There has been a significant increase in credit card fraud and chargebacks in the last few months. The MDA felt that it may be timely to create an information package outlining the proper processes when accepting credit cards for dealerships.
A few examples are listed below of these people calling the parts department to order parts.
They start with a small purchase. When they come in they check to see if the parts person asks for the card to authenticate the PIN or ask for ID, etc. If the parts staff don't do their due diligence, they then make a much larger parts purchase.
When the parts person does not authenticate the card using the CHIP, the person waits approximately 60 days (or what is allowable by Moneris), and then they phone Moneris to say it was an unauthorized purchase on their card. Because the dealership didn't validate the card with the CHIP, it is an automatic charge back to the dealership. In this particular case it was for a $3500 set of tires & rims. The reason we believe they wait 60 days is that is close the maximum allowable by Visa to make a complaint. Also, most video security systems do not store video footage for that long.
The second example was of a person making a parts purchase and the terminal stated their chip didn't work. The parts person swiped the card and had the customer sign. Again, because this did not strictly follow the Moneris rules, when the customer phoned Visa and said it was an unauthorized purchase, the dealership was charged back.
Third example was a person trying to use a compromised pre-paid visa. When the parts person suspected something, he phoned to validate the card. The account information did not match the card. When the parts person went back to the counter, the customer had already vacated the premises.
To summarize, these people prey on parts departments where staff are uneducated or undisciplined to follow the Visa / Moneris rules. Most of the examples are over the phone purchases and they seem to target parts departments.
Credit card fraud can represent a considerable cost for your business. Training your staff to identify potentially fraudulent transactions is an important first step in protecting your business from financial loss.
Card-not-present transactions represent the greatest risk to merchants as these transactions occur over the telephone, through the mail or on the internet such that the physical credit card has not been inserted or swiped into a card reader. As a result, there is no guarantee that the transaction is being conducted by the legitimate credit card owner even though the credit card number itself may be valid. In these cases, the merchant bears the chargeback exposure if there are any problems with the legitimacy of the transaction.
10 Potential Signs of Card Not Present (CNP) Fraud
Keep your eyes open for the following fraud indicators. When more than one is true during a card-not-present transaction, fraud might be involved so more vigilance may be required.
- First-time shopper: Criminals are always looking for new victims so know your customer!
- Larger than normal orders: Because stolen cards or account numbers have a limited life span, crooks need to maximize the size of their purchase, buying the most that they can at one time.
- Orders that include several of the very same item: Having multiples of the same item increases a criminal's profits.
- Orders made up of "big-ticket" items: These items have maximum resale value and therefore maximum profit potential.
- "Rush" or "overnight" shipping: Crooks want these fraudulently obtained items as soon as possible for the quickest possible resale, and aren't concerned about extra delivery charges.
- Shipping to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of the country. Visa Address Verification Service can't validate customers outside of Canada, United States and the United Kingdom.
- Transactions with similar account numbers: Particularly useful if the account numbers used have been generated using software available on the Internet.
- Shipping to a single address, but transactions are placed on multiple cards: This could involve an account number generated using special software, or even a batch of stolen cards.
- Multiple transactions on one card over a very short period of time: This could represent an attempt to "run a card" until the account is closed.
Business owners need to decide for themselves how they choose to get paid by their customers. Accepting card-not-present transactions increases risk to the merchant but they can greatly expand company sales. The safest transaction will always be a card-present transaction where the buyer is present and the credit card is inserted (chip card) or swiped (non-chip card) into a card reader.