Fraud Flags

Things to Watch For to Reduce Credit Card Fraud

Why care about fraud? Fraud raises the cost of doing business for all card merchants and financial institutions in the payment card system. In addition, the organizational unit itself is financially responsible for any fraud from its customers.

Start by ensuring that all staff understand:

  •   Typical Customer Profile (student at AMC campus, general public, dental hygienists, general public within Colorado, everyone in the entire world)
  •   Your Market Area (Denver, Boulder, Metro Denver, within Colorado, USA only, International)
  •    Typical Transaction (average dollar amount / ticket size, number of items / services purchased, how often, when)

 Second, always obtain an authorization for the full amount at the time of purchase.

With your Market Area, Customer Profile, and Typical Transaction defined, ask yourself the following questions about each transaction:

  • Is it from the typical customer?
  • Is it from an address in the defined market area? Is it a typical ticket size?
  • Is it from a normal source (online, in-person, via mail or telephone)?
  • Is the order for a normal number of items / services / amount? Is more than one card being used to make this purchase?
  • Are multiple transactions being made with similar card numbers in a sequence?
    • Is overnight or express shipping being requested? (This is the preferred shipping method for most fraudsters.)
  • Also ask yourself:

      • Does the customer appear nervous?
      • Does the customer display unusual behavior? (Say, looking at the signature on the back of a card before signing the sales receipt, in a hurry, or perhaps just purchasing stuff without caring what they are purchasing)
      • Does the customer repeatedly come back to make additional purchases?
      • Does the customer tell you she is having trouble with the card and give you a "special" authorization number to call?
      • Does the card appear to be altered in any way? (Number not embossed, number worn, damaged hologram, no magnetic stripe on the back, altered signature panel, the terminal displays a different card number than is embossed on the card, etc.)
      • Is there anything suspicious about the circumstances of this transaction?

    Note that a "yes" answer to any one of these questions (that is, a single red flag) does not necessarily indicate a fraudulent transaction. However, the more yes answers / red flags you have the higher the probability that the transaction is fraudulent.

    Do not:

    • Process the transaction if the authorization process returns a decline.
    • Process the transaction if all the information necessary to complete the transaction is incomplete
    • Disturb the customer or attempt to make an arrest or assault the customer 
    • Process your own transactions good internal controls require that employees do not handle their own payment transactions (this is a major fraud flag)
    • Allow volunteers or other persons to process card transactions.
    • Treasury policy requires that all persons processing payment card transactions be paid staff of the University of Colorado.

    For online transactions, many third party processors have fraud screening available for extra cost. Depending on the capabilities of the third party processor’s system, you may be able to implement limits on customer transactions at little or no cost, including:

    • Maximum or minimum amount of purchase
    • Number of transactions for a single customer within a defined time span
    • Number of items/services purchased per session
    • Number of simultaneous sessions from particular IP addresses
    • Limit transactions to registered customers
    • Number of premium items purchased in total / per customer / per session