The fraud team at Podium monitors our network and uses tools like 3D Secure, data analytics, machine learning, and payment specific data to inform fraud prevention rules that block the bad guys and help prevent fraudulent transactions through our Platform.
There is no such thing as perfect fraud detection and we cannot prevent all chargebacks. That is why it is critical that you and your business also implement your own fraud controls and follow industry best practices to help prevent fraud when using our Platform. You are the best line of defense to protect your organization from fraud because no one knows your business, your industry, and your locality better than you. But you are not alone in the fight against fraud.
Consider these tips to help prevent fraudulent transactions from affecting your business:
- Watch out for multiple cards on a single transaction.
A customer using multiple credit cards to complete a transaction may be an indicator of fraudulent activity. Watch for customers attempting more than three cards before successfully completing a payment or asking to split up a transaction into small amounts across multiple cards. The customer could be attempting multiple stolen card numbers to find one that works or purposefully keeping a transaction on a certain card below an alert level for the transaction dollar amount.
- Use a consistent customer name.
Check that the cardholder names match across attempted cards for a single transaction on the payment activity page in Stripe before releasing any merchandise or performing services. We also advise creating invoices in a customer’s full legal name and matching that name to the name on their card. This practice can be helpful in fighting chargebacks as well.
- Request a photo ID.
Requesting a photo ID for the cardholder, either in person or through the Podium Inbox, is one of the most efficient ways to detect fraud. With a photo ID you can validate that the cardholder’s name matches the ID, validate shipping addresses, and have a copy of the customer’s signature. If applicable, the ID collected at time of payment should match the ID when the customer picks up goods. We especially recommend requesting an ID for high risk transactions like high dollar transactions.
If a customer wants to use a “friend’s” credit card to complete the transaction, proceed with caution. Make sure you have clear evidence of who the customer is and that they have the express authorization by the cardholder to make a payment using the card. In these cases, we cannot emphasize enough the importance of getting the ID of both the customer and the cardholder.
- Collect a customer signature.
For higher risk transactions, consider collecting a customer’s signature on an invoice when the customer picks up goods or before they receive services. If a customer’s signature is different from the photo ID to the invoice/pickup signature, it would be worth taking a quick second look at other resources like home address and the cardholder’s name to minimize the risk of processing a fraudulent transaction.
- Listen to your gut.
Sometimes there is nothing obviously fraudulent about a transaction, but it just feels wrong. If something feels off--even if you can’t quite put your finger on why--chances are you are correct. In such cases, take some time to look into the transaction further or treat the transaction as higher risk and ask for additional verification from the customer such as a photo ID or signature.
- Take your time.
Allow yourself the time to listen to your gut. Malicious actors like social engineers use urgency and high-pressure tactics to trick you into acting before you think. It is always in the best interest of the fraudster to use stolen information as quickly as possible, so they are counting on being able to create a false sense of urgency.
- Research and implement fraud prevention practices specific to your industry and location.
Every industry and community faces different types of fraud. Research the types of schemes most common to your business and implement prevention procedures that make sense for your business to combat targeting.
- Engage employees.
Make sure your employees are up to date on your organization’s fraud prevention practices and procedures. Encourage them to report when something about a transaction or a customer seems suspicious or out of place. Let your employees know that you take fraud seriously and will be actively monitoring to make sure your fraud prevention practices are followed.
Preventing Fraud from Occurring on Card Readers
The best way to protect card present transactions is to ask customers to always use the chip reader on the terminal instead of swiping their card. These are called EMV transactions; when a customer “dips” their card chip first into an EMV-enabled reader instead of swiping it through a magnetic stripe reader. It is difficult to counterfeit a chip card, and when a chip card is used in a terminal the liability for that charge falls on the issuing bank. That means that if a customer physically “dips” their card, their bank will generally cover the cost of any fraudulent chargebacks.
Preventing Fraud from Occurring with ACH Payments
Any transaction, including ACH payments, can be disputed as fraudulent or unauthorized. In order to combat this, Podium uses Plaid to process our ACH payments. Plaid requires the customer to log into their bank account, meet any multiple factor authentication challenges for the bank account, as well as provide account and routing information.
I think a transaction is fraudulent. What now?
If you think a transaction is fraudulent, take action as soon as possible to protect your business. If a transaction is processed that you think may have been fraudulent, we recommend the following steps:
- Block the customer on Podium.
- Refund all suspicious transactions immediately. This will prevent the transaction from turning into a dispute.
- Do NOT deliver goods or services.
- If applicable, notify all of your business locations about the suspicious activity.
- Notify us at firstname.lastname@example.org. Please provide us with as much information as possible about the customer and transaction as well as the reasons why you think it is fraudulent.
- Collect and retain as much information as possible about the customer and transaction for at least six months including the conversation in Podium.
- If goods were delivered to the bad actor in question, consider filing a police report.
If you have any other questions or concerns about a transaction, please do not hesitate to contact email@example.com or your Podium Customer Success Manager.
Stripe has some helpful suggestions for preventing fraud.