How to Detect and Prevent Merchant Credit Card Account Fraud

Digital payments are on the rise as more and more consumers perform transactions online. As rising digital payments increase, so does the potential for cybercrimes. The growth in eCommerce and card-not-present transactions is matched by a growth in fraud; in fact, experts predicted eCommerce credit card fraud would reach $25.6 billion in 2020.

The onset of the pandemic has only increased threats as sales have moved online, with cybercriminals evolving their processes to match the new remote workplace. Fraudulent transactions can result in costly chargebacks, loss of inventory, or worse—a breach of sensitive data. Although fraud can never be eliminated completely, preventative tools exist that merchants can use to reduce merchant account fraud and fortify credit card and ACH fraud prevention as much as possible.

Follow Merchant Rules

Usually, if a sale seems too good to be true—it probably is. If you suspect fraud, your payment processor and credit card companies recommend crucial procedures to follow. If you don’t, you risk becoming the victim of a fraud scheme and losing your merchant account for failing to follow their rules.

Become familiar with the most updated policies your credit card issuer and payment processor has set for managing fraudulent transactions,Mastercard, Visa, American Express, and Discover each have slightly different expectations,  but they all want to help protect from loss. To continue carrying the ability to accept their card type, you must adhere to their rules.

If you suspect fraudulent activity, especially if the transaction occurred with a customer you’ve never done business with before, contact the registration service to reduce the number of chargebacks before they pile up.

Choose a knowledgeable merchant services account provider that will help you avoid merchant account fraud in the first place. You hire them with confidence, knowing that they will work with you to resolve the situation quickly. You will hold the responsibility to call the card issuer, but your merchant services account provider should stand as reliable support to walk you through the process.

Bottom line: if you suspect fraud, follow merchant rules as soon as possible. This little bit of extra work may protect you from being the victim of a fraud scheme.

Download our free eBook, 6 Strategies to Optimize Your Merchant Services Account

Build a Customized Suite of Fraud Management Tools

Another way to reduce merchant account fraud is to choose the PCI-compliant data security features that make sense for your business. By doing this, you can combine available fraud management tools to protect financial data while reducing your PCI scope.

Basic Fraud Prevention

With eCommerce, all transactions are considered Card-Not-Present (CNP) because neither the customer nor their card is physically present. Because of this, CNP transactions, including over the phone payments and mobile commerce, allow more opportunities for fraudulent activity. However, you can take basic measures towards credit card fraud prevention, including:

Address Verification (AVS)

Potential criminals may not have the billing address for the credit card they are using to complete the transaction. In addition to requesting the card number, you should also request the billing address. You will want to specifically ensure that the billing address matches the information on file with the card-issuing bank and verify the correct shipping address if it is different from the billing address provided.

Card Verification Value (CVV)

Credit cards will have a three-digit verification code on the back, known as the CVV. For some companies, it is a four-digit card identification number (CID). The purpose of this number is to verify that the cardholder is presenting the card for payment versus a cybercriminal with a stolen credit card number. Do not authorize any transactions without the CVV or CID.

Advanced Fraud Detection Features

In some cases, criminals can provide the right address and CVV code, avoiding traditional IP-detection. Because of this risk, you should rely on more advanced fraud detection features for credit card, eCheck, and ACH fraud prevention efforts, including:

On-Hold Functionality

Using filters, you can automatically put a hold on transactions that appear suspicious until they can be manually reviewed and you’ve contacted the cardholder directly.

Velocity Filter

This filter can be configured to decline transactions based on certain parameters, including the number of transactions from a specific IP address, and maximum dollar amount for credits/refunds.

BIN Filter/Card Issuing Country Filter

With this filter, you can decide to accept or decline transactions based on the country where they originated. The credit card processor performs a BIN lookup of the card, identifying the country where the card was issued and the bank issuing the card.

Negative Database

Negative database security allows you to identify criminals listed in the database by IP, email, or address. You can choose to create your database or use a global database that is frequently updated by expert risk analysts.


With thresholds and quotas, you can choose to only accept transactions above and below a certain amount. If a card is used outside of this range, it will automatically be declined.

Built-in Analytic Processes

To stay ahead of merchant account fraud, merchants should find or build software with analytic processes built-in. In the event of a security breach, comprehensive dashboards will automatically be generated to show when and where the violation occurred. Further, automated responses can be implemented to flag all access points, helping merchants detect and patch vulnerabilities faster than ever.

Broaden Cybersecurity Awareness

One of the greatest tools you can leverage is knowledge; businesses should dedicate a considerable amount of time educating themselves and their staff on cyber threats and security. New attacks and malware emerge all of the time—small businesses need evolving and on-going security awareness training to detect vulnerabilities and potential threats.

In addition to staying knowledgeable about cybersecurity, merchants should also use a password protector service, such as KeePass, to further enhance security. By doing this, passwords can be fortified to make them more difficult to decode and hack into sensitive data, financial information, proprietary systems, and more. Password protector services store passwords securely so merchants can access them without needing to remember them. More importantly, merchants can routinely run analyses and check-ins to avoid a data breach. This is especially important during transitional stages, such as transitioning to a remote workplace.

Knowledge is power for fraud detection and prevention; however, your payment processing partner’s fraud management features and tools can help. If you haven’t already, it’s time that you partner with a PCI-compliant merchant account and services provider and utilize the built-in security features/services within their platform to prevent merchant account fraud. If you intend to add the lower cost solution to utilize ACH processing to your product package for your customers to have more options to pay, research to ensure your payment gateway provider also uses anti fraud measures like check verification and has the latest security standards in place, as recommended by Nacha.

For more information on merchant account and credit card fraud prevention, contact to consult with our experts.


By ICG Digital
January 8, 2021
Leave a comment

Want to learn more about iCheckGateway?