As a consumer and cardholder, you have surely heard the stories of identity theft and credit card fraud that have showered the news. As society moves further away from cash to credit, these security issues are becoming a major concern to law enforcement and a major headache for Merchants. Merchants need to be well educated on the common types of fraud and how to counteract fraud in their organizations.

Economic impact
Each year Merchant and financial institutions lose BILLIONS of dollars to credit card fraudsters and identity thieves (FTC Survey of Identity Theft). The advances of technology and the Internet have provided additional tools and methods for these criminals to commit their crimes. These criminals have become more sophisticated and now operate in groups rather than as individuals. They can select a specific Merchant, attack it using a security flaw the Merchant may be unaware of, steal the money or goods that they are after, and be long gone before the Merchant finds out anything happened. These attacks can create a huge loss for the Merchant, create distrust between the Merchant and its customers, create bad publicity for the Merchant and, in some cases, put the Merchant out of business.

Trusted Employee
In the brick-and-mortar world of business, trusted employee fraud is one of the most costly losses a Merchant experiences. Most of the time these are just disgruntled employees or employees who are low on income and need some cash quickly. Other cases involve criminals and even groups gaining employment with the sole intent of committing fraud. They may just be collecting your customers' credit card information so they can make their own fake cards, purchases on the Internet, or they may be sharing/selling the card information to other criminals. They may also be issuing credits to their own credit cards through your Merchant Account, putting small amounts into their bank account that you may never realize until it is too late. They may even be voiding transactions after a sale to put money in their pocket from the register or to provide goods/services to friends without actually having them pay for it. To find out more about Shift4’s comprehensive trusted ^®.

Skimming
Technology advances have created cheap, easily configurable devices that allow an individual to swipe a credit card into a device such as a PDA or cell phone. Once swiped, the thief has all of the magnetic track information for the card and can easily create a new card based on that track information, or use the card number contained in the track information for transactions over the Internet. Skimming devices allow a thief to swipe and maintain thousands of card numbers. As a consumer, do you know where your card is used when you turn it over to the waiter or waitress at a restaurant?

Spoofing/Phishing
Spoofing and Spoof Shops primarily exist on the Internet. Spoofing is the practice of setting up a website that will make a cardholder believe it to be a legitimate business they normally conduct business with or a new business that they would want to do business with. In some cases, the Spoof Shop has no intention of running a transaction; they just collect a cardholder’s information and card number. They store this information and use it for their own purchases. Many of the purchases they make for themselves are turned around for quick resale so they can pocket the cash. Some of these shops share the cardholder’s information with other fraudsters so they can use it as much as possible before the cardholder knows that something is happening to their account, let alone had a chance of stopping it.

Bank/Processor Fraud
Merchants aren’t the only ones with troubled employees. Banks, Processors and even Merchant Services Providers all have problems with employees. Their employees have access to thousands of card numbers and card information. They may use this information for themselves or sell it to criminals. They may even create fake Merchant Accounts, cardholder accounts or fake credit cards.

Cardholder Fraud
This is so hard to identify and prevent. This type of fraud occurs when a legitimate cardholder purchases a good or service and then files a dispute claiming they never received the goods or services for the transaction; they may even make the purchase and then immediately report the card as stolen. Other cases involve friends or family of the cardholder “borrowing” the card without permission to make a purchase and then returning it to the cardholder without them knowing it left their possession.

Number Generators
Here again, we see how the Internet has helped criminals become more efficient at their jobs. Readily available software can provide thieves with thousands of card numbers. Once the thief has these numbers, he/she simply has to figure out which ones are “real” or active. This is done with simple software that will run a small dollar transaction with each of the cards. When an approval is received, the thief knows he/she has a “real” card and can use it to make large purchases on the Internet.

Stolen, Altered & Fake Cards
Stolen credit cards are self-explanatory. Thieves steal the cards from the card manufacturers, mail, purses, wallets, etc. Once in the thieves’ possession, they will use them as quickly as they can to make as many purchases as they can before the card is reported stolen.

An altered card refers to a regular issued credit card that has had identifying parts of it altered. This could be anything from changing the expiration date, signature panel or even re-encoding the magnetic stripe with another card number.

Fake cards are harder to identify than counterfeit currency. Technology has made it so that criminals can produce very legitimate looking cards and then emboss and encode the card with a stolen credit card’s information.

Identity Theft
Everyone has heard about identity theft today. Once an individual’s identifying information has been compromised, a thief can use it to set up new accounts in that person’s name or they can take over an existing account of that person.

There are many ways people can track down your identity. Whether it is a merchant’s dumpster or an individual cardholder’s, thieves will rummage through garbage bins to look for any information that may have been discarded that they can use. Whether it is a credit card number, social security number, address information or birth date, all of these simple things can mean big money to a thief and big headaches to the individual whose information is stolen.

For those that don’t want to get dirty going through trash, it has proven very simple to look over a person’s shoulder and gain a lot of information about him/her. A lot of information comes out of an individual’s wallet or purse when making a transaction. Driver’s licenses, ID cards, checkbooks and credit cards all see frequent time at the cash register. Some of these criminals have taken it a step further. With the advent of cameras in cell phones, they can click a quick image of the information and not worry about having to remember it.

Once this information is retrieved, from the garbage or over the shoulder, the thief can use it to make purchases or set up new accounts to make purchases with.

Hackers
No matter how you spin it, shopping on the Internet continues to grow. Having a presence on the Internet is a big benefit to many merchants, but the growth of online shopping will only continue as long as consumers feel safe and comfortable making their purchases on the Internet. Hackers spend a great deal of time focusing on individual websites searching for “a way in.” There is always the chance that a loophole exists for them to get into a site and they have plenty of time to look for it. Once they find a way into a site, they begin searching for sensitive information that they can steal for their own personal gain, or they can set up software that will send them information as the website receives it. In any case, they have the ability to quietly collect large amounts of information.

International
The vast majority of fraud with credit cards in the United States comes from overseas. Many eCommerce Merchants will not even conduct business with foreign issued credit cards. There are huge criminal organizations in some countries that have ties to the banks in those countries and can access a lot of information that can then be used to do business with U.S. Merchants over the Internet.

Things to watch for

• Customers who make major purchases without asking any questions. “Major purchases” has to be defined by you. You know what your typical customer is like; if you think it is great that someone is buying the most expensive item in your store without asking you the kinds of questions you would normally get on that item, you may have a problem.

• Customers that purchase a large quantity of merchandise that just doesn’t make sense. Either a variety of items, or different sizes of the same thing, or similar items with big price differences. If it looks like they didn’t put a lot of thought into their shopping, chances are they didn’t and you could have a problem.

• If a customer is being pushy or rushing the clerk during the cash out process, they may be trying to throw them off guard and slip by a fake card or a card that doesn’t belong to them. Make sure that your staff knows to take their time going through the transaction process.

• If a customer makes a purchase, leaves the store, and then returns shortly afterward for another larger purchase, this would be a good sign of a potential problem.

• Customers who come in early in the morning as soon as you open or late in the evening just before closing to make a large purchase are typically trying to get employees who may have other things on their minds and may miss something on the transaction. Again, proper education of your staff is crucial in preventing fraudulent activity.

• If a customer is purchasing a large item and you offer free delivery of the item, you should thoroughly question them if he/she do not want the free delivery. If at all possible, you should insist that delivery is the only option. If the customer doesn't want you knowing where he/she lives there is a reason and you should be concerned about the transaction.