Best practices to mitigate card fraud

The beginning of a new year brings with it the chance to start fresh and build healthy habits. 

So, let’s take a moment to look at digital transactions and ways to help merchants avoid credit card fraud while making their checkout process more secure.

As COVID-19 responses throughout the U.S. encourage merchants to seek ways to process credit cards online, digital transactions are a growing trend. It’s convenient, fast, and fits perfectly with a remote workplace. But, accepting transactions online also opens the door for fraudulent transactions, especially carding fraud. 

While it’s not possible to completely avoid carding fraud, merchants can take some simple steps to protect themselves and cardholders. This not only makes your digital transactions more secure on all levels, it also provides cardholders with confidence when buying from your e-commerce digital storefront. 

Review your security countermeasures:

Use reCAPTCHA at checkout

A simple way to stop automated payment attempts is by using reCAPTCHA. This puzzle requires human input to solve, and forces fraudulent attempts to process cards manually – the hard way. Merchants with active reCAPTCHA are far less appealing targets for carding fraud. Most consumers expect this preventative measure, so it shouldn’t have a negative impact on your conversion rate. 

Use the Address Verification System (AVS)

Compare the card’s billing address to the one given at checkout, or the one stored on-file for customers. If they don’t match, it triggers an automated notice to stop fraud in its tracks. Merchants can validate responses, which are reported immediately, to determine whether a transaction should be processed. Our 5-star support team can help merchants enable this on your PayTrace account.

Two-Factor Authentication (2FA)

We’ve all seen the notices from email clients suggesting improved security by adding Two-Factor Authentication to accounts. It adds one step to the login process beyond the username and password. By adding this step, carders would need both a credit card number and access to a phone to successfully perform their fraudulent transaction. That’s extremely unlikely. 

Regularly updating passwords / strong passwords

The days of using “password” as your password ended long ago. Fraudsters are getting more creative, threatening e-commerce storefronts and businesses that accept digital payments. Using a password manager like LastPass or 1Password is a simple step to keep your login information secure, up-to-date, and within reach. Aim to update your login information every 30 days, or follow your company’s best practices. And no, writing your login information on a sheet of paper isn’t a secure storage method. 

Team up to review reporting daily

It’s important to check your Batch Report every day. This will let you know of any unauthorized transaction per approved and aids in preventing chargebacks. The batch report, however, does not display declined transactions, so logging into the Virtual Terminal and using the view transactions reports daily to view all activity allows you to see declines. In most carding events, we see thousands of transactions run through which most decline (as fraudsters look for active cards to resell).

Lastly, most merchant acquirers recommend a prompt review of your monthly merchant statement with your banking statement. These audits can identify discrepancies early and many agreements have limited review windows when disputes can be presented. 

By using these simple steps, merchants can effectively eliminate a large number of carding fraud opportunities. A little bit of effort can go a long way to protect cardholders, merchants, sales partners, and payment gateways seeking to make everyone happy. 

We’ll provide other helpful security tips throughout the year. By reviewing your security measures, you’ll keep cardholders safe and your reputation secure.