Card-present fraud, also known as in-person fraud, is a type of card fraud in which criminals use a stolen or counterfeit credit or debit card to make a purchase at a store or other physical location. To commit card-present fraud, criminals steal cards or create fake cards with stolen card information encoded on the magnetic stripe or chip. Chip technology has made it harder to use stolen card data, but fraudulent actors are devising new methods, and 60% of Americans with credit or debit cards have experienced fraud at least once.
Below, we’ll cover what businesses should know about card-present fraud: what it is, how it works, and how to detect and prevent it.
What’s in this article?
- How does card-present fraud work?
- Card-present vs. card-not-present fraud
- How does card-present fraud affect businesses and customers?
- How to detect and prevent card-present fraud
How does card-present fraud work?
Card-present fraud occurs in one of two ways: Criminals use stolen cards or counterfeit cards.
Stolen cards: A thief steals a physical credit or debit card and uses it at a point-of-sale (POS) terminal, ATM, or other retail location.
Counterfeit cards: A thief creates fake credit or debit cards using stolen card information and uses those cards to make purchases in person.
Thieves might use these methods to steal card information and create counterfeit cards:
Skimming: Installing a small device, called a skimmer, on card readers (such as ATMs or gas station pumps) to capture card information from the magnetic stripe when someone swipes their card.
Shimming: Inserting a tiny device into a card reader to collect card data from EMV chip cards during a transaction.
Tampering with POS systems: Compromising POS systems using malware, insider threats, or other methods to gain unauthorized access to card data.
Ghost terminals: Setting up fake POS terminals to capture card information.
Card-present vs. card-not-present fraud
Card-present fraud (CP)
This type of fraud occurs when the physical credit or debit card used is present at the point of sale during the transaction. This can be done with a stolen physical card or a counterfeit card with stolen card data.
Security features: The customer might be asked to provide a signature or a personal identification number (PIN) to complete the transaction.
Risk level: CP fraud is considered lower risk than card-not-present fraud because of the added security layers of having a physical card.
Processing fees: These fees are typically lower for CP transactions because the fraud risk is lower compared with card-not-present transactions.
Liability: In cases of unauthorized use of a chip card through a chip-enabled terminal, liability often shifts to the card issuer (bank) rather than the business. However, the business can be found liable if an EMV-enabled card reader is not used.
Card-not-present fraud (CNP)
This type of fraud occurs when the physical card is not present during the transaction. This applies to online, phone, or mail-order purchases completed using stolen card information, which is often obtained through data breaches or phishing.
Security features: The customer might be asked to provide a card verification value (CVV) code, verify their address, or authenticate with 3D Secure to complete the transaction.
Risk level: CNP fraud is considered higher risk than CP fraud because there are fewer ways to physically verify the cardholder’s identity.
Processing fees: These fees are typically higher for CNP transactions because of the increased fraud risk.
Liability: In most CNP fraud cases, the business is liable.
How does card-present fraud affect businesses and customers?
Business effects
Financial losses: Businesses suffer direct financial losses when fraudulent transactions occur. Businesses must issue chargebacks when customers report the fraud and suffer losses including the transaction amount, lost merchandise, and chargeback fees.
Reputation damage: Fraudulent transactions can harm a business’s reputation. Customers might consider the business to be unsafe, leading to a decline in trust and customer loyalty.
Increased costs: Businesses that regularly experience fraud might need to implement stronger security measures such as upgrading POS systems, adding surveillance, and training staff on fraud prevention—all of which can incur additional costs.
Operational disruptions: Fraud investigations, audits, or legal proceedings can disrupt business operations and employee productivity.
Compliance and liability: Businesses that suffer from card-present fraud might be subject to compliance reviews and, if found negligent, could be liable for damages.
Customer effects
Financial issues: Customers can face financial issues if their card is used fraudulently. Though many banks and card issuers have zero-liability policies, resolving the issue can still take time and effort.
Inconvenience: Dealing with card-present fraud can be stressful and inconvenient for customers. They might need to close accounts, order new cards, update automatic payments, and manage disruptions in their financial routines.
Identity theft risks: In some cases, card-present fraud can lead to broader identity theft if additional personal information is compromised. This can have long-lasting effects on customers’ financial security.
Delayed transactions: Customers might face delays or complications when their cards are flagged for fraudulent activity. This can affect their ability to make purchases or withdraw cash when needed.
How to detect and prevent card-present fraud
Detecting and preventing card-present fraud requires a mix of sophisticated technology, data analysis, customer education, and vigilant staff. Businesses can use these strategies to detect and prevent card-present fraud:
Transaction process
Security protocols: Establish clear security protocols for handling card transactions, including steps to verify cardholder identity and procedures for reporting suspected fraud.
Customer verification: Use biometric verification (fingerprints, facial recognition) or multifactor authentication methods such as PIN codes, biometrics, or one-time passwords (OTPs) to authenticate cardholders during transactions. Use dynamic security questions or customer profiles to verify cardholders during suspicious transactions.
POS terminal security: Install tamper-resistant POS devices with built-in security features, such as encrypted keypads and secure card readers. Regularly inspect for signs of tampering, such as loose components or unusual attachments.
Device authentication: Implement device authentication to ensure only authorized terminals can process transactions. This prevents criminals from using “ghost terminals” or unauthorized POS systems.
Immediate alerts: Implement real-time alerts for suspicious transactions. Alerts can be sent to the cardholder and fraud prevention teams.
Fraud scoring systems: Assign risk scores to transactions based on multiple factors, including location, transaction type, frequency, and cardholder history. Transactions with high scores trigger additional verification.
Transaction monitoring
Customer profiles: Build detailed profiles of regular customers’ spending habits, preferred locations, and common transaction amounts so you can identify unusual activity. This can include unexpectedly large purchases, multiple transactions in quick succession, or purchases in different locations within a short time frame.
Machine learning: Machine learning algorithms can analyze transaction patterns in real time to quickly identify anomalies and take action to prevent fraudulent transactions.
Location-based monitoring: Implement geolocation tracking into your POS system to detect suspicious card usage based on geographical patterns. This can alert businesses to potential card-present fraud.
Predictive modeling: Use predictive models to anticipate potential fraud based on past incidents, identifying patterns and correlations that can inform preventive measures.
Cross-channel data: Integrate your POS system with ecommerce channels to create a comprehensive view of customer behavior. This can reveal cross-channel fraud patterns.
Technology
EMV chip technology: Implement EMV chip-enabled card readers. Chip technology is more secure than magnetic stripes, which reduces the risk of counterfeit cards.
Contactless payments: Encourage the use of contactless payment methods to minimize card skimming risks.
End-to-end encryption: Encrypt card data from the point of capture to the point of processing to prevent interception by skimmers or shimmers.
Secure payment gateways: Use secure payment gateways with strong encryption and compliance with industry standards such as the Payment Card Industry Data Security Standard (PCI DSS).
Secure networks: Implement secure networks and firewalls to protect against unauthorized access to payment systems.
Education and awareness
Fraud detection training: Train staff members to recognize signs of card-present fraud such as suspicious behavior, tampering, or irregular purchases. Teach them how to respond appropriately.
Customer interaction and feedback: Encourage staff to engage with customers during transactions, creating a more personal interaction that can help detect unusual behavior. Establish feedback mechanisms for customers to report concerns or suspicious activity.
Cardholder education: Educate customers about card-present fraud risks, and encourage them to monitor their transactions regularly for unauthorized activity.
Compliance and collaboration
Network collaboration: Join fraud detection and prevention networks or industry associations to share information and collaborate on identifying new fraud trends.
Law enforcement partnerships: Establish partnerships with local law enforcement agencies to report and investigate suspected fraud incidents promptly.
Industry compliance: Ensure compliance with industry regulations and standards to maintain a high level of security and reduce the risk of fraud-related liabilities.
เนื้อหาในบทความนี้มีไว้เพื่อให้ข้อมูลทั่วไปและมีจุดประสงค์เพื่อการศึกษาเท่านั้น ไม่ควรใช้เป็นคําแนะนําทางกฎหมายหรือภาษี Stripe ไม่รับประกันหรือรับประกันความถูกต้อง ความสมบูรณ์ ความไม่เพียงพอ หรือความเป็นปัจจุบันของข้อมูลในบทความ คุณควรขอคําแนะนําจากทนายความที่มีอํานาจหรือนักบัญชีที่ได้รับใบอนุญาตให้ประกอบกิจการในเขตอํานาจศาลเพื่อรับคําแนะนําที่ตรงกับสถานการณ์ของคุณ