Credit Card Fraud: What Small Businesses Can Do

Merchants can’t eliminate fraud entirely, but they can reduce the expense of unauthorized credit card transactions.
Jan 28, 2022

Many or all of the products featured here are from our partners who compensate us. This may influence which products we write about and where and how the product appears on a page. However, this does not influence our evaluations. Our opinions are our own. Here is a list of our partners and here's how we make money.

Credit card fraud is the unauthorized use of a credit card. While cardholders can often avoid the financial liability for unauthorized transactions, it can come at a high cost for businesses, especially those accepting in-person payments on older card readers. The liability for fraud depends on which safeguards are in place. In general:

  • The card issuer is liable if the business used an EMV-enabled card reader to process the transaction, or if the purchase was made online. (EMV stands for Europay, Mastercard and Visa, and is also used to refer to cards that contain an electronic chip.)

  • The business is liable if it does not use an EMV-enabled card reader to process the transaction.

On Oct. 1, 2015, the responsibility for fraudulent credit card transactions was transferred to businesses that weren’t set up to accept EMV chip cards, which were more secure than magnetic-stripe cards because a one-of-a-kind code is created for each transaction. The shift also applied to merchants who allowed an EMV chip card to be swiped instead of inserted in their EMV reader. Before this shift, the credit card issuer would have been responsible for funds stolen by unauthorized credit card use.

Credit card fraud can impact a business in other ways, such as chargeback fees, network assessments and the potential loss of a merchant account. It may be impossible to totally eliminate credit card fraud, but there are steps a business can take to manage the number of cases it has to deal with.

What happens when a small business accepts a fraudulent charge?

The following scenario is typical when a fraudulent charge is identified by a cardholder:

  • The cardholder contacts the card-issuing bank to report the fraud and request the charge be reversed.

  • The cardholder’s bank verifies that the transaction is actually fraud and not something else, such as a forgotten purchase, and a chargeback or dispute is initiated.

  • The disputed funds from the transaction are withheld from the merchant until the issue is resolved.

  • The merchant can accept the chargeback or fight it by providing documentation such as receipts with signatures, customer correspondence and delivery confirmation.

  • If the card-issuing bank decides in favor of the cardholder, the disputed funds are returned to them.

Consequences for merchants

When a merchant loses a dispute or decides not to fight it, the result is often:

  • Loss of revenue from the sale.

  • The cost of the product is often written off.

  • A chargeback fee must be paid to the payment processor.

Merchants can also be put in a chargeback monitoring program run by payment networks like Mastercard or Visa if their chargebacks exceed acceptable rates. Merchants who are in these programs face fines and additional fees until their chargebacks reach an acceptable level.

Mastercard and Visa require merchants to participate in programs like the following when their disputes reach certain levels:

Mastercard Excessive Chargeback Merchant (ECM)

Visa Dispute Monitoring Program (VDMP)

Merchant participation is required when both of the following levels are reached:

  • 100 or more monthly disputes, AND

  • 1.5% or higher disputes-to-transactions ratio.

Merchant participation is required when both of the following levels are reached:

  • 100 or more monthly disputes, AND

  • 0.9% or higher disputes-to-transactions ratio.

The disputes-to-transactions ratio is calculated for each card network individually using only the transactions processed on their networks. Most card networks take the number of disputes for the month divided by the number of transactions for the month. Mastercard takes the month’s disputes divided by the number of transactions for the preceding month.

What fees and assessments are related to fraud?

Chargeback fees

A chargeback fee is an additional fee charged by your payment processor to cover the cost of processing the dispute and to give you  incentive to avoid disputes when possible. Chargeback fees vary by payment processor. While you may get lucky with some processors and not pay a chargeback fee, it’s more likely you’ll be charged $15 or more per occurrence.

Noncompliance assessments

Merchants who have been required by a card network to participate in a dispute program will be given some time to reduce their chargebacks. However, if a merchant is unable to resolve the problem, there are consequences for their payment processor. Payment processors that provide merchant accounts, also called "acquirers," can pay a noncompliance assessment when their merchants are in dispute programs.

“Visa and Mastercard can’t assess individual merchants. They can only assess their member banks,” says Gary Rutledge, chief operating officer of PaymentCloud and former Mastercard International Security Committee member. However, he says, these assessments are eventually passed on from the acquirer to individual merchants through escalating fees and fines.

What can small business owners do to reduce credit card fraud?

Review chargeback data

It’s important for merchants to understand where their chargebacks are coming from. They can do that by analyzing their credit card charges to identify patterns. Once it’s understood how the chargebacks are happening, a strategy can be developed to minimize the number.

Use EMV card readers for in-person transactions

“If the card is present, if the EMV chip is read and everything occurs the way it is supposed to at the point of purchase,” Rutledge says, "then the fraud liability shifts from the merchant to the issuer of that credit card.” Don’t swipe chip cards or you could be held liable for fraudulent transactions.

Make online transactions more secure

Online transactions, including e-commerce transactions, are less secure than in-person transactions. Generally, issuers are liable for fraudulent online purchases, but you can still minimize chargebacks and the costs of dealing with fraud by using:

Card security verification: To confirm the customer is in possession of the physical card, require the three- or four-digit security code imprinted on the card to be entered in addition to the card number and expiration date.

Payer authentication programs: Use programs such as Visa Secure and Mastercard Identity Check to direct the customer to an authentication screen that requires a password or code before processing the transaction.

Address verification system: Use your payment processor’s service to verify the cardholder’s address by comparing the billing address provided by the cardholder against the address in the issuing bank’s records.

Rule-based transaction filters: Set up rules and filters that can flag transactions as suspicious based on IP address, country, dollar amount, frequency, etc. This tool is typically offered for e-commerce transactions through the merchant’s gateway provider.

Delayed shipping of orders: Consider not shipping any order until the cardholder’s information can be verified. This may be especially useful for large-ticket sales.