Fraud Prevention Resources

Find out more about how you can protect your business and prevent fraudulent transactions. 

  • What is transaction fraud?

    Transaction Fraud occurs when a stolen payment card or its data is used to generate an unauthorised transaction via a customer not present (CNP) transaction.

  • What is a customer not present (CNP) transaction?

    Customer not present transactions refer to when the cardholder is not physically present for examination at the time of payment. These payments occur when a payment is made on the internet, over the phone or through mail order. These types of payments are more susceptible to fraud because they are not protected by Chip and Pin.

  • What is a MOTO payment?

    MOTO (Mail Order Telephone Order) payments allow businesses that operate remotely to process debit and credit card payments from their customers, via telephone, letter, or email requests.

  • Why are MOTO payments more susceptible to fraud?

    Any transaction that doesn’t have the customer with their payment card present is at a higher risk of being fraudulent and MOTO payments are no exception. MOTO transactions are deemed higher risk and more caution should be taken when receiving payments via this channel. These transactions are not protected by the card issuer and the liability would sit with the merchant as there is no physical signature or record of a personal identification number (PIN) that could prove the charge is valid. It is also harder to detect fraud with a MOTO transaction because of the lack of physical evidence connected to the individual who authorised the payment.

  • What are Common Types of Fraud for Customer not present transactions?

    Payment Fraud including identity theft: Occurs when a fraudster uses a stolen or fake credit card to buy goods/services.


    Friendly fraud (Also known as Chargeback Fraud): Occurs when a consumer (or fraudster) makes an online/ MOTO payment with a credit card but then requests a chargeback from the issuing bank after they’ve received the goods or services.


    Interception fraud: Occurs when a fraudster uses a stolen credit card along with the same billing address and shipping address that is linked to the card and then intercepts the goods before they are delivered; this may occur by a fraudster calling after the order is placed and before it has shipped. Then they will ask for the delivery address to be changed. They may also contact the courier to change the route of the package to a different address of their choosing.

  • Who is liable for transactions deemed fraudulent?

    Mail Order Telephone Order

    Liable party – Merchant


    Online payments taken using 3-D Secure

    Liable party – Issuing Bank


    Online payments taken without using 3-D Secure

    Liable party – Merchant

  • Who is liable for CNP transactions made on a card terminal?

    When manually keying a cardholder’s card details into a point-of-sale terminal the liability for fraud shifts from the card issuer to the merchant.

     

    In these cases, the sale is treated the same way a MOTO (mail order telephone order) payment would be for transaction fraud. Please see our guidance for avoiding MOTO fraud. To ensure the liability is shifted to the card issuer, the cardholder needs to use their card in person, either contactless or chip and pin.


    Signature only cards do not have a liability shift and are viewed the same was as manual pan key. If a business wants to acceot this method of payment, we recommend checking valid ID, but you will still liable for cost of the fraud.

  • What red flags should you look out for to spot potential fraudulent transactions?
    • Unusually large orders or orders for multiple quantities of the same item
    • Several orders received within a short space of time, often in increasing value
    • Orders using multiple credit cards, especially where the first 12 digits of the card are the same and only the last four are different
    • Orders requiring ‘urgent’ shipping or delivery to a Post Office box or third party
    • Orders from someone who is not the owner of the card
    • The cardholder claiming, they cannot provide the CCV
    • AVS mismatch on the Billing address provided
    • Different shipping and billing address

    If any of the above indicators are present, we would always encourage you to exercise caution. If you’re not satisfied that a payment is genuine, ClearAccept recommend that the goods and services are not provided and that the payment be refunded immediately.

  • What should you do if you spot one or more of the above red flags?

    If any of the above red flags are present during a transaction, we recommend that you complete additional due diligence by:


    • Requesting a short video of the card holder confirming their name, holding their credit card AND obscuring part of the card number along with a picture of their photo ID showing their address. 
    • This allows you to evidence the cardholders identity and confirm the address to which the credit card is registered and to which you are shipping. For genuine customers, this will take less than two minutes. For fraudsters, it’ll put them off entirely.

    Always ensuring the billing address and delivery address are consistent and that the AVS check matches.

     

    If there are any concerns regarding any transactions, then the goods and services should not be provided and the payment should be refunded as soon as possible to prevent any potential chargebacks.

  • Do you have any guidance on chargebacks?

    Download our Chargeback Guidance for Merchants.

  • Are recurring payments 3D Secure?

    Recurring payments are transactions initiated by the merchant, for which you have an agreement with the customer to periodically charge their card for an agreed-upon amount.


    For the first transaction, 3D Secure Authentication is required. This means that if there are any reported fraudulent transactions, the responsibility lies with the card issuer.


    However, for subsequent transactions, they do not undergo 3D Secure Authentication, and in such cases, the responsibility for any reported fraudulent transactions falls on the merchant.


    Please make sure to promptly respond to and action any customer requests to cancel these agreements. Doing so will help minimise the occurrence of chargebacks and reports of fraud associated with these transactions.

  • What actions can customers take to keep their checkouts secure?

    Taking a few simple precautions can help protect your business. Here are some recommended actions to follow: 


    Report Lost or Stolen Terminal(s) 


    Alert ClearAccept: If you notice that a Terminal has been lost or suspected is stolen, please alert ClearAccept immediately via: reportpdq@clearaccept.com 

     


    In-person payments 


    Keep terminals secure: Never leave terminals unattended or allow anyone to tamper with or remove your payment devices. If a terminal looks damaged, stop using it immediately, put it in a secure location and report it by raising a ticket via your Software company or emailing support@clearaccept.com.  Additionally, when terminals aren’t in use, ensure they’re securely stored away  


    Be alert at the point of sale: Watch for unusual customer behaviour, such as attempts to distract staff or interfere with equipment. Never leave your payment terminals unattended! 


    Protect supervisor access: Always shield the terminal screen when entering your supervisor passcode to prevent it being observed. 


    Updating passcodes: Change supervisor passcodes regularly, particularly when staff leave the business and keep a log of all staff who know the passcode for easy reference.  


    If you need help with how to change the Terminal supervisor password, please contact us via support@clearaccept.com or phone: 020 7186 2186 


     Our team are here to support you & are available: 


    Mon-Fri: 08.00 - 18.00 


    Sat: 09.00 - 18.00 


    Sun: 10.00 - 17.00 


    Bank Holidays (excl. Christmas and New Years Day): 10.00 - 17.00 


     


    Online payments


    Use strong credentials: Create unique, complex passwords for each system or platform, and update them regularly. 


    Enable extra protection: Where available, turn on two-factor authentication to add an extra security layer to your login process. 


    Monitor transactions: Review your accounts and online payment reports frequently so you can spot and act on any suspicious activity quickly. Contact Clear Accept if you think there is evidence of suspicious activity – we are here to help you. 

     


    Employee awareness 


    Provide regular training: Ensure your team understands how to recognise potential scams, suspicious behaviour, and security risks. 


    Reinforce good practice:  Remind employees never to share terminal passcodes, login details, or security codes with anyone. 


    Encourage vigilance: Create a culture where staff feel confident to report anything unusual straight away, no matter how minor it may seem. 

     

    Connectivity & Network Security 


    Keep systems secure: Connect terminals only to trusted, secure networks (avoid public Wi-Fi), ensure your business Wi-Fi is password-protected and uses WPA2/WPA3 encryption, and keep any connected systems (e.g. POS software, routers) updated with the latest security patches. 

     

    Vendor & Maintenance Security 


    Use trusted providers: Only use authorised service providers for maintenance or upgrades and always check the credentials of anyone who comes to service your equipment 


    Compliance 


    Ensure you’re staying compliant: Follow PCI DSS (Payment Card Industry Data Security Standard) requirements relevant to your business and keep software and firmware up to date to remain compliant. 

     

Want to speak to us? 

Contact us