A headstone company had a customer who ordered a granite headstone for a loved one who had recently passed away. This particular business type is not familiar with fraud because, let’s face it: who would buy a personalized headstone with a stolen credit card?!
The “cardholder” wanted to have the headstone shipped overseas to the family. He requested that the business overbill him by $4,000 and wire transfer the money back to him so he can pay the shipping company (which he arranged for, of course). The headstone was not shipped before the sale charged back for fraud, but the business still lost the funds that were wired to the fraudster, and they ended up with a personalized headstone that no one could use.
This is a true example of an overbilling credit card scam I ran into last year from a CNP (Card Not Present) transaction. What does that mean, you ask? Read on, and I will explain.
EMV Means a Shift in Risk for the Business Owner
With the EMV smart chip card deadline fast approaching, stealing the information off of card stripes will become much more difficult. It is likely that credit card and data thieves will turn to other measures, and there will an influx of CNP fraud. Since fraudsters will no longer be able to transfer card data to magnetic strips, the fraud will be moved to a CNP environment. Thieves will be targeting over the phone and digitally-based transactions where the card is not physically present during the sale and the number is manually keyed in. The level of risk in CNP transactions is much higher because there is less proof that the transaction was valid and approved without taking the proper precautions. What does that mean for the business owner? Take extra care when running these type of sales to ensure the customer doesn’t dispute the charges and create a chargeback.
Business owners can feel like the system isn’t designed to protect them from Card Not Present transactions. In this case, knowledge is power. Knowing the different card brand’s rules and regulations along with common card scams will greatly reduce today’s business owner from incurring losses via chargebacks.
Ready to learn and protect yourself? Here are some of the main CNP scams that I have encountered with business owners while working in risk management for the last ten years:
|No one likes being the victim of a SCAM. Make sure you’re aware of how to make smart choices.|
Phone Relay Scam
The Scenario: This scam has been around for many years and is still being used. The scammer uses an online relay service with special operators who make the phone call on the scammer’s behalf. The relay service is usually meant to facilitate telephone calls between people with hearing and speech disabilities and other individuals, however, this leaves a loophole for crooks to capitalize on. Most times, this service is used by fraudsters that are outside the United States. This service is used for many reasons: 1) They do not have to spend money on international calls, 2) They only need access to the internet to use this service, and 3) This provides anonymity for the fraudster and hides any accent they have that may raise red flags to the business owner.
Summary: A phone relay call combined with an unusually large order should raise enough red flags for you as the business owner to investigate further.
What You Can Do: Before you accept such a transaction, you need to take precautions and do some detective work. Investigating the above situation further should including Googling the cardholder’s name, billing address, email address, phone number, and shipping address. I have had cases I have worked for customers before where I was assisting them in researching a suspicious transaction where I simply Googled the “customer’s” phone number or email address and found many complaints from other business owners who had already been scammed.
Lesson Learned/Rule of Thumb: One question that should be asked with every CNP transaction is “What is the cardholder’s billing address?”. This is the address that the issuing bank has for their cardholder and where the issuing bank sends its monthly statements. The card brands, such as VISA, MasterCard, and American Express, have services where they can verify a cardholder’s billing address for you. Sometimes they can even verify the cardholder name. How do I find them, you ask? I have included a list of the major card issuers and the numbers you need to call below, for your reference.
The Scenario: The overbilling scam usually occurs in two variations. The first scam entails the scammer posing as a cardholder asking you to overbill their order so you can pay the “shipping company/delivery service” (or some other service/excuse) in cash when they come to pick up the merchandise. Then, the scammer or someone they have hired will come to the store, take the “shipping” cash and the merchandise and are never heard from again. By the time the card is discovered as fraudulent or stolen, the crook is long gone. The second scam involving overbilling is very similar, but the cardholder will ask you to overbill and wire transfer the overbilled amount to them. Again, the excuse is usually so they can pay for shipping costs of a third party shipping company they are setting up. In both, the idea is usually to steal the shipping funds that you overbill for.
Summary: A cardholder who “doesn’t have the cash” to pay for their “shipping service” takes money from you and then disappears before you know what’s up.
What You Can Do: When a cardholder is asking you to overbill their order, you should always decline and inform the cardholder they are responsible for paying their delivery/shipping service directly. Additionally, I would recommend informing the cardholder that they are required to pick up the merchandise personally with the credit card they used. This way, you can take an imprint of the card and have the cardholder sign the imprint. The signed imprint of the card will protect you from any fraud chargebacks if they occur.
Lesson Learned/Rule of Thumb: Overbilling in it of itself is almost always a violation of the merchant agreement, so you shouldn’t do it in general, but definitely don’t wire cash or give it away to third parties or the cardholder.
The Scenario: This scam starts with the fraudsters posting jobs on internet career sites offering work from home positions. The positions are usually along the lines of “Packaging Assistant” or “Logistics Specialist”. The position entails receiving packages and forwarding them to foreign addresses on behalf of the job poster. The people who are facilitating these jobs usually have no idea they are part of the fraud ring. If you experience this scenario and there is a fraud chargeback, the issuing bank is going to ask you for proof that you entered the cardholder’s billing address into your POS device at the time of the sale. They will also ask you for a shipping receipt showing you shipped the product to the cardholder’s billing address. If you cannot provide both of these things to the card issuer, you have lost out on the sale.
Summary: Fake cardholder requests the goods be shipped to a forwarder’s address other than what the credit card company has on file and takes the goods without paying for them.
What You Can Do: In order to protect yourself from this scam, you should only ship your products to the cardholder’s billing address when dealing with CNP transactions. Shipping only to the cardholder’s billing address can be frustrating for merchants and customers, but this is how you will be protected.
Lesson Learned/Rule of Thumb: If you are asked to ship internationally or to a different address and you can’t confirm the credit card, it’s probably best not to run the transaction at all.
As you are reading this, you may be telling yourself these scams have very obvious red flags. However, as these are usually large sales with large profits, the thought of those profits can cloud your judgment as a business owner and decision-maker.
If you are ever suspicious of a transaction, call your processor and ask them how you should proceed with the sale in question. Tell them your concerns of the sale before you make a mistake and end up losing hundreds, if not thousands, of dollars in merchandise or profit. Also, ensure you are aware of the card brand’s rules and regulations for a detailed explanation of how you can be protected.