Credit Card Processing Blog

Customers who attempt to fraudulently use a credit card at the checkout are often betrayed by specific signs of suspicious behavior. Such signs may have a perfectly reasonable explanation that has nothing to do with an unauthorized credit card use, however statistical data show that they are associated with a higher rate of fraud. You should be able to identify such signs and act according to your organization’s established fraud prevention procedures. We have written at length in previous posts about the way these procedures should be designed and recommend that you review our suggestions. Following is a list of five suspicious signs at the point of sale that you should look out for:

• Purchasing large quantities of merchandise without much attention to details. This is a very strong fraud indicator! If a customer is purchasing a sizable amount of merchandise, without much care for size, color, or even price, he or she is probably interested much more in its resale value than its utility.
• Rushing the cashier into a quicker processing of the payment. Although your customer may really be in a hurry, such behavior may also be intended to force you to circumvent standard fraud prevention procedures. While you would not want to delay a legitimate customer any longer than necessary, you should never forgo regular card acceptance procedures, as this is exactly what the criminal’s goal would be. Explain to your customer that you appreciate the fact that they are short on time, but you are responsible for ensuring that all payments are legitimate and cardholders’ interests are protected.
• Making multiple purchases within a short period of time. If a customer completes a purchase, leaves the store and then comes right back in, he or she may be doing it because they believe that making multiple fraudulent transactions for smaller amounts is less suspicious than making a single large-amount purchase.
• Shopping either right after the store opens or before it closes. A fraudster may be shopping early in the morning or late in the evening, in the hope that the merchant will not be as attentive as during other stretches of the day.
• Ignoring free delivery options (where applicable). If your customer asks no questions or completely ignores a free delivery option, in favor of a quicker but paid one, this could be a warning sign.

Now, it should be reiterated that, although suspicious, a certain behavior might be perfectly well justified and explained in another, completely legitimate way. By themselves, none of the above characteristics constitutes a proof of a fraudulent activity. You should always use your observations of customer behavior in the context of the particular setting. Different businesses attract different types of customers and what is considered a normal customer behavior at one place might be interpreted as completely irregular at another.

Once you have accumulated enough evidence to conclude that a fraudulent activity may be taking place, you should contact your processor’s voice authorization center and make a Code 10 call. You should keep the card in your possession during the call and follow the instructions you are given. If the instruction is to retain the card, you should only do it if it is safe to do so and then ask your customer for an alternative form of payment. If you feel threatened or uncomfortable, complete the transaction and make the call right after the customer leaves.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

Both Visa and MasterCard use special reason codes to designate chargebacks that result from processing counterfeit credit card transactions. Visa uses Reason Code 62 and its MasterCard equivalent is Reason Code 4862.

What causes these chargebacks? Chargeback Reason Codes 62 and 4862 are issued when a merchant fails to compare the first four digits of the embossed account number on the card with the preprinted digits below the embossed number for a card-present transaction or receives an authorization without the transmission of the entire magnetic stripe. In particular, one of the following events occurs:

• The card issuer receives a written complaint from the cardholder stating that he or she was in possession of the card on the date of the transaction and that he or she did not authorize or participate in the transaction.
• The transaction is subsequently determined to be the result of counterfeit magnetic stripe fraud, and the entire unaltered contents of the magnetic stripe was not transmitted and not approved by the issuer.

How to handle chargebacks resulting from counterfeit transactions? Issuers can charge back transactions using Reason Codes 62 and 4862 within 120 days of the sales date. Your response will depend on the particular transaction circumstances and the actions you have taken (or not) so far:

• If both the card and the transaction were valid, a possible remedy would be to provide your processor a copy of the printed sales receipt.
• If the charged back transaction was counterfeit, there is no remedy and you should accept the chargeback. Do not process a credit at this time, as the chargeback has already performed this function.
• If you have issued a credit for the transaction at issue, provide your processor with evidence of the credit. At the very least, inform your processor when the credit was issued and for what amount, so that they can locate the transaction in their system.

How to prevent chargeback Reason Codes 62 and 4862? You can significantly minimize these chargebacks, and perhaps eliminate them completely, by following a set of card acceptance best practices at the point of sale:

• Check the card security features. A possible remedy for Codes 62 and 4862 chargebacks is to check all card security features before completing the transaction (something you should be doing anyway). In particular, the first four digits of the embossed account number on the card should match the printed four-digit number below the embossed number. If there is no match, you should make a Code 10 call (see below). There may be other signs of tampering with the card, such as embossed numbers that are blurry or uneven, or ghost images underneath the embossed numbers, indicating they have been changed.
• Key-entered transactions. There is a possible remedy for key-entered transactions at the point of sale too. If the magnetic stripe cannot be read, get an imprint of the front of the card on the sales receipt and have the cardholder sign it.
• Code 10 calls. If either the card or cardholder looks suspicious to you, make a Code 10 call. Code 10 is a form of a voice authorization request that alerts the card issuer to a suspicious activity – without alerting the customer. The card issuer’s representative asks the merchant a series of “yes” and “no” questions to determine whether or not the transaction at issue is fraudulent and gives instructions on how to proceed. All of your point-of-sale personnel should be well trained on how to make a Code 10 call and how to communicate to the customer a decision to recover the card, if that is the instruction of the card issuer’s representative. Remember that a card should only be retained if it is safe to do so and you should never confront or try to apprehend your customer.

As with most chargebacks occurring in a card-present setting, the key to preventing Reason Codes 62 and 4862 is developing sound card acceptance procedures and training your point-of-sale staff on implementing them on a consistent basis. There is certainly no shortage of industry guides and manuals to help you develop these best practices and we have discussed them at great length in this blog as well.

If there is something that you would like to add, share your ideas or experience in the comments.

Learn how to minimize chargebacks and fraud

Learn how to minimize chargebacks and reduce your processing costs. The Chargeback Management kit contains a video and an e-book:

• E-Book – Chargeback Manual (40 pages).
• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).

Merchants are required under Visa and MasterCard regulations to ensure to their best abilities that credit and debit cards used for payment at their stores are valid and used by their legitimate cardholders. Under certain circumstances and if there is sufficient evidence to believe that a payment card is being used fraudulently or if its security features look as if they have been altered, merchants are required to recover the card from a customer at the point of sale, but only if it is safe to do so. Any of the following examples would provide a sufficient reason for recovering a payment card:

• The card’s security features are missing or altered. If the 3- or 4-digit card security code (CVV2, CVC 2 or CID) is missing or has been tampered with, or if the hologram does not appear right, or if the “Good Through” date is altered, that should raise your suspicion.
• The card number on the sales receipt does not match the account number on the card. If the account number that your terminal has read from the magnetic stripe and printed on the sales receipt does not match the one on the front of the card, this should immediately raise a red flag.
• The merchant receives a pick-up response. If, during a Code 10 call with the card issuer, you have been instructed to pick up the card, you should follow the instructions.

Once you have accumulated enough information to justify a decision to recover a card, or after you have been instructed to do so during a Code 10 call, you should follow these procedures:

• Firstly, you should only attempt a card recovery if you can do so safely. You should never take unnecessary risks. If the customer acts in a threatening way, you should complete the transaction and alert your payment processor after the customer leaves your store.
• Once you have established that it is safe to recover a card, tell your customer that you have been instructed to keep the card, and that he or she may call the card issuer for additional information.
• Remain calm and courteous throughout the recovery procedure. If the cardholder behaves in a threatening manner, return the card immediately and complete the transaction.
• Once you have recovered the card, contact your processor for further instructions.
• Cut the recovered card in half lengthwise, but be careful not to damage the hologram, the embossed account number, or the magnetic stripe.
• Send the recovered card’s pieces to your processor.

Be advised that card issuers offer cash rewards to merchants for recovering altered and counterfeit cards or for information that can lead to the arrest and conviction of any person involved in a counterfeit operation. Contact your processor for additional details.

For cards that are found at your store or have been inadvertently left by customers and have remained unclaimed, you should follow the above procedures for contacting your processor and sending in the card.

Mail order and direct order (MO / TO) merchants, just like e-commerce organizations, accept payments in a card-not-present environment. The difference is that, while e-commerce services enable cardholders to enter their account details on the merchant’s website, MO / TO services allow the merchant to complete transactions by entering the cardholder’s account information their customer has provided over the phone or in the mail.

MO / TO merchants must validate the cardholder’s identity and the validity of the transaction, to the best of their ability, and here they have an advantage over their e-commerce counterparts. While e-commerce payments are processed, and must be verified, within seconds, MO / TO merchants have much more time to investigate the provided information. With that in mind, your fraud prevention procedures should include the following actions:

• Obtain an authorization. Avoid using a $1 authorization to verify if the account is in good standing.
• Obtain the card expiration date. Include the expiration date in your authorization request. An invalid or missing expiration date can be an indicator that the person does not have the actual card in hand.
• Obtain the card security code. Card security codes are the three-digit numbers found in the signature panels on the back of Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards and the four-digit numbers found above and slightly to the right of the account numbers of American Express (CID) cards. Card security codes were introduced as an additional tool to help ensure that the customer is in a physical possession of the card at the time of the transaction.
• Use the Address Verification Service (AVS). AVS verifies the validity of the billing address provided by your customer by comparing it to the one on file with the card issuer.
• Submit the authorization request with the billing address and security code. The authorization response will include the result codes for both.
• Perform transaction screening. Transactions should be screened, either internally or using third-party tools, for questionable transaction data or other potential warning signs indicating “out of pattern” orders. Transactions with suspicious characteristics should be reviewed for fraud.

When you identify a transaction with high-risk characteristics:

• Make a Code 10 call. Code 10 is a voice authorization request that alerts the card issuer to the suspicious activity. The issuer’s voice authorization center representative will ask you a series of questions to determine whether or not the transaction is fraudulent and provide instructions on how to proceed.
• Call your customer. Call your customer at the number they have provided and ask for additional information, e.g., bank name on the front of the card.
• Confirm the order with your customer. Send a confirmation note to your customer’s billing address, not to the shipping address.

Implementing these suggestions into your fraud prevention procedures will help substantially reduce fraud and the number of customer complaints that lead to chargebacks. It is important that, whenever you get to contact a customer for additional details, you are courteous and polite. Do not tell them that you are attempting to verify the validity of a transaction. If the customer refuses to provide additional information, simply state that this is a standard procedure that your business always takes for such types of transactions to protect cardholders from fraud. Always report suspicious activity to your processing bank.

A face-to-face environment provides a much more secure way for accepting card payments than a non-face-to-face setting. As a result, brick-and-mortar businesses typically suffer from less fraud and chargebacks and pay lower transaction fees than e-commerce and direct marketing (MO / TO) merchants. Let’s take a look at the typical characteristics of a face-to-face transaction, what makes it safer and how to keep it that way.

Card-present transactions are those in which both the card and the cardholder are present at the time the payment is processed. Card-present merchants include grocery stores, department stores, fast-food restaurants, movie theaters, etc. Card acceptance settings where cardholders use unattended point-of-sale (POS) terminals, such as gas stations, are also defined as card-present transactions.

Visa and MasterCard require that merchants make all efforts to ensure that all card payments they accept are legitimate. This is in the merchant’s best interest as well, as fraud is costly, damages its reputation and, if unchecked, can lead to the suspension of the merchant account.

All card-present transactions are executed at a POS terminal. Whether you are experienced at the job or are new to it, if you follow a few simple card acceptance procedures, you will be sure to do it right every time a card is presented by a customer. A typical face-to-face card acceptance procedure goes through the following stages:

1. Swipe the card. The first step in the payment acceptance process is swiping the card. Once the card is swiped, you should take it in your possession for the remainder of the transaction.
2. Authorization. Authorizations are required before completing a card-present transaction in the following instances:
   • The transaction amount exceeds your floor limit or the floor limit applicable to the transaction.
   • The card is expired or not yet valid.
   • The card is not signed.
   • You wish to delay presenting the transaction record.
   • The transaction receipt cannot be imprinted although the card is present.
   • The terminal is unable to read the magnetic stripe or the chip (if one is present) on the card.
   • The account number is listed on the Electronic Warning Bulletin or on the regional Warning Notice. If an account is listed in on the Electronic Warning Bulletin or regional Warning Notice, you must call your processor’s voice authorization center. You may be instructed to retain the card, which you should only do if it is safe to do so.
   • The transaction is a recurring payment installment and a previous authorization request was declined by the card issuer.
   • You are suspicious of the transaction for any reason. If the card or the cardholder looks suspicious, you must contact your processor’s voice authorization center and make a Code 10 call.

   
   Listed in the table below are the possible responses to your authorization request and advice on how to proceed when you receive the response:
   
   

   Response	Explanation
   Approved	Issuer approves the transaction. This is the most common response – about 95% of all authorization requests are approved.
   Declined or Card Not Accepted	Issuer does not approve the transaction. The transaction should not be completed. Return the card and instruct the cardholder to call the Issuer for more information on the status of the account.
   Call, Call Center, or Referrals	Issuer needs more information before approving the sale. Most of these transactions are approved, but you should call your authorization center and follow whatever instructions you are given. In most cases, an authorization agent will ask to speak directly with the cardholder or will instruct you to check the cardholder’s identification.
   Pick Up	Issuer wants to recover the card. Do not complete the transaction. Inform the customer that you have been instructed to keep the card, and ask for an alternative form of payment. If you feel uncomfortable, simply return the card to the cardholder.
   No Match	The embossed account number on the front of the card does not match the account number encoded on the magnetic stripe. Swipe the card again and re-key the last four digits at the prompt. If a “No Match” response appears again, it means the card is counterfeit. If it can be done safely, keep the card in your possession, and make a Code 10 call.

   
   

3. Examine the card. While waiting for the authorization result, check the card’s security features to make sure it is authentic. Make sure that the card account, the expiration date and the card security code not been altered or tampered with and that the back of the card is signed.
4. Customer signature. If the transaction is authorized, you should obtain the cardholder’s signature on the printed sales receipt. If the signature is missing, you may lose re-presentment rights if the transaction is charged back.
5. Compare signatures. Compare the signature provided by the customer to the one on the back of the card and make sure they match. Also compare the account name and number printed on the receipt to the ones on the card.
6. Return the card and receipt to your customer. If you are satisfied that the transaction is legitimate, return the receipt and the card to the cardholder, along with the purchased merchandise to complete the transaction.
7. Make a Code 10 call. If you believe that a fraudulent activity is taking place, make a Code 10 call to your processor’s authorization center for instructions on how to proceed.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).