Credit cards have become a way of life for consumers in our modern economy. Many consumers do not even carry cash because they find it to be a bother. As more businesses embrace the world of credit, they also must embrace the world of collections because some consumers run up a large amount of debt and then do not want to pay it back.
Unfortunately, where there are credit cards, there is also a problem with credit card fraud. If you own a collection agency and you accept card payments, you will sooner or later experience attempts at making payments with fraudulent credit cards. The credit card industry has taken steps to lower the possibility of fraud, but as they evolve, so do the criminals. Therefore, secure credit card processing became a business necessity. In addition to following steps to become and remain PCI compliant, businesses must also consider other security methods to protect their customers’ sensitive payment data.
EMV Cards and Fraud Protection
As of October 2015, all newly-issued credit cards are required to come equipped with Europay, MasterCard and Visa (EMV) technology. These new cards contain a small computer chip that is extremely difficult to counterfeit. The new requirement was made because almost half of the world’s credit card fraud happens because of magnetic-stripe cards.
The fraud problem for collection agencies will only become worse, though, as EMV chip cards become mainstream in the U.S. Although these chip-enabled cards are good at stopping in-store fraud, they offer little protection in the online world. This is because of card-not-present credit card processing systems This is precisely where credit card abuse continues to shift as thieves take advantage of the anonymity that online bill payment provides.
What steps can you take to protect yourself as fraudulent activity continues to surge?
Credit Card Fraud Management
Strictly following Payment Card Industry (PCI) standards is one of the best methods of battling fraud. As of June 26, 2016, BillingTree has successfully completed the 2016 audits for PCI-DSS 3.1, HIPAA and SSAE-16.
In addition, there are other methods for preventing credit card fraud. Tokenization and point-to-point encryption (P2PE) are two such methods.
Tokenization: when used in credit card transactions, a “token” is created to replace the card number. The token would be a string of seemingly nonsensical letters and numbers, which represent the 16-digit account number. The token, rather than the actual credit card number, would be used to complete the transaction, thereby discouraging theft. Point-to-point encryption (P2PE) instantaneously converts confidential credit card data and information into indecipherable code at the time the card is used. After a credit card number is entered the system immediately encrypts the card information. The PCI certified device uses an algorithmic calculation to encrypt the confidential credit card data in a tamper resistant module. The encrypted, indecipherable codes are sent to the payment gateway or processor for decryption.
In addition to these methods, there is a range of advanced fraud management tools. These security filters will detect credit card fraud within the payment environment.
- A card-issuing country filter that allows acceptance of transactions only from trustworthy countries.
- On-hold filtering that allows pausing of transactions based on specific parameters set by the agency.
- CVV filtering that automatically matches the user’s three or four-digit card verification value with what the issuing bank has on file.
- Negative-database filtering that blacklists fraudsters by IP, email, or address.
In closing; where there are credit cards, there is undoubtedly going to be attempts at fraud. By being aware you can take steps to prevent it. BillingTree provides businesses with a powerful solution for credit card processing that is fully PCI compliant and optimized for the card-not-present environments.