What Should You Do If You Suspect Credit Card Fraud by a Customer?

Wondering what you should do if you suspect credit card fraud by a customer?

Credit card fraud presents many challenges for online businesses. While you want to reduce your level of exposure to chargebacks and losses, you also want to create a smooth and simple buying experience for customers. Sometimes, these goals can be at odds, making it harder to determine what to do when you suspect credit card fraud by a customer.

In this article, we’ll share eight steps you should take when you suspect credit card fraud.

Types of Credit Card Fraud

When the cardholder doesn’t authorize a payment, it is considered fraudulent. Most fraudulent payments are made using a stolen physical credit card or stolen credit card numbers.

Brick-and-mortar businesses can easily verify whether customers are the rightful owners of the credit card used for transactions. However, online businesses often find it more challenging to spot fraudulent transactions. This is because fraudsters have developed sophisticated techniques to hide their identities.

Another common type of credit card fraud, friendly fraud, occurs when a customer dishonestly claims that an order never arrived, was damaged, services were never performed, or that the transaction was never authorized.

As eCommerce continues to grow and people make more online purchases, traditional credit card theft and friendly fraud will certainly get worse. Because customers can report fraud via a chargeback directly to the payment processor, online businesses have to deal with a labor-intensive process of fighting fraud claims and potential fees.

It’s important to stay vigilant when it comes to credit card fraud because you bear the burden as the merchant. Luckily, if you’re already using WP Simple Pay to accept payments on your WordPress site, you can use Stripe’s fraud protection features like Radar.

What should you do if you suspect credit card theft by a customer? Let’s take a look.

1. Reach Out to the Customer

If your customer makes a purchase on your site without your involvement and you aren’t sure if the transaction is legitimate, it often helps to reach out to them with an email to ask for more verification.

You could ask for their bank’s name, their name as it appears on the credit card, or pretty much any other piece of information that would help you verify their identity. End your email with, “I will fulfill your order once you provide this information.”

If the customer is trying to make a fraudulent transaction, there’s a good chance they won’t respond. Fraudsters don’t want any attention, especially if it seems like you’re trying to confirm their identity. Reaching out could scare them off.

2. Consult Stripe’s Guidelines

Stripe has resources on how to behave if you suspect a customer is trying to pay fraudulently. You’ll want to review this information carefully. It’s not just good advice. It also probably spells out steps you should take to keep your account in good standing with the payment processor.

For example, Stripe’s guide on disputes and preventing fraud explains what fraud looks like, how to avoid it, and what to do if you think a customer is trying to make a fraudulent purchase.

3. Use Stipe’s Fraud Tools

Stripe offers powerful fraud protection tools within its dashboard. Radar is the payment processor’s machine-learning algorithm that identifies fraudulent activity for every transaction that comes through its platform.

Radar is unique because it doesn’t just block fraudulent payments. It also informs you of why it happened so you can take steps to protect yourself in the future.

One of the best parts about Radar is that it lets you customize your own protection rules. To learn more, see our guide: How to Use Stripe Rader the Right Way.

4. Delay Shipping Goods or Performing Services

As a business, it’s a good policy to fulfill your customers’ orders (whether they order products or need you to perform a service) as quickly as possible. Customers who get what they pay for quickly are more likely to become repeat customers.

With all that being said, if you suspect a customer has made a fraudulent transaction, it’s smart to delay fulfilling their order for about 48 hours. This gives the customer some time to notice the fraudulent transaction and contact you or their bank for a remedy.

If you ship the customer’s order, start work on their project, or spend their money, you may be liable for those costs if the cardholder initiates a chargeback.

For more information, see our complete guide on chargebacks and how to win disputes.

5. Decline the Sale

If you feel like something is off about a transaction, trust your instincts and decline the sale.

We know it’s hard to turn away business, especially if you’re a new company that needs immediate sales to fuel growth. But, in the long run it’s easier on you if you turn away anything that’s suspicious. Otherwise you could end up with a chargeback. You’ll be out the money and you’ll damage your reputation with Stripe.

An incredible sale that seems too good to be true probably is. A customer who can’t remember their own address isn’t just forgetful. Listen to your gut when it tells you something is wrong. If the customer can’t make you feel at ease, apologize and decline the sale.

6. Update Your Policies and Procedures

After dealing with credit card fraud (or even just potential fraud), it’s important to update your standard procedures to ensure you correct it again in the future.

Next, you’ll want to update any settings in Stripe to reflect your new policy. You can easily set up different rules for your transactions:

Block rules let you block payments you strongly think are fraudulent, even if Radar doesn’t catch them. For instance, you might block payments from a particular country or a type of card.

Allow rules force Stripe to accept payments, even if Stripe Radar might flag them as fraudulent. For example, you might allow all payments from a particular IP address. Allow rules override all other rules including Stripe’s machine learning models, so use these with extreme caution.

Review rules place any qualifying payments into a review queue for you (or someone on your team) to review personally. For instance, you might insist on personally approving all payments over a certain dollar amount.

7. Set Up CAPTCHA

CAPTCHA is a program or system intended to distinguish human from machine input. WP Simple Pay lets you use one of the following CAPTCHA options:

1. Google reCAPTCHA: It works invisibly on your website to combat spam bots without bothering your customers.
2. hCaptcha: One of your best choices if you prefer an anti-bot solution that protects user privacy.
3. Cloudflare Turnstile is another reCAPTCHA alternative that focuses on user privacy. Turnstile offers multiple CAPTCHA types: Managed, Non-interactive, and Invisible.

You can also use the plugin to configure your Anti-Spam email verification settings.

8. Act Quickly

The key to combating customer credit card fraud is to respond quickly whenever you suspect it.

Often it only takes a little scrutiny to deter a fraudster. If you follow the steps we’ve outlined above, you’ll minimize your exposure to risk and maintain a healthy relationship with Stripe.

If you liked this article, you might also want to check out our guide on how to block prepaid cards with Stripe.

What are you waiting for? Get started with WP Simple Pay today!

To read more articles like this, follow us on Facebook and Twitter.