Cyber Security Forum - Fraud protection tips of some merchant

Credit card fraud has become a major problem and is likely to affect your organization. While a successful card authorization does indicate that funds are available, it does not guarantee a transaction was initiated by the rightful cardholder. Since the vendor is responsible for all transaction activity that occurs on the vendor account (including fraudulent activity, chargeback occurrences, etc.), the vendor should review all transactions carefully on a daily basis and perform any due diligence that is necessary to avoid batching suspicious, unusual, or otherwise risky transactions.

To reduce the occurrence of fraud, please be especially cautious when transactions contain one or more of the following characteristics:
• The card validation value (CVV2/CVC2) does not match
• The shipping address is different than the billing address (international or domestic)
• Customer use of alternate addresses such as a P.O. Box, hotel, etc.
• Multiple transactions by same customer
• Multiple cards used by same customer
• Random keystrokes in order page fields (name on card, address, etc.)
• Same or similar information in order page fields across multiple transactions
• Orders are larger than average
• Next day delivery requested (criminals do not care about the cost—they aren’t paying the bill)
• Customer provides nonworking phone number or number with nondescript voice message
• Customer uses free email service (hotmail.com, yahoo.com, gmail.com, etc.)
• Excessive declines

If one or more of the above are present, we recommend that the order be cancelled or that additional due diligence be performed prior to accepting the order. Additional due diligence may include the following:
• Ask the cardholder for the issuing bank’s name and phone number
• Verify cardholder information (name, address, phone number, etc.) with the issuing bank
• Contact the cardholder by phone to confirm the order (if the given phone number does not match the data on record with the issuing bank, use the internet or directory assistance to obtain the number independently)

Do your best to know who you are dealing with. Be sure to confirm that the information given to you by the cardholder is accurate. Since obtaining a cardholder’s phone number via the internet can be difficult, you may need to do some additional due diligence based on the information that the customer has already given you (call the given number to confirm the order and see how the customer reacts to questions about the order, etc.). If an order appears to be too good to be true, it probably is.

If you suspect that you may have processed a fraudulent transaction, we recommend that you do not ship the product and immediately void the transaction or issue a return. If you ship product relating to a transaction that turns out to be fraudulent, you will not likely be able to recover the shipped product.
Adding a message to your website, such as "We screen every transaction for credit card fraud,” may help deter fraudulent activity.