How to Detect and Prevent Merchant Credit Card Account Fraud?

Digital payments are on the rise as more and more consumers perform transactions online. As rising digital payments increase, so does the potential for cybercrimes. The growth in eCommerce and card-not-present transactions is matched by the growth in fraud; experts predict eCommerce credit card fraud will reach $25.6 billion in 2020.

The onset of the pandemic has only increased threats as sales have moved online, with cybercriminals evolving their processes to match the new remote workplace. Fraudulent transactions can result in costly chargebacks, loss of inventory, or worse—a breach of sensitive data. Although we can never eliminate fraud entirely, preventative tools exist that merchants can use to reduce merchant account fraud and fortify credit card and ACH fraud prevention as much as possible.


Follow Merchant Rules

Usually, if a sale seems too good to be true - it probably is. If you suspect fraud, your payment processor and credit card companies recommend crucial procedures to follow. 

Familiarize yourself with the updated policies your credit card issuer and payment processor have set for managing fraudulent transactions. Mastercard, Visa, American Express, and Discover all have slightly different expectations, but they all want to help protect from loss. To continue carrying the ability to accept their card type, you must adhere to their rules.

If you suspect fraudulent activity, especially if the transaction occurred with a customer you’ve never done business with before, contact the registration service to reduce the number of chargebacks before they pile up.

Choose a knowledgeable merchant services account provider that will help you avoid merchant account fraud in the first place. You can hire them confidently, knowing they will work with you to resolve the situation quickly. You will be responsible for calling the card issuer, but your merchant services account provider should stand as a reliable support to walk you through the process.

Bottom line: if you suspect fraud, follow merchant rules as soon as possible. This little extra work may protect you from being the victim of a fraud scheme.


Basic Fraud Prevention

Another way to reduce merchant account fraud is to choose the PCI-compliant data security features that make sense for your business. Doing this can combine fraud management tools to protect financial data while reducing your PCI scope. With eCommerce, all transactions are considered Card-Not-Present (CNP) because neither the customer nor their card is physically present. Because of this, CNP transactions, including over-the-phone payments and mobile commerce, allow more opportunities for fraudulent activity. However, you can take basic measures toward credit card fraud prevention, including:

Address Verification (AVS)

Potential criminals may not have the billing address for the credit card they use to complete the transaction. In addition to requesting the card number, you should also ask for the billing address. You will want to ensure that the billing address matches the information on file with the card-issuing bank and verify the correct shipping address if it differs from the billing address provided.

Card Verification Value (CVV)

Credit cards will have a three-digit verification code on the back, known as the CVV. For some companies, it is a four-digit card identification number (CID). The purpose of this number is to verify that the cardholder is presenting the card for payment versus a cybercriminal with a stolen credit card number. Do not authorize any transactions without the CVV or CID.


Advanced Fraud Detection Features

Sometimes, criminals can provide the correct address and CVV code, avoiding traditional IP detection. Because of this risk, you should rely on more advanced fraud detection features for credit card, eCheck, and ACH fraud prevention efforts, including:

On-Hold Functionality

Using filters, you can automatically put a hold on transactions that appear suspicious until they can be manually reviewed and you’ve contacted the cardholder directly.

Velocity Filter

This filter can be configured to decline transactions based on specific parameters, including the number of transactions from a particular IP address and the maximum dollar amount for credits/refunds.

BIN Filter/Card Issuing Country Filter

With this filter, you can decide to accept or decline transactions based on the country where they originated. The credit card processor performs a BIN lookup of the card, identifying the country where the card was issued and the bank giving the card.

Negative Database

Negative database security allows you to identify criminals listed in the database by IP, email, or address. You can choose to create your database or use a global database that expert risk analysts frequently update.


With thresholds and quotas, you can choose to only accept transactions above or below a certain amount. If a card is used outside this range, it will automatically be declined.

Built-in Analytic Processes

To avoid merchant account fraud, merchants should find or build software with built-in analytic processes. In a security breach, comprehensive dashboards will automatically be generated to show when and where the violation occurred. Further, automated responses can be implemented to flag all access points, helping merchants detect and patch vulnerabilities faster than ever.


Broaden Cybersecurity Awareness

One of the greatest tools you can leverage is knowledge; businesses should dedicate considerable time educating their staff on cyber threats and security. New attacks and malware emerge all the time—small businesses need evolving security awareness training to detect vulnerabilities and potential threats.

In addition to staying knowledgeable about cybersecurity, merchants should also use a password protector service, such as KeePass, to further enhance security. By doing this, passwords can be fortified to make them more difficult to decode and hack into sensitive data, financial information, proprietary systems, and more. Password protector services store passwords securely so merchants can access them without needing to remember them. More importantly, merchants can routinely run analyses and check-ins to avoid data breaches. This is especially important during transitional stages, such as transitioning to a remote workplace.

Knowledge is power for fraud detection and prevention; however, your payment processing partner’s fraud management features and tools can help. If you haven’t already, it’s time to partner with a PCI-compliant merchant account and services provider and utilize the built-in security features/services within their platform to prevent merchant account fraud. The top payment gateway providers also use anti-fraud measures like check verification and have the latest security standards in place, as recommended by Nacha for ACH transactions.

For more information on merchant account and credit card fraud prevention, contact to consult with our experts.


Date Originally Published: January 08, 2021

Date Updated: August 1, 2022

iCG Pay’s innovative solutions help you accelerate payments simply, securely, and reliably.

We help businesses accept and process payments with our suite of next-gen customizable fintech solutions. Our automated technologies help you carry out ACH and credit card transactions on a single easy-to-use platform.