Preventing Fraud Before the Sale

The introduction of EMV credit cards into the United States was heralded as a big step toward preventing credit card fraud. But while the cards may have changed the landscape, they have not freed convenience store owners from having to keep up their defenses against credit card fraud. In fact, in some ways, the new chip cards have put a new burden on stores.

Perhaps the biggest pressure is that major card brands are shifting more liability away from the banks and onto retailers, many of whom aren't yet equipped with EMV technology. For some kinds of transactions, the shift came late last year; for others, the shift is planned for next year. And the vast majority of retailers haven't installed chip-enabled terminals yet.

An informal survey shows c-stores that have adopted EMV — an acronym for Europay, MasterCard and Visa, the three companies that originally created the security standard — frequently haven’t enabled their chip terminals. In some cases, the store owner has taped off the chip-capable terminals and added a hand-written “please swipe” note instructing customers to swipe their chip-enabled cards.

So, one year after the Oct. 1, 2015 liability shift deadline at the point-of-sale (POS), why are c-stores still reluctant to accept chip payment cards?

Answers to that question include:

• Small-business owners already stretched thin do not have the time to learn about and implement EMV-capable solutions.
• Retailers, resistant to new EMV technologies and software requirements being pushed their way, are taking the "if it ain’t broke, don’t fix it" approach to running their businesses.
• Retailers are reluctant to re-train staff, as well as educate customers, on how to perform a chip-enabled transaction.
• Merchants are historically used to a small numbers of chargebacks, and consider it the cost of doing business. Therefore, they do not believe they’re susceptible to fraudulent transactions.

Conexxus, a technology organization that represents convenience stores and gas stations, estimates the industry lost at least $250 million to credit card and debit card fraud last year — losses that get passed on to customers in the form of higher prices. Unfortunately, as a merchant, when you open up your mail and discover your bank has sent you a pile of chargebacks, it's very likely too late to do much about it.

If you haven't taken the right precautions and gathered the right evidence, banks aren't going to be very receptive when you try to fight the chargebacks.

Let’s look at what you can do. And the sooner, the better, because when you examine what is recoverable and preventable, it becomes clear that shoring up your business practices protects your bottom line. 

WHAT YOU CAN DO

First, get serious about upgrading to EMV-enabled terminals. In our personal lives, we upgrade to the latest smartphone and flatscreen television as a matter of course. How much more important is it to upgrade the tools of commerce?

Invest in EMV — You may not want to pay for new EMV technology (which can run from a few hundred dollars to thousands), but you'll wind up instead paying for the old technology each time you receive a chargeback you can't fight. You'll pay over and over, and you'll be using the same old technology.

It does take time and money to identify an upgrade path and, even with the new terminals, there will still be a period where customers present cards without chips. During the transition phase, you can take preventive steps with your existing systems to get the most use out of them.

Learn Terminal Settings — Prevention starts with the settings on your terminal. We've been stunned to discover some retailers aren’t aware that their terminals have adjustable settings. Customers should be required to put in their ZIP codes so the system can check for a match with the billing address.

Set the Bar — The challenge when it comes to credit card security is always setting the bar high enough to catch fraud, but not so high that you annoy customers to the point where they'll shop elsewhere. You may want to set a dollar threshold for stepping up the scrutiny. Losing a few dollars to a chargeback may be a nuisance, but losing a few hundred dollars is painful. And we've seen stores lose as much as $5,000 in chargebacks because of a single customer coming back repeatedly with a stolen card. Wherever your pain threshold lies, check ID signatures against the back of the card for any sale over that amount, and check photo ID against the customer. It's not likely that someone who hands you a stolen card will also have a stolen driver's license with a photo that looks just like them.

Know Thy Customer — This brings up one more important point: Just because a customer becomes a familiar face, that doesn't mean they won't end up sticking you with chargebacks. This is especially true if they've only recently starting to make your store a regular stop. Watch for red flags such as customers buying large amounts of a single item, or asking for a lot of cash back.

Train Your Staff — Look at who you have working behind the counter. Some identities are stolen not by somebody breaking into a home or office, but by a cooperative employee handing over information in exchange for payment. Check your employees to make sure they are on your side. Train your staff to know the company security policies, as well as on EMV terminal usage. And make sure they do it consistently. Even an honest and loyal employee can let fraud slip through if they aren't trained on your security protocols. 

Finally, don't be afraid to blacklist customers who have stuck you with chargebacks. Post the information right in front of your employees so they can recognize these customers at a glance. And invest in a high-quality security camera system. It can help in catching a fraudster.

With more responsibility being shifted to the merchant, you have to step up your game if you want to win against chargebacks. The strongest strategy of all is to prevent the fraud from happening in the first place.

Editor’s note: The opinions expressed in this article are the author's and do not necessarily reflect the views of Convenience Store News.