There are a number of steps you can take to reduce the risk of fraudulent card payments. Training is crucial - you should draw up a clear list of security measures and make sure your employees are fully aware of them.
Talk to the bank providing you with your merchant account. Ask them what security measures they recommend.
When the cardholder is present you should:
- check the card hasn't been reported lost or stolen - your terminal will check this when it seeks authorisation
- make sure that the PIN entered verifies the transaction, or where the card is not chip & PIN-enabled that the signature matches the one on the back of the card
- check the card is in the right format and hasn't been tampered with - ask your bank for a card-recognition guide
- check with your bank's authorisation phone line if the card won't swipe - this can happen for innocent reasons but it may indicate a fake card
- beware of people who seem nervous or who try to distract you as you're processing their purchase
- look out for people making hurried and seemingly random purchases, eg several pairs of designer sunglasses or high-priced electronics
For cardholder-not-present transactions, you can:
- ask for the card security code if you have the facility - usually the last three digits on the signature strip or, in the case of an American Express card, four numbers on the front of the card
- ask customers to bring their card when collecting goods
- ask for faxed confirmation of the order with a signature and proof of address
- check the name and address details you have been given with those held by the company which issued the card
- use the Address Verification Service offered by your bank, which checks the numerical details of the cardholder's address with the card issuer
- take advantage of specific programmes aimed at preventing fraudulent transactions - like Verified by Visa and MasterCard SecureCode
Find out about fraud prevention measures with Financial Fraud Action UK.
Data protection and security standards
As with any business that stores or processes customers' personal information, you will need to ensure that your business complies with the Data Protection Act. Businesses that don't properly protect their customers' personal information can be fined.