Visa offers a variety of materials to support your fraud prevention, security and risk management efforts. Learn the steps to ensure the legitimacy of every Visa card, cardholder and transaction.
Accepting with card present
If you accept cards in person, there are steps you need to take.
Swipe the card through a magnetic card reader, insert the card into a chip-reading device, or wave the card in front of a Visa payWave contactless payment terminal to request the transaction authorisation.
Note: Many Visa cards have a chip that communicates information to a point-of-sale terminal with a chip-reading device. If a chip-reading device is available, preference must always be given to chip card processing before attempting to swipe the magnetic-stripe. The card should remain in the terminal until the transaction is complete.
While the transaction is being processed, check the card’s unique design features and security elements, if possible. Make sure the card is valid and has not been altered in any way.
Obtain authorisation and, if required, get the cardholder signature on the transaction receipt.
Adhere to your merchant store procedures and respond accordingly.
Compare the name, last four digits of the account number and signature on the card to those on the transaction receipt.
Accepting with card absent
Take extra precautions when you can’t see the customer's card. Not all Visa’s card security elements apply to these transactions.
Authorise every transaction, and include the card expiry date in every authorisation request.
An invalid or missing expiry date might mean that the customer doesn’t have the actual card in hand. Ask for more information if you receive an authorisation but still suspect fraud.
Ask for the name of the bank that appears on the front of the card.
Contact the cardholder with any questions.
Confirm the order separately by sending a note via the customer’s billing address rather than the “ship to” address.
Larger than normal order
Order that includes several of the same item
Order with many big-ticket items
Rush or overnight shipping requested
Shipping to an international address
Transactions with similar account numbers
Transactions placed on multiple cards all shipping to a single address
Multiple transactions on one card over a short period of time
Multiple transactions on a card with a single billing address, shipping to multiple addresses
Multiple cards used from a single IP address
Orders from Internet addresses that make use of free email services
Fraud prevention tools
Use only secure, validated payment applications
A unique, one-time authorisation code protects chip card transactions.
Trust your instincts! If a sale seems too good to be true, it probably is. We hear all too often that what a merchant thought was a great sale turned out to be fraud. So take the time to check out that huge order that is being shipped halfway around the world to a customer with whom you’ve never done business. A little bit of extra work may protect you from being the victim of a fraud scheme.
Merchants should establish procedures for responding to suspicious transactions. Your sales staff should be familiar with these procedures and receive regular training on them.
If your sales staff is suspicious of fraud, they should follow the established procedures, which could include asking for identification in accordance with the following rule:
A merchant may request cardholder identification in a face-to-face environment. If the name on the identification does not match the name on the card, the merchant may decide whether to accept the card. If the cardholder does not have or is unwilling to present cardholder identification, the merchant must honour the card.
For suspicious MO/TO transactions, you should:
Ask the customer for additional information: For example, ask for daytime and evening phone numbers and call the customer back later. Some merchants ask for the bank name on the front of the card.
Separately confirm the order with the customer: Send a note to the customer’s billing address, rather than the shipping address.
When requesting additional information to verify orders, telephone order employees should use a conversational tone so as not to arouse customers’ suspicions. If a customer balks or asks why the information is needed, employees should say that they are trying to protect cardholders from fraud.
For suspicious transactions, e-commerce merchants should establish effective procedures for cardholder verification calls. Contacting customers directly not only reduces fraud risk, but also builds customer confidence and loyalty. Your verification procedures should address the need both to identify fraud and leave legitimate customers with a positive impression of your company.
Use directory assistance or Internet search tools to find a cardholder’s telephone number. Do not use the telephone number given for a suspect transaction.
Confirm the transaction, resolve any discrepancies and let the cardholder know that you are performing this confirmation as a protection against fraud.
Visa Travellers Cheques are a safer and more secure form of payment than cash and are accepted around the world at millions of locations. But like most forms of payment, criminals can attempt to use counterfeit or stolen travellers cheques to make purchases. Learn how to accept Visa Travellers Cheques and reduce the risk of fraud.