Not too long ago, manual credit card imprinters used to be the norm at any cashier’s station. The customer would wait while the cashier pulled out a clunky-looking machine and made an imprint on the card used for the purchase. Nowadays, we have contactless payments, and the whole process moves along much smoother. However, it seems that the new tech has also brought about its fair share of controversy.
In a recent video, a man is shown using a card terminal to process a contactless payment from an unsuspecting victim with a cell phone in his pocket. The man put the payment machine close to the victim’s pocket, and the machine detected the card and processed the payment. The video has stirred controversy in the payments industry.
Contactless payment technologies use radio-frequency identification, which can be implemented on phones, watches, and other wearable devices. For this reason, viewers have expressed concern over the possibility of committing fraud using payment terminals. If a person can use the machine to process a payment from a card tucked away in someone’s back pocket within their wallet, then it could potentially be even easier to get it from phones and watches. Card readers can detect this frequency anywhere from 4 to 10 centimeters away, making it a high possibility that people might start using this tech to steal money from unsuspecting individuals.
While there have been documented cases of people who have had their money stolen, contactless payment theft is not a threat. All merchants have taken the necessary extra steps to ensure you are secured against contactless payment fraud.
Payment Terminal Providers, also known as Merchant Service Providers (MSPs), are often middlemen between payments processing companies like Visa and MasterCard and merchants. They require strict background checks for signing merchants up to the MSPs network to use payments software and terminals.
The merchant application process is lengthy and thorough. It involves some if not all of the following steps:
Fraud can fall on any party if there is a serious breach or negligent action, but typically, fraud falls on the issuing bank or merchant. Many MSPs provide free equipment upfront. The merchants pay it back through transaction fees. As such, background checks are processed to reduce risk. MSPs put their reputation on the line if they sign a fraudulent business, which could result in a case of legal liability, such as money laundering. Background checks help prevent those types of situations.
MSPs also risk losing money on every transaction that has to be returned to the consumers if the merchant makes a mistake. The transaction fees are not refunded, which is where the majority of profit risk lies. This process makes it incredibly difficult for fraudulent businesses to be onboarded.
Aside from having a strict onboarding process, MSPs have a thorough underwriting procedure to catch fraudsters. It’s divided into three separate categories.
In the first category, known as the customer identity verification stage, the initial pieces of information that validate the applicant’s identity are analyzed. This includes the collection of documents such as ID and other corporate registration documents. Other static data, like location, address, and account information, is taken into account. There are also commercial history checks and blacklist checks. In e-commerce, a web crawler is used to detect harmful traffic.
The second category is called the counterparty credit check. This is where the commercial background of the managers and corporations (i.e., how long they’ve been in business or the industry) is observed. The Merchant Category Code (MCC) is checked for validity, as well as an assessment of transactions volume, geographic footprint, and credit score.
The final category activates the customer by doing a final review of all the submitted documents. This is done to review the applicant’s submission and confirm that all the necessary papers are valid and in order.
Fraudsters would have to be quite sophisticated to jump through all of the legal and underwriting hoops. They would have to fake an entire business to qualify for a legitimate business, and any one of the above steps (background check, credit check, transactions analysis, etc.) could result in a denial or raise a red flag. However, the process is thorough and strict because of the amount of information and the number of questions that are tied to personal identification and authentic registration.
Regardless of how strict the processes are for onboarding and underwriting merchants, there will still be a certain number of fraudulent applications from people trying to slip through the cracks. This is why MSPs use IP trackers.
Whenever someone connects to a server, they exchange their computer’s IP address with the one that the server provides. When the IP address tracker detects the origin of the computer, that’s how MSPs find fraudulent applications. IP trackers capture IP addresses from the businesses that are applying. As such, it is very easy for the MSPs to identify someone in a foreign country applying as a merchant from Ohio, for example. The fraudster will access the MSPs’ online portal, and the IP trackers immediately narrow down the location of the computer.
Software and machine learning have also been developed, which checks to see if bits of an application have ever been used in past merchant applications. This is because it is becoming more commonplace in merchant onboarding software. The info can be checked against merchant accounts that have been terminated before or are associated with other flagged products or businesses.
Other standards have been established to reduce fraud even with the added backup of merchants looking out for contactless payment users’ security. In terms of clients’ personal funds, most contactless payment systems have a limit (usually around $50 US or £30) that can be processed on every payment. Furthermore, if someone manages to steal that amount of money from an unsuspecting customer, most credit card companies have a zero liability agreement that refunds any money that was fraudulently stolen. So, in the end, while the video may have caused some concern in the eyes of viewers, the reality is that clients are protected.
To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.