What can a merchant do to prevent losses resulting from the booming black market of identity theft rings buying and selling personal credit card information? The retail card present and ecommerce or MOTO transactions require different preventative measures to block cloned cards.
In the retail environment, the top method is for the cashier to re-enter the last 4 digits. This is a check to make sure the magnetic strip data matches the imprint on the front of the card. Scammers don’t make thousands of unique cards each with matching customer data. They typically are programming the magnetic strip data only.
A skilled con artist may try to get a cashier to key enter the transaction with some story about a problem with the mag strip, before the cashier even swipes the card. Don’t be fooled. Cashiers should never take the customers word for it. They should always swipe first. If the strip is bad, the machine will prompt to re-swipe. This is a critical decision point! If the strip really is bad, what preventative measures do you have in place to protect your company?
- This is a key entered face to face transaction. The signed receipt must be presented to prevent a future chargeback. Can you find them when you need them?
- Do you allow all cashiers to key enter any transactions? How would you know if someone key entered a $5000 transaction? Are you comfortable with that?
In the card not present environment, the top method is to verify CVV also known as the security code. Cloned cards do not have matching security codes because that is not data they can obtain. Address verification may be required to prevent chargeback’s. MOTO and ecommerce requirements do have some variances.
Do you want an alert if a transaction over a certain dollar amount, say $500, is key entered? Do you want to check for address, but only require it for transactions over a certain amount? With our universal hosted payment processing solution, there are hundreds of ways for merchants to manage risk parameters, including setting automated alerts.
A critical difference in our system for retailers is LOGICAL INTELLIGENCE. If the cashier has been given privileges to key enter transactions, then the system will automatically switch from prompting for the last 4 digits to prompting for the zip code. The merchant can control the maximum amount the cashier is allowed to key enter, and whether they want email alerts sent to management. If signature capture terminals are in place, the customer is prompted for the signature, which can be readily retrieved in the event of a chargeback dispute. (Note- all these parameters are controlled by the merchant. For example, if you don’t want to prompt for the last 4 digits, you don’t have to.)
Want to find out more? Read the CenPOS overview and request information.