Credit card processing scams come in all forms. They can be a phone call from an alleged merchant service provider saying your card terminal needs updating or an email offering rate reductions. Fraudsters posing as your company trick customers into handing over payment details, while cybercriminals find new ways to unlawfully purchase goods without paying a dime.
Undoubtedly, payment processor scams and merchant account fraud harm small businesses and consumers. Yet, electronic payments fuel the e-commerce ecosystem, and cash isn’t a popular payment method. Being informed and proactive is the best way to protect your company and customers. Explore the latest credit card frauds and scams to understand how to build your defense.
What is a credit card processing scam?
Credit card processing scams involve unscrupulous payment service companies and fraudsters. They may con small businesses into long contracts that are nearly impossible to cancel, charge hidden fees for non-existent services, or offer hardware leases that cost thousands of dollars for equipment worth a few hundred.
It can be impossible to reach the provider, and the Federal Trade Commission (FTC) said some processing “agreements can require that legal disputes are heard in another state.” These deceptive practices exploit small companies and can be hard to detect.
The best credit card payment apps and services offer transparent rates, accessible customer support, and clear guidance on integrating payments into your website and point of sale (POS) system. Conversely, merchant services scams use high-pressure sales tactics and push limited-time deals.
Watch out for these red flags:
- Termination fees based on estimated processing amounts and months left in your contract instead of a flat rate.
- Aggressive sales tactics include repeated calls and messages stating that you must sign up now for the lowest rates.
- Promises of free hardware or no upfront fees for leasing without explanations about the equipment brand or retail cost.
- Requests for confidential financial information or upfront payments before the payment processor has provided services.
- Complex tiered pricing models and credit card processing fees for statements, batch settlements, and Payment Card Industry (PCI) compliance.
- A lack of professional communication and review channels, such as business email addresses, websites, phone numbers, and verified customer review pages.
[Read more: What You Need To Know About Secure Payment Systems]
What are merchant service scams and fraud?
Alternatively, merchant account fraud is when a fake processor gains access to your accounts. They steal money by manipulating transactions and are long gone before you realize funds are missing.
An employee may unknowingly participate when a caller identifies as a merchant account provider and walks them through reprogramming a credit card terminal. Or you might click an email link to update your account, unwittingly giving criminals access.
The bottom line is that a reputable credit card processor will not request sensitive information over the phone or through email. Employees shouldn’t touch credit card machines except to process payments; no one should provide merchant account details online or over the phone.
Types of credit card processing fraud
Like payment processor scams, credit card processing fraud takes many forms, from social engineering cons to “friendly” hustles from customers disputing legitimate charges. These deceptive acts impact businesses and consumers, and they’re often not just one-time incidents. The effects can continue as a company faces reputational damage and victims struggle to regain control over their data and accounts.
Bank of America said, “Merchants lost $38 billion globally to online payment fraud in 2023.” Meanwhile, U.S. consumers “reported losing more than $10 billion to fraud in 2023,” according to the FTC.
In one recent example, the United States Department of Justice and the FTC ordered the credit card processor Nexway to pay $650,000. Director Samuel Levine of the FTC’s Bureau of Consumer Protection said, “Companies like Nexway that knowingly launder charges for scammers are breaking the law and helping scammers cheat money from consumers.”
The latest credit card frauds and scams involve skimming devices. These capture card information at fuel pumps, POS terminals, and ATMs. The FBI estimated that “skimming costs financial institutions and consumers more than $1 billion each year.”
The bottom line is that a reputable credit card processor will not request sensitive information over the phone or through email.
Common transaction frauds include the following:
- Chargeback fraud: First-party or “friendly” fraud occurs when a customer disputes a legitimate purchase, asserting they didn’t authorize the payment or receive the product or service.
- Card-not-present fraud: This scheme is common with online and phone orders when the payment card isn’t physically present. Fraudsters may collect cardholder information through phishing scams or data breaches.
- Credit card theft: Thieves steal credit cards from the mail or use counterfeit cards to deceive merchants and make in-person or online purchases.
- Triangulation schemes: A seller on a third-party marketplace offers a low-priced item. After a buyer purchases it, the seller (a scammer) uses a different stolen card to order and ship the item from a reputable merchant to the original buyer.
- Business imposters: These scammers claim to be affiliated with well-known companies to defraud consumers. According to the FTC, reported losses to business imposters climbed to $752 million in 2023.
- Account takeover fraud: In this case, the criminal calls the credit card company, pretends to be the account owner, and acquires credentials to complete online transactions.
- Refund fraud: This type of employee theft occurs when a worker processes a refund from a payment or POS terminal and pockets a cash refund or shares the credit reimbursement with the customer.
[Read more: How to Communicate a Data Breach to Customers]
Preventing merchant account fraud and scams
KeyBank surveyed nearly 2,000 small to mid-sized businesses with annual gross revenues of less than $10 million. It found that 44% were most concerned about unauthorized transactions or electronic fund transfers. “Identify theft (37%), malware and ransomware attacks (28%), and phishing and email scams (27%)” also topped the list.
Choosing a reputable credit card processor is your first defense against scammers. Fake merchant account providers exist, and even real ones can be unethical. The FTC recommended evaluating vendors carefully and searching “the company’s name online with words like ‘scam’ or ‘complaint.’”
Understanding credit card processing terms is also essential. Ask account representatives if you can view a sample statement and itemized fee list. Also, discuss their free and paid fraud prevention services for online and in-person sales. Lastly, remember to read the merchant agreement carefully and highlight any terms that need to be clarified.
Finding a legitimate credit card processor
Reputable payment processors comply with PCI standards, use fraud monitoring and prevention tools, and help small businesses manage chargebacks. Consider partnering with a vendor offering intuitive online dashboards for monitoring transaction data and customer vaults for secure card-on-file transactions.
Check with these payment service providers to learn about their fraud prevention services:
- Merchant One: This vendor was founded over 20 years ago. It provides 24/7 unlimited support and has a 98% approval rate.
- Helcim: This privately held payments company launched in 2006 and offers services tailored to small businesses. Customer support is available Monday through Saturday.
- Stax: This company began in 2014 as Fattmerchant, provides services to over 30,000 businesses, and offers 24/7 customer support.
- Clover: Founded in 2010 and now part of the Fiserv family, Clover supplies POS systems and 24/7 customer service.
- Payment Depot: Founded in 2013 and acquired by Stax in 2021, Payment Depot offers 24/7 in-house customer support.
[Read more: How AI Monitoring Tools Can Benefit SMBs]
How to protect your customers
Small businesses protect customers by maintaining PCI compliance, following cybersecurity best practices, and implementing fraud prevention policies and services.
In-person scams and fraud typically occur when someone illegally uses another person’s credit card or steals magnetic stripe card data. Near-field communication (NFC) and Europay, MasterCard, and Visa (EMV) terminals use encryption technology. Therefore, tap-to-pay and chip cards are more secure than swipe transactions. Requesting to see identification, especially for high-value sales, can also reduce fraud.
Major credit card companies and processors offer fraud prevention services for online and CNP payments. Address verification service (AVS) confirms that the address entered during checkout matches the address on file with the cardholder’s bank. Card verification value (CVV) requires shoppers to enter the three- or four-digit code on the back of a credit card and repeated failed attempts trigger fraud alerts.
Another option to verify identity is 3DS. It asks the buyer to enter a temporary PIN, SMS code, or unique password. In addition, payment processors like Helcim and Merchant One provide secure customer vaults for storing payment data for card-on-file transactions. Other companies, like Stripe, have advanced machine-learning fraud detection tools.
Customer data protection also requires internal policies and training. An unaware employee could fall for a phishing scam that exposes your merchant account information. Likewise, an undetected data breach could result in many fraudulent transactions.
CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.
CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.