Sarah is a Marketing Manager at Clearsale and has been with the company since 2012. During that time, she has developed deep knowledge about fraud prevention. She brings extensive expertise in planning, marketing, go-to-market strategy and sales experience, thanks to a background that spans financial planning, controlling and analysis. She previously spent 5 years with Proctor & Gamble, and she holds bachelor and master degrees in Business with great distinction from a top Brazilian business school.
For even the most diligent merchants, credit card fraud can be incredibly tough to pin down because it can take shape in so many ways. In order to understand what credit card fraud looks like, we’ve outlined the top tricks criminals have up their sleeves to separate you from your hard-earned profits.
Top Credit Card Fraud Methods
In this scheme, the criminal steals a victim’s credit card account information to gain unauthorized access to the account, either through a data breach or malware on the victim’s computer that captures the victim’s keystrokes or records the victim’s online activities.
The classic con game goes high-tech, as a thief simply lies to a victim via text, email or phone – often by posing as an official or authority figure of some sort – in order to get the victim’s private identification data.
In this common method for targeting ATMs and other point-of-sale card readers, the criminal places a hard-to-spot skimmer device on the machine in order to copy data from card swipes.
So simple, yet so frustratingly effective, this scheme involves using a stolen or fake account application to open a credit card in someone else’s name.
This method involves the criminal getting hold of a legitimate six-digit Bank Identification Number (BIN) and then just guessing from there to deduce a variety of potential full credit card numbers. Sequencing is sometimes referred to as a BIN attack.
This toe-in-the-water fraud variation finds the criminal testing stolen credit card information by placing small online orders to see if the card number is valid. Once the thief successfully places a small order, bingo – the thief knows the number is good and quickly moves on to bigger scams.
It may sound all warm and cuddly, but there’s nothing friendly about a customer making a legitimate purchase, but then fraudulently claiming a lost shipment or problem with the order. The customer ends up keeping the merchandise that “never arrived”, and the merchant is left to incur the cost and hassle of the chargeback.
Red Flags That Can Signal Fraud
One of the best ways to fight credit card fraud is to be on alert for these common schemes. Fortunately, many of them come with consistent warning signs that can help you uncover and snuff out a potentially fraudulent transaction before it does too much damage.
Different ship-to/bill-to addresses
There are a number of perfectly legitimate reasons why a customer may choose to have a purchase shipped to a different address. But using a customer’s actual billing address and having the goods shipped to a different address to be picked up is an easy way for a thief to place an order and receive the merchandise before the cardholder realizes what happened.
- TIP: Require phone numbers for both the billing and shipping addresses, and follow up with calls to those numbers if anything seems amiss.
Just like different bill-to and ship-to addresses, most orders sent to hotels, offices and post office boxes are likely perfectly legitimate. But it’s also nearly impossible to know who’s picking up that order, making this another common fraud scenario.
- TIP: Short of banning these types of orders outright (not a recommended practice), the best thing to do is to simply treat these orders with a little extra scrutiny. Is anything else about the transaction strange or out of the ordinary?
Fraudsters are counting on the fact that you are too busy to screen every transaction and that you might not have your fraud filters set up to catch what they’re doing. And for good reason. If you’re not careful, some of their more popular fraud methods can easily fall through the cracks, such as:
- Unusually large orders, often with overnight or express delivery selected
- Multiple orders going to the same address, but with different credit cards used for each
- Large numbers of orders to the same address
- Multiple orders shipped to different physical addresses, but placed from the same IP address
- Multiple transactions involving credit card numbers that vary only slightly from one another
- TIP: Like some of the other red flags listed here, any of the above situations could be legitimate, so the best bet is to simply give any of these instances a second review to be sure everything else is in order.
Thieves face several challenges when trying to use stolen credit card information. First, they must get the transaction approved. Then, they must get their hands on the merchandise before the cardholder finds out what has happened. One common way to meet both challenges is for the thief to place the order using the cardholder’s shipping address (which helps the transaction get approved quickly), but then calling customer service and asking for the order to be sent to a different address (which bypasses normal fraud detection policies and lets the thief have the merchandise wherever they want).
- TIP: Make sure a process is in place for customer service to flag any orders where shipping plans are changed or packages are rerouted.
More Tips for Avoiding Credit Card Fraud
In addition to keeping an eye out for the above red flags, there are a few extra steps you can take to bulk up your credit card fraud prevention efforts:
- Keep a log of fraud attempts, chargeback records and problem customers
- Share information with merchant networks, so you can create a larger pool of data that can help identify fraud patterns
- Adopt a fraud score to help improve efficiency and reduce your false decline rate
Remaining vigilant about the various methods of credit card fraud and the red flags for potential abuse can help protect your small business, but it’s a lot to keep up with on your own. If you could use some help, reach out to us at firstname.lastname@example.org to learn what we can offer as your trusted, valued cybersecurity partner.