Don't be a Fool about Fraud

Today’s post is about how petroleum and convenience retailers can prevent fraud and reduce chargebacks.  April Fool’s Day (April 1st) will mark six months since the EMV counterfeit fraud liability shift for in-store transactions, and so far, the joke is on the merchant community.  Merchants have seen a dramatic increase in chargebacks since October 1st with growing evidence that issuers – not all, but some very large issuers in particular – are abusing the chargeback process while the card brands stand back and take merchants for fools (for more on the chargeback situation and advice on managing chargebacks post liability shift, my colleague Clint Cady wrote an outstanding article earlier this month).
Deflecting Fraud
While fraud remains persistent, fraudsters are inherently lazy— they don’t want to work too hard for their ill-gotten gains. But we must be careful not to confuse laziness for stupidity. Fraudsters know that merchants are focused on serving customers and running the business, and have little time to think about fraud. Fraud can’t be completely eliminated in the foreseeable future, but by making it incrementally more difficult for fraudsters to infiltrate your business, you can reduce the risk of being a target— why break into a locked car or house when so many are unlocked?
Reducing Fraud
What follows are proven suggestions that other retailers, in and outside of petroleum/convenience, are implementing to reduce fraud. Most can be implemented with employee training and minimal changes to existing technology. In fact, you may have already implemented some or all of them. Don’t let your stores be the “unlocked house on the block”.
Tips for reducing fraud at the pump:

  1. Implement Zip Code Prompting (also known as AVS) on credit card sales. While prompting for the zip code adds a step to the authorization process, it also requires the fraudster to know the billing zip code of the cardholder.
  1. Prompt for PIN when debit cards are used at the pump. Use of PIN is the best method we currently have for verifying the cardholder. PIN based transactions are associated with a fraction of the fraud that has been attributed to signature based transactions. Customer balance holds that banks place on debit cards until the sale clears remain the downside to use of PIN at the pump. These holds can create additional customer service issues, but the reduction in fraud can be significant for high fraud locations.
  1. Follow the pump limits set by the card brands. Allowing the customer to pump over this limit subjects the transaction to an indefensible chargeback. Don’t give issuers an easy reason to chargeback a sale.
  1. Implement velocity checking. Many point of sale systems have the ability to limit the number of times a card can be used at the pump within a time period. Once the transaction limit is reached, the customer will be referred inside to pay. The fraudster will find easier targets.

Tips to reduce fraud on inside sales:

  1. Limit purchases of high fraud products. Products such as cigarettes, gift and prepaid cards, and alcohol are easily resalable and have high value for the fraudster. * Consider implementing a quantity or value restriction on these products or require a manager to approve the sale over the threshold amount.

* Note: this is especially true for products with high resale value but low margins.   Remember that to recover the fraud write-off, you will have to sell 10 additional items of a product with a 10% margin and 20 additional items of a product with a 5% margin.

  1. Check ID for sales over $100. New Visa rules allow petroleum/convenience merchants to ask for a government issued ID.**
    • If the name on the card and the name on the ID do not match, then ask for another form of payment.
    • If the cardholder refuses to provide an ID and the sale amount is over $100, you can refuse to accept the card and ask for another form of payment.
    • If the sale is under $100 and the customer refuses to provide ID, you must accept the card.

**Note: this rule is in place until the earlier of: Your EMV implementation OR October 1, 2017.

  1. Compare the last four digits of the card to the last four digits on the receipt. If the four digits on the receipt don’t match the last four on the card, then cancel/void the sale and ask for another form of payment. This is also true if the name imprinted on the card doesn’t match the receipt (be aware that some prepaid cards do not have a name on the card).
  1. Only refund sales back to the original payment card. Always ask for the card used in the original transaction. If the customer does not have that card in their possession, then refund at your own risk. It is a best practice to never give a cash refund unless cash was the original tender type.
  1. Prompt for PIN on debit cards. Preferring PIN over signature provides you, and the customer, the protection afforded by PIN authentication. You can still allow the customer to press the “credit” option, but preferring PIN will reduce fraud.
  1. Call for authorization when the communication network is down. If your network is down, call for authorization on transactions over a certain dollar amount and always when high fraud products (pre-paid cards, tobacco, alcohol) are purchased.
  1. Eliminate manual entries or validate the CVV/CID where manual entries are allowed. Not all point of sale systems can support this capability. If your POS does support CVV/CID validation, then it is a best practice to enter CVV/CID on all manually-entered sales to reduce the use of counterfeit cards at your store.

Implementing some or all of these tools will make it more difficult for fraudsters to attack your business, supporting your bottom line. You don’t have to wait for EMV to get relief from fraud, you can start now.
Bonus suggestion: Walk across the street to your competitor or go to a nearby grocery or drug store chain and count how many of these fraud reduction tools they have implemented. Compare their store to yours and ask yourself: “Which store would I target if I was a fraudster?”
For further information, contact Jim at [email protected].