Card-present fraud – the basics: What it is, how to spot it and how to prevent it

Connect
Connect

The world’s most successful platforms and marketplaces, including Shopify and DoorDash, use Stripe Connect to embed payments into their products.

Learn more 
  1. Introduction
  2. How does card-present fraud work?
  3. Card-present vs card-not-present fraud
    1. Card-present fraud (CP)
    2. Card-not-present fraud (CNP)
  4. How does card-present fraud affect businesses and customers?
    1. Business effects
    2. Customer effects
  5. How to detect and prevent card-present fraud
    1. Transaction process
    2. Transaction monitoring
    3. Technology
    4. Education and awareness
    5. Compliance and collaboration

Card-present fraud, also known as in-person fraud, is a type of card fraud where criminals use a stolen or counterfeit credit or debit card to make a purchase at a shop or another physical location. To commit card-present fraud, criminals steal cards or create fake cards that have stolen card information encoded on the magnetic stripe or chip. Chip technology has made it harder to use stolen card data, but fraudulent actors are still devising new methods to do this. In terms of figures, 60% of Americans with credit or debit cards have experienced fraud at least once.

Below, we'll cover what businesses should know about card-present fraud, including what it is, how it works, and how to detect and prevent it.

What's in this article?

  • How does card-present fraud work?
  • Card-present vs card-not-present fraud
  • How does card-present fraud affect businesses and customers?
  • How to detect and prevent card-present fraud

How does card-present fraud work?

Card-present fraud occurs in one of two ways, with criminals either using stolen cards or counterfeit cards.

  • Stolen cards: A thief steals a physical credit or debit card and uses it at a point-of-sale (POS) terminal, cash machine or other retail location.

  • Counterfeit cards: A thief creates fake credit or debit cards using stolen card information and uses those cards to make purchases in person.

Thieves might use the following methods to steal card information and create counterfeit cards:

  • Skimming: This involves installing a small device, called a skimmer, on card readers (such as at cash machines or petrol station pumps) to capture card information from the magnetic stripe when someone swipes their card.

  • Shimming: This involves inserting a tiny device into a card reader to collect card data from EMV chip cards during a transaction.

  • Tampering with POS systems: This involves compromising POS systems using malware, insider threats or other methods to gain unauthorised access to card data.

  • Ghost terminals: These involve setting up fake POS terminals to capture card information.

Card-present vs card-not-present fraud

Card-present fraud (CP)

This type of fraud occurs when the physical credit or debit card used is present at the point of sale during the transaction. This can either be done with a stolen physical card or a counterfeit card with stolen card data.

  • Security features: The customer might be asked to provide a signature or a personal identification number (PIN) to complete the transaction.

  • Risk level: Card-present fraud is considered to be lower risk than card-not-present fraud because of the added security layers that come with having a physical card.

  • Processing fees: These fees are typically lower for card-present transactions because the fraud risk is lower compared with card-not-present transactions.

  • Liability: In cases of unauthorised use of a chip card through a chip-enabled terminal, liability often shifts to the card issuer (bank) rather than the business. However, the business can be found liable if they do not use an EMV-enabled card reader.

Card-not-present fraud (CNP)

This type of fraud occurs when the physical card is not present during the transaction. This applies to online, phone or postal-order purchases completed using stolen card information, which is often obtained through data breaches or phishing.

  • Security features: The customer might be asked to provide a card verification value (CVV) code, verify their address or authenticate with 3D Secure to complete the transaction.

  • Risk level: Card-not-present fraud is considered to be higher risk than card-present fraud because there are fewer ways to verify the cardholder's identity physically.

  • Processing fees: These fees are typically higher for card-not-present transactions because of the increased risk of fraud.

  • Liability: In most card-not-present fraud cases, the business is liable.

How does card-present fraud affect businesses and customers?

Business effects

  • Financial losses: Businesses suffer direct financial losses when fraudulent transactions occur. Businesses must issue chargebacks when customers report the fraud and suffer losses, which may include the transaction amount, lost merchandise and chargeback fees.

  • Reputational damage: Fraudulent transactions can harm a business's reputation. Customers may consider the business to be unsafe, leading to a decline in trust and customer loyalty.

  • Increased costs: Businesses that experience fraud regularly might need to implement stronger security measures, such as upgrading POS systems, adding surveillance and training staff on fraud prevention – all of which can incur additional costs.

  • Operational disruptions: Fraud investigations, audits and legal proceedings can all disrupt business operations and employee productivity.

  • Compliance and liability: Businesses that suffer from card-present fraud might be subject to compliance reviews and, if found negligent, could be liable for damages.

Customer effects

  • Financial issues: Customers can face financial issues if their card is used fraudulently. Although many banks and card issuers have zero-liability policies, resolving the issue can still take time and effort.

  • Inconvenience: Dealing with card-present fraud can be stressful and inconvenient for customers. They might need to close accounts, order new cards, update automatic payments and manage disruptions in their financial routines.

  • Identity theft risks: In some cases, card-present fraud can lead to broader identity theft if additional personal information is compromised. This can have long-lasting effects on customers' financial security.

  • Delayed transactions: Customers might face delays or complications when their cards are flagged for fraudulent activity. This can affect their ability to make purchases or withdraw cash when needed.

How to detect and prevent card-present fraud

Detecting and preventing card-present fraud requires a mix of sophisticated technology, data analysis, customer education and vigilant staff. Businesses can use these strategies to detect and prevent card-present fraud:

Transaction process

  • Security protocols: Establish clear security protocols for handling card transactions, including steps to verify cardholder identity and procedures for reporting suspected fraud.

  • Customer verification: Use biometric verification (fingerprints, facial recognition) or multi-factor authentication methods such as PIN codes, biometrics or one-time passwords (OTPs) to authenticate cardholders during transactions. Use dynamic security questions or customer profiles to verify cardholders during suspicious transactions.

  • POS terminal security: Install tamper-resistant POS devices with built-in security features, such as encrypted keypads and secure card readers. Inspect devices regularly for signs of tampering, such as loose components or unusual attachments.

  • Device authentication: Implement device authentication to ensure that only authorised terminals can process transactions. This prevents criminals from using "ghost terminals" or unauthorised POS systems.

  • Immediate alerts: Implement real-time alerts for suspicious transactions. Alerts can be sent to the cardholder and fraud prevention teams.

  • Fraud scoring systems: Assign risk scores to transactions based on multiple factors, including location, transaction type, frequency and cardholder history. Transactions with high scores trigger additional verification.

Transaction monitoring

  • Customer profiles: Build detailed profiles of your regular customers' spending habits, preferred locations and common transaction amounts, so that you can identify any unusual activity. This can include unexpectedly large purchases, multiple transactions in quick succession or purchases in different locations within a short time frame.

  • Machine learning: Machine learning algorithms can analyse transaction patterns in real time to quickly identify anomalies and take action to prevent fraudulent transactions.

  • Location-based monitoring: Implement geolocation tracking into your POS system to detect suspicious card usage based on geographical patterns. This can alert businesses to potential card-present fraud.

  • Predictive modelling: Use predictive models to anticipate potential fraud based on past incidents, identifying patterns and correlations that can inform preventive measures.

  • Cross-channel data: Integrate your POS system with e-commerce channels to create a comprehensive view of customer behaviour. This can reveal cross-channel fraud patterns.

Technology

  • EMV chip technology: Implement EMV chip-enabled card readers. Chip technology is more secure than magnetic stripes, which reduces the risk of counterfeit cards.

  • Contactless payments: Encourage the use of contactless payment methods to minimise card skimming risks.

  • End-to-end encryption: Encrypt card data from the point of capture to the point of processing to prevent interception by skimmers or shimmers.

  • Secure payment gateways: Use secure payment gateways with strong encryption and high levels of compliance with industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS).

  • Secure networks: Implement secure networks and firewalls to protect against unauthorised access to payment systems.

Education and awareness

  • Fraud detection training: Train staff members to recognise signs of card-present fraud, such as suspicious behaviour, tampering or irregular purchases. Teach them how to respond appropriately.

  • Customer interaction and feedback: Encourage staff to engage with customers during transactions, creating a more personal interaction that can help to detect unusual behaviour. Establish feedback mechanisms for customers to report concerns or suspicious activity.

  • Cardholder education: Educate customers about card-present fraud risks and encourage them to monitor their transactions regularly for any unauthorised activity.

Compliance and collaboration

  • Network collaboration: Join fraud detection and prevention networks or industry associations to share information and collaborate on identifying new fraud trends.

  • Law enforcement partnerships: Establish partnerships with local law enforcement agencies to report and investigate suspected fraud incidents promptly.

  • Industry compliance: Ensure compliance with industry regulations and standards to maintain a high level of security and reduce the risk of fraud-related liabilities.

The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accuracy, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent lawyer or accountant licensed to practise in your jurisdiction for advice on your particular situation.

Ready to get started?

Create an account and start accepting payments – no contracts or banking details required. Or, contact us to design a custom package for your business.
Connect

Connect

Go live in weeks instead of quarters, build a profitable payment business, and scale with ease.

Connect docs

Learn how to route payments between multiple parties.