How Merchants Can Reduce Credit Card Fraud

If you operate a retail or ecommerce business, accepting all major credit cards and electronic checks is a required method of customer payment. However, when you decide to accept electronic payments, business owners must also consider the potential cost of fraud. Studies have shown both traditional and online merchants have lost billions in fraudulent transactions. Today, technology provides proven methods for identifying and preventing fraudulent transactions.

Fraud can come in many forms. Needless to say fraud is bad for business. If you process a fraudulent customer order by the time you find out the credit card was stolen you have already shipped the product. Fraudulent orders usually result in a customer credit card chargeback to your business. Unfortunately, by that time, you have delivered and lost your product, you have lost the income from the sale and to top it all off; you will receive a chargeback fee from your credit card processor. I’m sure we can agree there is a strong need to identify and stop a fraudulent order before you deliver your product. Fortunately for the merchant, there are many steps and processes that can be implemented to reduce and eliminate credit card fraud.


1. Address Verification Service (AVS) – is a simple and easy to implement process to decrease your chances of accepting a stolen credit card. When you process a credit card transaction; make sure you capture the card holder’s billing address and zip code. Manual non-swipe (Internet and MOTO) transactions will require you to capture card holder information. However, card present (swipe) transactions will not. Once you capture the card holder’s billing address and zip code you’re ready to process the sale. Your point of sale system will verify AVS with the card issuing bank. You can receive a street address match only, a zip code match only or a match on street address and zip code. If you do not receive an AVS match you should consider declining the transaction. Approximately 80% of fraudulent transactions in the U.S. are AVS mismatches. Keep in mind, most AVS systems can be configured so be sure to check your AVS settings. Implementing AVS can have a major impact on reducing credit card fraud.

2. Card Verification (CVV/CVV2) – is similar to AVS. CVV is the 3 digit code on the back of a credit card (4 digits for American Express). Like AVS, CVV is entered at the point of sale. The card holder’s CVV code is verified by the card issuing bank when the credit card sale is being processed. If you do not receive a CVV match you should consider declining the transaction. Online merchants should make CVV a required field.

3. Use a Threshold Management Service – Threshold management allows the merchant to set parameters for the transactions they will accept. For example, transactions can be screened based on the amount of money charged per transaction, the number of transactions charged, transaction frequency, average user ticket, etc. Transactions that are marked as a potential fraudulent transaction will require additional review by the merchant. Threshold Management services are usually available an add-on service.

4. Scrutinize Orders from Free email accounts – Fraudsters and thieves like to hide. One of the easiest ways to hide the identity of a thief is to use a free email account. Most fraudulent transactions use a free email service. Merchants should not decline all transactions from a free email service. However, you may want to provide those orders with more scrutiny.

5. Scrutinize Orders with a different Ship to address than Bill to address – The thief with the stolen credit card may have the owners billing address and zip code. If so, you will receive an AVS and CVV match on their order. However, in order to receive your product they will request the order to be shipped to a different address. Merchants should review all orders with a different ship to and bill to address. If the ship to address is a foreign country pay even more attention to the order.

6. Scrutinize International Orders / Foreign Credit Cards – If your business model requires you to ship to foreign countries you should obtain an International merchant account. Since non domestic orders have a higher rate of fraud than domestic orders, having an International merchant account will provide you with a higher level of protection. In additional, an international merchant account will allow you to settle in the local currency. If you require a domestic and international merchant account you should use a payment gateway with load-balancing. Load-balancing provides the merchant with the ability to use multiple merchant accounts in a single payment gateway account.

7. Understand that an Authorization Code does not mean the credit card is not stolen – An authorization code is provided when the transaction has been approved. However, an authorization code simply means the credit card is valid and has the available credit to process the transaction. Ultimately, as the business owner, it is up to you to decide to accept or reject the transaction.

8. Use an Advance Fraud Protection Service – Advanced Fraud Protection services allow the merchant to block transactions by IP address, Country of Origin and other fraud filters. Advanced fraud protection services are usually available an add-on service.

9. Use a PCI Compliant Data Storage Service – Merchants who have a requirement to store the customer’s credit card data should use a PCI Compliant Data Storage Service. A PCI Compliant Data Storage Service allows merchants to transmit and store the customer’s payment information in a Level 1 PCI certified data facility. Once the customer record has been securely transmitted and stored the merchant can then initiate transactions remotely without having to access credit card or electronic check information directly. This process is accomplished without the merchant storing the customer’s payment information in their local database or payment application.

10. Review and Implement PCI (Payment Card Industry Standards) Policies – Merchants can review PCI Standards online at If you’re using a PCI Compliant point of sale solution and you do not store payment data you’re already in good shape. However, merchants should contact their merchant account provider for more information.

Fraud prevention is a necessary activity for traditional and online merchants. Exposing your business to fraudulent transactions and high chargeback ratios is bad for business and could cause you to lose your merchant account. The leading real-time payment gateway services provide advanced fraud protection tools. However, many fraud prevention techniques can be implemented at no additional costs.

Top Real-time Payment Gateway Services

1. Planetauthorize (Domestic USA and International)

2. Authorize.Net (Domestic USA)

3. PlugnPay (Domestic USA)

4. Skipjack (Domestic USA)

5. eProcessing Network (Domestic USA)

Leave a Reply