On rare occasions, a fraudulent transaction may occur. Unauthorized transactions made with a lost, stolen, or counterfeit card/number are considered fraud. Unauthorized activity by the merchant, or unexpected/unintended use by the merchant, is considered misuse.
You can take action and guard against fraud by learning the methods perpetrators often use to commit fraud.
Some types of fraud include the following:
Merchant network or processor weakness. Vulnerable merchant networks are accessed using malicious software, or some other tool, to identify files and credit card information. Unsecured wireless networks at retail stores are particularly vulnerable.
Skimming. A card reading device placed on a merchant terminal captures magnetic strip data. Skimming most commonly occurs at hotels, restaurants, ATMs, and unattended gas pumps. Cameras can also be used to collect key-entered information, such as a user’s PIN.
Theft at the merchant. Stolen merchant computer equipment, or pilfered receipts/transaction records, can occur.
Phishing/Social Engineering. Perpetrators gain access to critical systems by tricking the merchant or cardholder into providing confidential security credentials via fraudulent email, phone, or text messages that appear legitimate.
Credit master. Perpetrators use an algorithm to generate and test valid account numbers and expiration dates. This process usually begins with the thief obtaining one or more valid account number and expiration date pairs.
Product controls, adhering to best practices, and investigations/recovery efforts all play a part in preventing fraud.
Your organization, for example, may implement product controls to place card restrictions on a program. Controls may include specific credit limit amounts, exact authorization limits, client deactivation periods, approved MCCs, limits on high dollar transactions, even velocity restrictions.
Once controls are determined and in place, you and your organization can adhere to those controls, review transactions and transaction reports for exceptions and declines, and then take action to investigate, dispute, and recover fraudulent transactions. For more information, see Disputing a Transaction.