Several types of fraudulent transactions can impact merchants and their processing abilities. Merchants must understand the risk of fraudulent transactions and how it may impact their ability to process electronic transactions and their business, financially.

The goal of this article is to cover some of the common fraudulent transaction types, the best practices to help reduce the potential of fraudulent transactions, how to spot them when they do occur, and how your merchant service provider can help. We’ve also included some case studies for reference.

Friendly Fraud Transaction Chargebacks

Chargebacks are when a cardholder or the cardholder’s issuing bank disputes a transaction to a payment card. In the instance of a “friendly fraud” chargeback, or a cardholder-initiated chargeback, the cardholder may unknowingly or knowingly file a dispute on a charge that may actually be legitimate.

In short. friendly fraud simply refers to a chargeback issued by a cardholder to a legitimate purchase. No scammer is involved. No actual fraud or unauthorized transaction is involved.
Friendly fraud could be due to multiple factors of a consumer truly not recognizing a charge on their credit card. This could be due to either a delay in the transaction showing up on their statement or possibly not recognizing the descriptor associated with the charge.

Friendly Fraud Transaction Chargebacks Best Practices

Generally, good customer service, easy and clear return and refund policies, and good product or service practices help reduce the potential of friendly fraud chargebacks. Moreover, a merchant can be sure to have appropriate transaction descriptors, supply customer support contact information, and implement CVV & AVS verification systems.

Transaction Descriptor

First, for both card-present and card-not-present transactions, it is important that the statement descriptor accurately and easily indicates the merchant by the “doing business as” (DBA) name. Additionally, the billing descriptor should be clearly disclosed in multiple areas. Including the receipt or invoice. 

Your payment processor should be able to educate you on the descriptor requirements. Along with any other regulations that may impact you regarding disputes/chargebacks. 

One thing merchants must keep in mind, however, is that even if you supply the most accurate descriptor of your business to your payment processor, it is ultimately up to the cardholder’s bank to decide what they will display on the cardholder statement.

Supplying Customer Service Contact Information

Next, having a customer service phone number as part of the descriptor will easily provide a way for a customer who may question a charge on their statement, to reach out for validation…Prior to them going to the issuing bank and filing a dispute (AKA chargeback).

Delivery Proof

Additionally, proof of delivery with a required signature (especially for those high-ticket items) is a great way to reduce friendly fraud. Sometimes cardholders believe they have not received their products. When really, it was either late or delivered to an obscure location around the house. 

Alternatively, a cardholder could just say they never received it–even if they did–because they regret the purchase. With proof that the product was received, a merchant can avoid any unnecessary chargebacks.

Young man in front of a projector with numbers reflecting on him

Fraudulent Transactions and Identity Theft

Not all disputes are a result of “friendly fraud” chargebacks. But rather, stem from other fraudulent methods like stolen cards or identity theft, to name a few.

So, you may be asking yourself “what are fraudulent transactions?”

A fraudulent transaction is an unauthorized use of an individual’s accounts or payment information. Fraudulent transactions may result in the victim’s loss of funds, personal property, or even personal information.

It may also be referenced as “transaction fraud.” Transaction fraud typically refers to the more conventional type of payment fraud. Covering things like unauthorized transactions, false refunds/chargebacks, and so on.

Now that we know the general sense of what fraudulent transactions are, let’s go a little deeper into some of the common types of these fraudulent transactions and what best practices to use to aid in reducing the chances of experiencing them in your place of business.

Stolen Card/ID Fraud

Stolen Card or ID fraud is one of the most tricky and common fraudulent transaction types that merchants are impacted by. In this situation, fraudsters get a hold of an individual’s card through theft of the physical card or information on the card through illegal means.

They may use the card or attempt to clone or replicate the card. The fraudsters then go to a merchant to buy physical goods or gift cards that they can then sell or obtain the value (in cash) from those gift cards.

Typically, fraudsters do it very quickly and all at once. In hopes of getting ahold of merchandise before the legitimate cardholder realizes their credit card has been stolen or cloned.

Once the cardholder has caught wind of the situation, they are sure to report the fraudulent transaction to their issuing bank. The issuing bank, additionally can detect unusual transaction activity and thus freeze the card. Preventing it from being used any further.

When the above situation happens, typically, the legitimate cardholder will issue a dispute for the charges. Which will result in a chargeback to the merchant from the issuing bank.

Consequently, if the merchant loses the chargeback case they will experience a loss of product & money from their establishment. Moreover, they will also have to pay chargeback fees from their payment processor for facilitating the lengthy dispute process.

Why Should You Protect Cardholder Information?

Merchants should protect cardholder information and avoid facilitating purchases that may be a case of transaction fraud. But why? There are numerous reasons why a merchant should improve and maintain their transaction security including:

  • Providing customers peace of mind
  • Improving customer trust
  • Increase sales and profits
  • Protecting the business from the liability & unnecessary fees that come with fraud
  • Maintain good standing with your merchant account provider
Secure connection logo on a computer screen

What Are the Best Practices To Minimize Fraudulent Transactions?

So, what are the best practices that a merchant can follow to help minimize these types of fraudulent transactions?

There are plenty of ways to help reduce the chances of receiving chargebacks. Especially in the card not present environment. It is recommended to have multiple ways to validate the cardholder and the validity of the transaction. Such verification processes could include:

  • Ensure EMV liability
  • Verify identification
  • Signed invoices/receipts
  • Validate the CVV
  • Validate the Address (AVS)
  • PCI Compliance

Ultimately, the level of validation is up to the merchant. It boils down to what makes the most sense for their business and their risk of chargeback and transaction fraud likelihood.

EMV Liability

First off, all card present or in-store merchants need to be sure they are compliant with the EMV Liability shift. They can do this by ensuring that terminal(s) are EMV (Chip read) compatible.

Additionally, they should train their employees to confirm when the consumer has a card that flags as an EMV/Chip card. Ensuring that the card is dipped or chip read. These practices will ensure that the EMV liability shift will cover the Fraudulent transactions. And that they will not fall on the merchant.

ID Verification

In addition, for card present transactions, merchants and their employees may require that consumers show their government ID to verify their identity against the credit card information along with the individual in front of them. Asking for the customer’s government ID ultimately protects the consumer from transaction fraud in the end. It validates that they are the actual owner of the credit card. Even if it may add a little friction to the purchase process.

Signed Documentation

Another way to verify identity is to require a signed invoice or receipt. The signature should match the government-issued ID. If the transaction was completed online, signatures can be obtained through DocuSign or another electronic signature form that captures the customer’s email address and IP address.

CVV and AVS Verification

For card-not-present (website, mail order, or telephone order) transactions it is recommended to ensure that you capture and validate the CVV (Cardholder Verification Value) and the AVS (Address Verification Services) through their virtual gateway.

This practice has been shown to reduce chargebacks. It adds an additional layer, ensuring that the legitimate cardholder is the one placing the order. Being that they would have the card in hand for the CVV.

In addition, prior to shipping out the goods, it is recommended to verify the AVS/billing address to the shipping address. Typically, it should match. But if you see that it’s an Atlanta, Georgia billing address and the shipping address is São Paulo, Brazil, this may be an indicator that this could be a fraudulent transaction.

If the merchant was to send the product out anyway and receives a chargeback, they are out of the money for not only the products they sent out but also the cost of the chargeback from their payment processor.

Only Use Secure Websites For eCommerce Transactions

Merchants who engage in the sale of online transactions need to look into only using a secure website domain for their virtual terminal gateway to minimize fraudulent transactions.

Potential customers look for certain security features before they enter their credit card information to make online purchases. A website that contains the words “Not Secure” in front of the URL is a sure giveaway that you will unboundedly lose customers due to the fear of having their credit card information stolen and used for fraudulent transactions. On the same note, other URLs may not say anything. This is still an indication of an unsecured website.

Conversely, websites that have a shield or padlock symbol or the letter “S” after “HTTP” (HTTPS) are guaranteeing to eCommerce consumers that their data will be safe should they use that site for purchases. This security feature on eCommerce sites is facilitated through Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) systems.

SSL/TLS protects data during web device communication through online encryption. Merchants can obtain this security feature by purchasing it from a provider. Once the purchase is complete, a merchant will obtain their certificate of authority.

How TLS Works to Protect Cardholder Data from Transaction Fraud

  1. Credit Card Data Encryption: Data encryption provides a solution for secure online payments. Encryption mixes up credit card data with a random set of characters. TLS-certified websites come in and then perform what may be considered a virtual “handshake” between both the browser and the server. This then creates a key to unlock encrypted card information. With encrypted data in code, fraudsters may find it nearly impossible to decipher and use the information. Thus, creating a safe and secure eCommerce shopping experience.
  2. Website Authentication: TLS/SSL security systems authenticate the identity of both communication devices in an online transaction process. It ensures that both devices are who they claim to be.
  3. Verifies Website Trustworthiness: TLS/SSL security systems offer digital signatures of data. Which provides verified data integrity. This means that the data has not been tampered with before it has reached the intended recipient.

Encrypt and Tokenize Credit Card Information

Tokenization is a method of online credit card data protection for stored information. Basically, the real card number is replaced by a code or “token” that represents the original card data. This token is a randomized alphanumeric set of code.

Any fraudster that may gain access to the tokenized card data would not be able to decipher it to use for a fraudulent transaction. Only the payment processor can use the information to complete the merchant’s recurring transaction for the stored card.

Encryption means protecting cardholder information while the transaction is taking place. Safely storing credit card information online will require a payment processor who can offer a virtual vault and a payment gateway that offers tokenization features.

Start saving on payment processing today!

Maintain PCI Compliance

One of the biggest security solutions to minimize fraudulent transactions would be maintaining PCI compliance. The major card networks have rules and regulations that they have implemented for all merchants accepting digital payments to comply with.

Otherwise known as The Payment Card Industry Data Security Standard (PCI DSS), these regulations were designed by the PCI Security Standards Council (PCI-SSC) in conjunction with the card networks who then manage it. These standards aid merchants and financial institutions in the processing of digital card payments securely. Secure transaction facilitation, in turn, reduces credit card fraud.

Keep in mind, PCI compliance is not a legal requirement. However, if a merchant were to not maintain PCI compliance, they will be subject to penalties such as:

  • Network Fines
  • Higher processing fees
  • Information leaks
  • Revenue loss
  • Legal battles
  • Increased processing fees
  • Merchant account closure
  • Loss of customers

Even with potential consequences such as the above, you may be surprised to discover that recent research has discovered that around 67% of merchants store unencrypted cardholder information.

PCI Requirements

There are 12 PCI compliance standards that are further broken down into subcategories. Below are the 12 main ideas that merchants must follow to remain compliant:

  1. Install and maintain firewalls to protect sensitive cardholder information
  2. Do not use default passwords for systems. Change all credentials for access to a unique and difficult password
  3. Protect all stored cardholder information.
  4. Encrypt all cardholder information during transmission across all public networks
  5. Maintain use of antivirus software
  6. Maintain establishment of secure systems
  7. Limit access to any cardholder information on a need-to-know basis
  8. Assign unique user IDs to all personnel with computer access
  9. Limit physical access to card information
  10. Track access to cardholder information and network resources
  11. Frequently test all security systems
  12. Enforce policies that address security data for all personnel

Case Study: CVV & AVS Verification

ECS’s risk department has a good relationship with its merchants. We help mitigate fraud loss and provide education opportunities. In this case study, one of our long-time merchant’s proactivity provided documentation for a sale that was over 80K– with the previous knowledge that we would reach out for supporting documents for a high dollar amount transaction.

Our risk team used the documentation provided for the transaction in question and took the extra step by reaching out to American Express to verify the cardholder’s identity against the merchant supporting documents.

It was concluded that the merchant needed further education about using CVV & AVS for card-not-present (CNP) transactions. This knowledge would provide benefits to the merchant that would aid in fewer chances of chargebacks, as well as lower transaction fees.
According to Visa, Mastercard, and American Express, entering CVV & AVS for Card-Not-Present transactions reduces the chances of receiving chargebacks and reduces interchange fees. Which benefits merchants by avoiding loss of revenue.

Case Study: A Known Fraudster

A merchant was flagged by ECS’s risk system for certain transactions due to high dollar amounts and split transactions. During the investigation, our in-house risk team noticed unusual activity regarding the merchant account. Including a sharp increase in sales, large transactions, and multiple declined transactions.

Risk staff notified the merchant and requested supporting documentation for the pending transactions. The documentation that was provided prompted a more enhanced investigation. Furthering research of the merchant’s customer. Our findings were alarming.

The merchant’s customer was a known scam artist. The scammer was using stolen credit card information to make expensive purchases in various fraudulent transactions.

Our risk team spoke with the card issuing bank: Commercial Credit division. They informed us that the account number matches, but the customer information does not match their cardholder records. Indicating a probable case of identity theft.

  1. Card #: xxxxxxxxxx1234 – SALE $21,000.00
  2. Card #: xxxxxxxxxx1234 – SALE $15,749.10
  3. Card #: xxxxxxxxxx1234 – SALE $6,000.00
  4. Card #: xxxxxxxxxx1234 – SALE $1,000.00

If the above transactions were processed, the impacts could be reputational damage, financial damage, industry damage, and more for the merchant.
Our risk team was able to prevent the completion of these transactions by a known fraudster. Saving the merchant from both lost merchandise and chargebacks.

100 dollar bill under a magnifying glass

Counterfeit Money Transaction Fraud

The next type of fraud that we will explore is the idea of purchasing goods or services with counterfeit (fake) money. Cash may be king in some instances, but when cash has no real value to back it up, you are out of luck. And ultimately, cash is untraceable, so whoever you received it from is pretty much off the hook.

Because of this, it is important to know how to spot a fake $100 bill or even a fake 5 dollar bill. Yes, $5 isn’t much, but if you work in an industry where most purchases are small dollar amounts, or if you serve frequent customers that are actually scamming you with this amount of money in counterfeit bills, for every transaction, it can add up.

How to Tell if a 100-Dollar Bill is Real?

The majority of counterfeit bills come from the $100 bills. This is because $100 is the highest dollar amount you can get in a single bill. With bigger bills come bigger purchases in a quicker and more condensed transaction.

So how do we differentiate a fake 100-dollar bill vs real money? There is a lot of fake money that looks real, but there are a few things that merchants can do to implement safe cash acceptance.

One of the first things you should do is check the bill date. Especially if the bill is older than 2009. Most of these older bills are phased out. On average, it takes about 7 years for bills to phase out.

But, if they are old, it doesn’t necessarily mean they are fake. Because of that, there are different ways to determine the validity of a bill based on the year it was printed.

Checking Newer Bills: 2009 and Later

  1. Look at the serial number: The series (section of time the bill was printed) will have a particular corresponding serial number. The serial number is in the lower right and upper left corner. Series 2009’s serial number begins with the letter J. Series 2009A’s serial number begins with the letter L.
  2. Use your finger to feel Benjamin Franklin’s shoulder: There is a raised texture printed on Benjamin Franklin’s shoulder.
  3. Check for color-shifting ink: The ink on the shoulder looks like it’s changing color from copper to green on the bell inside the inkwell to the left of the serial number and the 100 beside it.
  4. Hold the bill to the light: To the left of Benjamin Franklin runs an embedded strip with the number 100 and the letters “USA” in an alternating pattern. You can only see this if you hold the bill to light. If you hold it to UV light, it will look pink. Additionally, in the light, you will see a faint watermark of Benjamin Franklin.
  5. Check the security thread: To the right of Benjamin Franklin is a 3-D blue security ribbon. Tiny bells and the number 100 appear along the ribbon if you tilt the note back and forth. This ribbon is woven directly into the paper. Because it is not pasted on it will not peel off.
  6. Check the microprint: You can use a magnifying glass to check for the words “The United States of America” around Benjamin Franklin’s collar, “USA 100” in the white space, and “100 USA” around the pen quill.

Checking Older Bills Prior to 2009

  1. Feel the texture: The bill prints with a slightly raised ink on linen and cotton. Not paper.
  2. Check the microprint: You can use a magnifying glass to check for small print which will appear in different areas depending on which year the bill was printed. “The United States of America” around the outer edge of the oval or in Franklin’s left lapel, “USA100” in the numeral 100, etc.
  3. Check for color-shifting ink: The ink on the bill should look like it’s changing color from copper to green on the 100 in the lower right-hand corner.
  4. Hold the bill to the light: To the left of Benjamin Franklin runs an embedded strip with the number 100 and the letters “USA” in an alternating pattern. You can only see this if you hold the bill to light. If you hold it to UV light, it will look pink. Additionally, in the light, you will see a faint watermark of Benjamin Franklin.
  5. Check the borders: Real bills should have sharp, crisp lines. Counterfeit bill borders are almost always a little more blurred.
  6. Check for chemicals: A counterfeit detection pen checks for common chemicals used in fake money. However, this chemical is not used as frequently anymore. If the chemicals are detected the pen will change color on the bill.
Pen on top of a paper check

Fake Check Transaction Fraud

With technological advances in printing quality, fake check scams can be easy to produce. Counterfeit checks can look pretty darn close to legitimate ones. After all…it’s pretty much paper with information. Any merchant could easily accept a check without having any idea how to know if it’s real or not.

What Do Fake Checks Look Like?

Well, at a quick glance, they look eerily similar to authentic ones. They may resemble the template of a legitimate check with:

  • numbers that look like a checking account and routing number
  • a signature line
  • A check number
  • Account holder information
  • A line to write down the dollar amount.

However, you can learn how to spot a fake check if you’re vigilant for:

  • Smooth lines on all 4 edges
  • Missing bank logo
  • Inaccurate or missing bank address
  • Mismatched check numbers
  • Thin or shiny paper quality
  • Blurred or smeared printing

How to Verify a Check:

Because of this, we’ve put together a checklist on how to tell if a check is fake and prevent fraud at your place of business.

  1. Feel the check’s edges: Check for 1 side for a perforated edge from a check being ripped from its booklet. If all sides are smooth, this is a sign of fraudulent currency.
  2. Check for a bank logo: A legitimate check should have a clear issuing bank logo. No logo or a faded logo is another bad sign.
  3. Verify the bank’s address: Make sure the address of the financial institution listed on the check is accurate and excludes a P.O. Box.
  4. Compare check numbers: Make sure the two check numbers match. There is one in the upper-right corner and one in the magnetic ink character recognition (MICR) line at the base of the check. If the numbers don’t match, it’s a bogus check. Additionally, be wary of low-numbered checks. Most bad checks come from “new” bank accounts.
  5. Check the quality of the MICR line: This line should be smooth and clean, if you see or notice any smudging immediately or after rubbing it with your finger, this can indicate a fake check.
  6. Examine the paper and ink quality: Even though checks are printed on paper, there is a distinct quality and texture to the material. Legitimate checks are printed on thick, matte paper stock. It should not be thin, flimsy, or shiny. Additionally, a checks print job should not smear when damp. If you run water over the check’s printed area (not the part where the customer fills out), make sure the ink stays in place.
woman using remote deposit capture with her smartphone

What Happens if You Mobile Deposit a Fake Check?

Even after knowing how to verify a check, some fake ones may still slip through the defense lines. And if you knowingly deposit a fake check, the consequences could be severe.

Whether you knowingly or unknowingly deposit a check via a mobile app or cash checks in person, the ramifications of attempting to do so with a false check can land you in a predicament.

In general, or if a bank is feeling generous, if you are the victim of a fake check scam and in good faith deposited a bad check, it’s unlikely you will face legal repercussions or criminal charges.

However, on occasion, and if you did so on purpose, hoping the bank would not notice you could experience negative consequences such as:

  • The transaction amount charged to your account
  • Additional fees applied
  • Criminal fines
  • Frozen bank account
  • Permanently closed bank account
  • Lost revenue from the fraudulent transaction
  • Jail time

What are Truncated Checks?

Check truncation is the process of eliminating physical paper checks. Meaning banks or credit unions can send the money associated with a check or wire transfer funds as an electronic transaction. E-checks are also known as substitute checks.

Though e-checks make it difficult to practice the personal check verification steps outlined above, e-checks can still be fraudulent.

Do Banks Call to Verify Checks?

Unfortunately, there is no way to verify a check online free of charge. In fact, with check cashing, no verification online exists in general. Merchant check verification services are best done through the bank.

Financial institutions should be able to verify real vs fraudulent checks or money in minutes. But sometimes, it takes a phone call from the acquiring institution to the “issuing” institution to validate the authenticity of the check. Once the bank reaches the institution listed on the check, the identity of the check’s validity is soon to be revealed.

Start saving on payment processing today!

Transaction Fraud: Conclusion

Whether you’re a check-cashing store or another merchant type that accepts checks, cash, and digital currency, having a payment verification process in place will surely save you headaches and financial distress down the road. You can implement security features by reaching out to your payment processor for PCI compliance assistance. Additionally, well-trained staff can help keep your business fraud free.

To contact sales, click HERE. And to learn more about ECS Payment Processing visit Credit & Debit.