Recently an MSP that we know lost $10,000 in laptop orders, as the result of a fraudulent credit card transaction.
It was devastating to them.
It was not a typical hardware sale, but the ITSP didn’t think anything bad could happen.
After all, they have IT clients that place large equipment order all the time, right?
The difference: this MSP did not know the person who was ordering the hardware from Adam on the street.
Hardware orders via an online form and over the phone come with risk.
To eliminate this risk, MSP’s need to seek wisdom from those who can help.
IT owners can’t and shouldn’t expect assistance from credit card companies or financial institutions.
And if credit card companies and financial organizations won’t offer guidance, who will?
We are here to help guide you.
Here are some ways that your MSP can get rid of fraudulent credit card transactions once and for all.
Get all applicable information from the front of the physical credit card.
Your IT company needs to make sure you do all you can, on your part, to decrease risk.
This starts by getting all the info you can re: the credit card transaction.
Start by getting the potential IT client’s cardholder name. You need to get the name exactly how it appears on the front of the credit card! See image below.
The next step is to get the 16 account digits, along with the card verification number from the back.
Or in the case of an Amex, the 4-digit code on the front of the credit card. See example below.
Be sure to get and validate the credit card expiration date, as well as the complete address and phone number associated with the actual account holder.
Most importantly, do not ship goods to customers who are unable to or refuse to provide a full name and billing address.
Fraudsters will typically give a bogus name and address, such as Donald Smith or 111 Main Avenue.
Be sure your IT billing team gets the credit card verification number!
Because the three and four-digit codes do not appear on credit card receipts, many fraudsters will attempt to use stolen credit card numbers, as they are in possession of a stolen number rather than a stolen card.
Fraudsters are less likely to have the three and four-digit codes when in possession of a stolen card number, rather than the card itself.
With this info, your IT company will now be able to use the address verification service. This service works by comparing the billing address given by the IT prospect with the financial institution or bank’s database.
We would also strongly recommend that your MSP call the card-issuing institution to ask them to make a courtesy call to the customer in order to verify the potential charge.
According to Visa, businesses that use credit card verification services and methods reduce charge backs by as much as 70%!
Be careful of hardware orders that use different bill-to and ship-to address.
This is a telltale sign of a fraudulent credit card situation.
If this happens to your IT company, request a phone number where you can call to validate if the customer wishes to ship the order to a different ship-to location.
With the data your IT team has collected, the next step is to use a website like www.anywho.com, which checks for bogus billing addresses.
The site also integrates phone numbers, maps and email addresses as a validation tool.
Watch out for larger-than-normal orders that demand next-day delivery.
Fraudsters will typically try and place orders for next-day delivery that are larger than the typical size.
For example, fraudsters will order 15 monitors, or 20 laptops, 10 expensive toner cartridges.
Orders like this should raise a red flag for your MSP.
Fraudsters need to have their orders approved and delivered before credit card fraud is discovered, and the order canceled. Fraudsters are also not concerned with cost of items or to ship, next day, which can get expensive.
Control what you can control: validate the order before shipped.
As an IT company you need to do everything within your power to make sure you validate orders.
For hardware orders that are not placed in person, we would suggest having the customer securely email copies of both sides of the credit card.
To take things step further, we’d highly suggest requesting a copy of a state-issued ID card.
This provides your IT company an additional proof-source that the potential customer is the true credit card holder.
And never give out ConnectBooster credentials to anyone you don’t know or trust!
Take immediate steps if fraud is discovered.
Call the police to report any credit card fraud crime.
After that, call the credit cardholder’s issuing bank or financial institution to ask someone to place a courtesy call to the actual credit card owner, alerting them of a possible fraudulent occurrence.
Be sure and tell the bank representative that you have the shipping address where the charged product is being shipped.
Most importantly, trust your gut!
If the caller does not seem confident about any of the information they are providing, or you feel awkward about sending merchandise, then don’t!
It is always better for your IT business to say ‘NO’ than risk giving away pc hardware for free.
Make the nightmares of fraudulent credit card transactions go away.
If you are an MSP or IT company that wants to be educated on how to establish a payments processing method to help you prevent fraudulent credit card transactions once and for all, schedule some time with us by clicking here.