Credit Card Processing Fraud Alert

Credit Card Processing Fraud Alert
It seems everywhere we turn there is some type of fraud happening. You go to the gas pump, get your gas, and within hours your bank calls to say someone swiped your card details and they are trying to use it several states away. Yes, it happens that quickly. This occurs when the fraudsters add a “skimming” device to the card reader on the pump.

If you’re a business owner, you are exposed to fraud in many ways whether it be a stolen card being used or fraudsters doing targeted “carding” to test the validity of cards. “Carding” has become more and more prevalent. This is the trafficking of a credit card, bank account, and other personal information online as well as related fraud services. These stolen cards are also used to charge prepaid cards since the credit cards are quickly canceled after being lost or stolen. If the merchant is taking payments online via a shopping cart, payment portal, or donation page, the site should have the highest level reCAPTCHA embedded in the site. When carding happens, thousands of cards are processed through the website which in turn racks up high fees for the merchant. Even though the transactions processed are usually low dollar values $1-$5, the cost of the transactions going through the credit card processing system can be expensive and could put the merchant out of business.

When carding happens, the merchant is charged the transaction fee, authorization fee, AVS fee, interchange fees, as well as several other miscellaneous fees that the associations (Visa/MC/Discover/Amex) assess to each transaction. These fees add up quickly. There are some other ways to protect your merchant from carding. Depending on your processor or gateway that you are using, there are velocity checks available or other fraud prevention tools. Merchants should reach out to their gateway provider and/or their processor to determine what tools are available to them.
Metro has had several merchants experience “carding” issues due to not adding reCAPTCHA to their websites after we notified these merchants to do so. The fees involved have ranged from a few hundred dollars up to $90,000. This is a very serious concern. Many merchants, and/or software providers believe that the processor should absorb these fees; however, the processors are not responsible for this liability. Per the PCI DSS guidelines, merchants are responsible for protecting their merchant account and cardholder data. There are many tools available to minimize this risk. Processors have no idea which merchants are using online processing, terminals, gateways, payment pages, etc. Millions of transactions are processed daily through these processor systems. They have “risk” flags in place for certain types of risk, like a high-ticket transaction being processed on a low average ticket account. But carding doesn’t fall into these risks flags since there are usually thousands of cards, and transactions going through at a quick pace. In some cases, the processor may be willing to refund their costs of fees to the merchants. However, they generally are not able to refund the interchange fees since they are charged those fees by the issuing banks. Be proactive. Protect your Merchant account. Protect your cardholders.

Here are some additional resources on Credit Card Fraud:23 Frightening Credit Card Statistics — is Carding and How to Prevent it in Your Online Store–