Playing now

Playing now

Staying vigilant against in-store fraud: 7 tips for retailers

Back to search results

Mobile payment

Online transactional security has garnered scrutiny over the past decade, given its booming popularity and subsequent risks.

Physical businesses aren’t out of the woods; however, all the attention paid to online security creates a distraction for the low-tech criminals who want to steal card information at the point of sale.

If they become lax with their in-store payment security, retailers will put the sensitive information of millions of shoppers who prefer shopping in-store at risk.

Traditional defence methods against fraud are still critical since fraud losses on face-to-face purchases remain on the increase.

The following seven tips can help retailers stay ahead and reduce the risks of card fraud in-store:

1.    Keep an eye on unattended payment terminals

According to the South African Banking Risk Information Centre (Sabric), gross fraud losses on South African issued bank cards increased by 20.5% in 2019

This suggests that hackers are still looking for ways to infiltrate card readers.

Criminals commonly attach concealed or disguised devices to the card reader slots of ATMs and unattended payment terminals (UPTs), such as self-service kiosks and ticket machines at railway stations, cinemas, and car parks. By keeping an eye on your UPTs, you’ll have a greater chance of noticing if anything is out of place.

You can reduce card skimming risks even further by updating your terminals to accept contactless payments. Contactless cards have a built-in security feature that occasionally prompts the cardholder to enter their PIN to prove they have the card.

2.    Only accept cards that are in good condition

It’s common for fraudsters to convince cashiers to enter the card details to bypass any anti-fraud features manually. It’s therefore critical to be aware if customers let you know right away that their card has trouble reading.

Cards that can’t be read by a mag-stripe or chip reader are a red flag. Instead, ask for another form of payment or decline the transaction.

3.    Spot red flags with intelligent reporting

Your payment processor continually monitors your business’s transactions for fraudulent activity using the power of data to detect suspicious transactions. Those that fall outside the norm are flagged as a potential fraud risk and investigated for validation.

This extra surveillance can also help you locate suspicious activity over time, such as frequent returns and chargebacks.

If you know you will need to perform a transaction out of character for your retail business, advise your payment processor first to prevent a legitimate purchase from being flagged.

4.    Take precautions against card-not-present fraud

Card-not-present (CNP) fraud is quickly becoming one of the most common types of card fraud. In 2019, CNP fraud amounted to 62% of gross fraud losses on South African issued credit cards.

Coupled with the surge in online shopping, mobile wallets and NFC payments have created new opportunities for fraudsters to use stolen card information to make purchases. This form of payment presents a specific challenge to retailers in verifying who the actual cardholder is and, consequently, authenticating their payment effectively.

A Strong Customer Authentication (SCA) strategy, such as those mandated under PSD2 in Europe, requires the customer to present two of three forms of identification:

  • Something you know, such as a PIN or password
  • Something you have, such as card information
  • Biometric identification, such as a fingerprint

When putting together your SCA strategy, the key is balancing security and convenience for your customer. Authentication through knowledge is the most widely used method.

Banks encourage a security question along with a PIN or password, but this can be difficult for customers to remember.

Possession authentication through one-time passwords (OTP) is also common, but these can be extremely inconvenient for your frequent customers.

Biometric authentication is growing in popularity as most smartphones now include integrated fingerprint readers. Retailers and banks are leveraging this feature to make online and mobile commerce transactions more secure.

5.    Call your bank if you have any concerns

If someone presents a suspicious card with altered features, or you have concerns about the validity of a transaction, give your bank a call.

Your bank can help you to confirm the legitimacy of a card transaction without confronting the customer.

6.    Train your staff

Your staff can be one of the most significant vulnerabilities or one of the best safeguards against credit card fraud – depending on how well they have been trained.

Empower your employees by teaching them about fraud prevention and implementing best practices to ensure that security is the norm. Your staff likely handles most of the sales and interactions with customers. Teaching them to spot potential fraud will help reduce the risk of it happening.

7.    Technology is the key

Upgrading your POS system can quickly fill some of the gaps in your security efforts. For example:

  • Accepting a range of payment methods means you can take advantage of newer security features that have slowed down card fraud.
  • A high-performing payment gateway quickly authorises card payments and reduces the amount of time required to process card transactions.
  • Newer POS systems are simpler and easier to use, making it easier to identify abnormalities and prevent fraud attempts.

8.    In closing

Providing secure payments is part of excellent customer service, but the rush to provide frictionless customer service can unknowingly expose them and your business to card fraud.

You can protect yourself and your customers from in-store fraud by following best practices and learning to spot the red flags as soon as they appear.

Ask the author a question or share your advice

By leaving  a comment on this article, you consent to your comment being made  publicly available and visible at the bottom of the article on this blog. Whilst your email address will not be publicly available, we will collect, store and use it, along with any other personal data you provide as part of your comment, to respond to your queries offline, provide you with customer support and send you information about our products and services as requested.  For more information on how Sage uses and looks after your personal data and the data protection rights you have, please read our Privacy Policy.

Sage Advice Logo