’s.
  • Often the payment is for a large order — possibly larger than you’d normally accept — and sometimes split over several cards.
  • Be aware of last-minute changes to the delivery address and requests to send items to hotels, guest houses or PO boxes.
  • Your business may be approached to with a ‘business opportunity' to process transactions on behalf of a third party through your terminals, in return for a cut of the funds.
  • Fraudsters may also contact your business claiming to work for your payment service provider (PSP). They may claim there’s a problem with your terminals and request card transactions be processed via the phone with their ‘operatives’ – including full details.
  • They might even send an ‘engineer’ who arrives unannounced and requests previous card transaction details to perform ‘checks’ on the machines.
  • In a face-to-face environment, fraudsters may even try to bypass chip and PIN and magstripe checks by using damaged cards.

What can you do?

To reduce the risk of fraud losses, always follow the prompts on your terminal, train staff regularly in anti-fraud measures, and follow your instincts. If something seems dubious, it probably is. That could mean:

  • Multiple cards being used for one payment
  • Orders way above your usual transaction amount
  • Customers with multiple delivery addresses
  • Requests for collection via a courier
  • Multiple declines on different cards

Remember, card authorisation doesn’t mean a transaction is fraud-free, merely that the card hasn’t been reported lost or stolen and that there are funds in the account. Any customer insisting on collecting items in-store should produce the card used. You should cancel the original CNP transaction and process a new chip and PIN sale.

Implement 3D Secure authentication checks on your website to reduce online fraud and liability and comply with PSD2, and partner with a PSP that runs its own fraud checks in the background for every transaction. Address Verification Service (AVS) and Card Verification Code (CVC) — also known as CVV, CSC or CVV2 — are also useful checks to make for CNP transactions.

I’ve been hit, what next?

If the worst happens and you are hit by fraud but have been unable to recover your money, report it to Action Fraud, the National Fraud & Cyber Crime Reporting Centre. This will provide you with a Crime Reference Number (CRN) which will enable the police to look into the case. That same CRN will allow you to update the report with any new information. Action Fraud also has a list of resources designed to help businesses protect their revenue and reputation and streamline the reporting process.

With fraud losses on the rise, it pays to stay alert in order to protect your business profits and reputation. But if you do get hit, reporting it will at least ensure the authorities gain a clearer picture of fraud patterns up and down the UK.

Secure, stress-free payment processing

Provided by market-leading payment provider, Worldpay from FIS, FSB Payments lets you do business your way with more ways to pay safely, competitive terms and added fraud protection.

Find out More