To help protect your business, there are some steps you can take to identify and reduce potential fraud. We’ve provided some guidelines below to help you to avoid financial losses and chargebacks. It’s worth reading these carefully, and sharing with your staff.
- Card Present transactions
- Card Not Present (CNP) transactions
- Keeping your card machine secure
- Communicating with your service providers
Card Present transactions
- Chip and PIN payments are the most secure type of transactions. As the cardholder inserts the card into the machine, you don’t need to make visual checks of the card machine.
- Sometimes the cardholder’s signature is required as verification. Make sure that the person presenting the card is the genuine cardholder, and follow the prompts on your card machine.
Checking the card
- Always use the most secure method possible when processing a transaction (usually chip and PIN). This is to protect you, as if you don’t use the most secure method of payment, this could lead to a chargeback.
- Check that the name on the card matches the signature, and remember to check the signature panel for signs of damage.
- If possible, check the spelling on the card and on the sales voucher.
- Compare the last four digits of the card number to that printed on the sales receipt. This will allow you to identify a cloned card.
- Check for the special mark on the card using a UV lamp. If you place the card under the lamp, you should see a hologram.
Checking the cardholder
- The title on the card should match the customer, and look out for the following as possible signs of fraud:
- The customer seems hurried or nervous.
- They insist on taking the goods immediately (e.g they are not interested in free delivery).
- The customer takes an unusual amount of time to sign, referring to the signature on the back of the card.
- The customer makes lots of additional orders in a short period of time.
- If a transaction is declined, the customer then requests a lower value authorisation attempt.
Checking the transaction
- The customer makes an order substantially greater than you would normally expect
- The cardholder does multiple contactless transactions so that they do not need to enter a PIN.
What to do with lost or unwanted cards
- Store the card somewhere safely on your premises until the end of the business day.
- If the cardholder returns to claim the card, ask for their signature and check against the signature on the card. Only release the card if you’re sure they are the cardholder.
- Destroy any unclaimed cards.
Card Not Present (CNP) transactions
Card Not Present (CNP) transactions are higher risk as you can’t check the card or customer. Any fraudulent CNP transactions are your liability and are likely to be charged back to you.
Detecting and preventing fraudulent CNP transactions
- If a customer has made a purchase via a CNP transaction, the goods should not be collected by the cardholder. If the cardholder does wish to collect in person, they should present the card to pay at the time of collection.
- Fraudsters may spend time building up credibility and then place a large order or make a request for goods or services outside of your usual trade, such as money transfers.
- Never dispatch the goods to anybody other than the cardholder, and be wary if the delivery/customer is overseas.
-
Look out for:
- First-time customers placing multiple orders
- Multiple purchases of the same goods, purchased on the same card
- A high-value order that is easy to resell
- Customers who hesitate or make errors providing their personal information
- Customers who are more interested in quick delivery than the price of the goods.
Delivery warning signs
- Never dispatch goods to anyone other than the cardholder, and be wary if either address is overseas.
- Goods should only be delivered to the cardholder’s permanent address. If you agree to send goods to a different address, take extra care and always keep a written record of the delivery address with your copy of the card transaction details.
- Only send goods by registered post or a courier company, and insist on a signed and dated delivery note.
Instructions for your courier
- Never deliver to an address that is clearly unoccupied.
- Ensure goods are delivered to the specified address, not given to someone who happens to be outside. The courier should return the goods if unable to complete delivery to the agreed person/address.
- Obtain a signature as proof of delivery, preferably from the cardholder.
- If you have your own delivery service, consider training your driver to check the card.
Keeping your card machine secure
Protecting your physical card machine from fraud is important, too:
Know who to trust
We’ll always let you know if we’re sending someone out to work on your machine. If a third party or someone posing as Dojo visits your business, please get in touch with us immediately.
Physically check your machine
Look for damage or modifications that have been made without your knowledge. If your card machine’s fixed to the countertop, keep that area as shielded as possible from onlookers and CCTV.
Train up your staff
Only give trusted staff members access to your machine and make sure they’re trained on card machine security and report any incidents.
Communicating with your service providers
Always check who you’re speaking to
Sometimes fraudsters will pose as service providers over the phone to gain access to sensitive information. If in doubt just say you’ll call them back and check the right number online. If they’re there in person, ask to see ID or call up the service provider directly to see if they sent someone.
If you or your staff are contacted by anyone that claims to be from Dojo and you’re not sure, get in touch.
Be careful when giving sensitive information
At Dojo we’ll never ask for sensitive information like payment details over the phone without running through a few security questions first. A lot of other businesses are the same.
Look at the email carefully
Does the company name, sender information and logo look right? What’s the tone of the email? Does it sound like it has come from one of your service providers? Just take a few seconds to make sure it all seems right before clicking on any links or replying.