Figures released in March last year confirmed fraud losses on UK cards totalled £388 million in 2012, showing a 14% increase from total fraud losses of £341m in 2011 with losses on Card-Not-Present transactions (those conducted online and over the telephone) rising by 11% in 2012. This increase follows three years of significant decreases (2012 losses of £388m versus 2008 losses of £610m when fraud was at its peak, representing an overall decrease of 36%) with fraud dropping to a ten-year low in 2011. Efforts by the cards industry to enhance the security of payment systems has delivered substantial falls since fraud peaked in 2008.
Furthermore there has been a sharp 18% increase in card spending on the internet (reaching £63bn) over the last year.
Fraudsters continue to target a wide range of sectors – High Risk sectors include technology and telecommunications, computer and electrical goods, fashion items, clothes, jewellery and accessories, motor parts & tyres, financial, charities as well as sectors that offer other highly desirable items that can easily be re-sold.
There are a number of things a merchant can do to reduce the risk of fraud:
1. Accept chip & pin card payment wherever possible
2. Use CV2 (3 digit security number on signature strip) and AVS (postcode & house number) or a third-party address-checking system (e.g., Equifax, 192.com) to ensure the customer’s address is verified. Avoid shipping to an address different from the billing address associated to the consumer’s card at all times
3. Make full use of other fraud prevention tools covering ID Verification / Bank account details and account holder check / card check and proof of ownership
4. Require that the customer send you a signed fax, preferably with a photocopy of the front and back of the card, so that you can check the signature. For website sales, this should allow the user to automatically print the order form, so it only needs to be printed out and sent.
5. Arrange for customer to set up an account first and either check with the issuing bank of the credit card that the provided address is correct, or have the customer fax a copy of their latest credit card statement and/or passport/driving licence.
6. Verify the use of the credit card to the customer’s actual postal address by other means than email, such as a letter, phone call, fax, or SMS message, to reduce the level of fraud risk.
It is also worth noting that a merchant should NOT despatch goods by whatever means (including Mail Order / Online delivery) to a third-party address (i.e., a destination other than the card holder’s registered address) as this is considered as very high risk.
The most effective tool against transaction fraud is to review each transaction manually. Certain circumstances tend to suggest that the transactions may be fraud, these include:
• Being requested to ship orders outside the UK, especially to known centres of internet credit card fraud such as the ex-Eastern Bloc or developing countries with undeveloped banking systems.
• Purchases made in the middle of the night
• Sudden significant orders from existing customers
All in all a commonsense approach is needed and if in doubt, DO NOT TAKE PAYMENT BY CARD, and request a bank to bank transfer – after all it is your money at stake!