Clearsale Blog | Insights on Ecommerce and fraud

What Is Credit Card Fraud, and Can You Spot It?

Written by Bruno Farinelli | Dec 7, 2016

For even the most diligent merchants, credit card fraud can be incredibly tough to pin down because it can take shape in so many ways. In order to understand what credit card fraud looks like, we’ve outlined the top tricks criminals have up their sleeves to separate you from your hard-earned profits.

Top Credit Card Fraud Methods

Account takeover

In this scheme, the criminal steals a victim’s credit card account information to gain unauthorized access to the account, either through a data breach or malware on the victim’s computer that captures the victim’s keystrokes or records the victim’s online activities. 

Phishing

The classic con game goes high-tech, as a thief simply lies to a victim via text, email or phone – often by posing as an official or authority figure of some sort – in order to get the victim’s private identification data.   

Skimming

In this common method for targeting ATMs and other point-of-sale card readers, the criminal places a hard-to-spot skimmer device on the machine in order to copy data from card swipes. 

Application fraud

So simple, yet so frustratingly effective, this scheme involves using a stolen or fake account application to open a credit card in someone else’s name.   

Sequencing

This method involves the criminal getting hold of a legitimate six-digit Bank Identification Number (BIN) and then just guessing from there to deduce a variety of potential full credit card numbers. Sequencing is sometimes referred to as a BIN attack. 

Carding

This toe-in-the-water fraud variation finds the criminal testing stolen credit card information by placing small online orders to see if the card number is valid. Once the thief successfully places a small order, bingo – the thief knows the number is good and quickly moves on to bigger scams.     

Friendly fraud

It may sound all warm and cuddly, but there’s nothing friendly about a customer making a legitimate purchase, but then fraudulently claiming a lost shipment or problem with the order. The customer ends up keeping the merchandise that “never arrived”, and the merchant is left to incur the cost and hassle of the chargeback.  

Red Flags That Can Signal Fraud

One of the best ways to fight credit card fraud is to be on alert for these common schemes. Fortunately, many of them come with consistent warning signs that can help you uncover and snuff out a potentially fraudulent transaction before it does too much damage.

Different ship-to/bill-to addresses

There are a number of perfectly legitimate reasons why a customer may choose to have a purchase shipped to a different address. But using a customer’s actual billing address and having the goods shipped to a different address to be picked up is an easy way for a thief to place an order and receive the merchandise before the cardholder realizes what happened. 

  • TIP: Require phone numbers for both the billing and shipping addresses, and follow up with calls to those numbers if anything seems amiss. 

Non-street addresses

Just like different bill-to and ship-to addresses, most orders sent to hotels, offices and post office boxes are likely perfectly legitimate. But it’s also nearly impossible to know who’s picking up that order, making this another common fraud scenario. 

  • TIP: Short of banning these types of orders outright (not a recommended practice), the best thing to do is to simply treat these orders with a little extra scrutiny. Is anything else about the transaction strange or out of the ordinary?    

Outlier transactions

Fraudsters are counting on the fact that you are too busy to screen every transaction and that you might not have your fraud filters set up to catch what they’re doing. And for good reason. If you’re not careful, some of their more popular fraud methods can easily fall through the cracks, such as:

  • Unusually large orders, often with overnight or express delivery selected
  • Multiple orders going to the same address, but with different credit cards used for each
  • Large numbers of orders to the same address
  • Multiple orders shipped to different physical addresses, but placed from the same IP address
  • Multiple transactions involving credit card numbers that vary only slightly from one another  

 

  • TIP: Like some of the other red flags listed here, any of the above situations could be legitimate, so the best bet is to simply give any of these instances a second review to be sure everything else is in order. 

Package rerouting

Thieves face several challenges when trying to use stolen credit card information. First, they must get the transaction approved. Then, they must get their hands on the merchandise before the cardholder finds out what has happened. One common way to meet both challenges is for the thief to place the order using the cardholder’s shipping address (which helps the transaction get approved quickly), but then calling customer service and asking for the order to be sent to a different address (which bypasses normal fraud detection policies and lets the thief have the merchandise wherever they want). 

  • TIP: Make sure a process is in place for customer service to flag any orders where shipping plans are changed or packages are rerouted. 

More Tips for Avoiding Credit Card Fraud

In addition to keeping an eye out for the above red flags, there are a few extra steps you can take to bulk up your credit card fraud prevention efforts:

  • Keep a log of fraud attempts, chargeback records and problem customers
  • Share information with merchant networks, so you can create a larger pool of data that can help identify fraud patterns
  • Adopt a fraud score to help improve efficiency and reduce your false decline rate

Remaining vigilant about the various methods of credit card fraud and the red flags for potential abuse can help protect your small business, but it’s a lot to keep up with on your own. If you could use some help, reach out to us at contact@clear.sale to learn what we can offer as your trusted, valued cybersecurity partner.