Escolar Documentos
Profissional Documentos
Cultura Documentos
How to Help
Prevent Fraud
Merchant Services
tips to help protect
your business
Fraud Awareness Debit and Credit Card
All credit cards issued in Canada are designed with Fraud Awareness
special security features to help deter counterfeiting
While CHIP transactions are among the most secure
and fraud. A fraudulent credit card transaction
in the world, debit and credit card fraud resulting
could involve an invalid account number, or the
from skimming can occur. Skimming refers to the
unauthorized use of a valid account number.
fraudulent practice of capturing account information
One of the common types of fraud loss is due to from the magnetic stripe of a debit or credit card in
unauthorized use of a lost or stolen credit card. order to make a counterfeit card.
Fraudulent transactions normally occur within hours
Personal Identification Numbers (PINs) may also
of loss or theft. In most cases, the victim has not yet
be stolen.
reported his/her card as missing or stolen.
Here are the steps you can take to help
Procedures have been established by the Payment prevent skimming:
Card Networks to help you detect fraudulent cards
and take appropriate action when necessary. In Inspect your POS equipment regularly including
addition, card security features have been designed to serial numbers, wires and cables. If any equipment
facilitate the detection process. looks unfamiliar, appears altered, or is missing,
notify TD Merchant Services immediately.
The information in this brochure is provided to help
you protect your business against fraud losses. heck ceilings, walls or shelves near PIN pads
C
for holes that could conceal a small camera.
1 2
llow the customer to hold the PIN pad until
A and amount on the imprinted sales draft and
the transaction is complete. ensure that the customers signature is obtained on
the imprinted sales draft. If you are experiencing
eep all transaction records on file (for the length of
K persistent problems in processing your customers
time specified in your processing service cards through your terminal, please contact
agreement), along with employee shift schedules TD Merchant Services for assistance.
and supplier information.
3. Call for an authorization if:
Credit Card Fraud 3 Your electronic terminal gives you the message
Call for Auth.
Prevention Checklist 3 The account number that appears on your
terminal screen does not match the account
The risk of allowing unauthorized number displayed on the front of the card.
fraudulent credit card transactions 3 You are suspicious of the cardholder, credit
is reduced if you follow the proper card or signature.
procedures on every credit card Be aware that obtaining an authorization
transaction, including: number only confirms the funds are available on
the card. It does not confirm that the cardholder
1. Check that the credit card presented bears all of
authorized the transaction nor does it prevent a
the usual symbols and marks:
chargeback.
3 The four-digit printed number above or below the
account number displayed on the front of the card. NOTE: If you are using an electronic terminal, your
floor limit will be provided to you by TD Merchant
3 The three-dimensional hologram on the front of Services. If your terminal is not working due to
the card or the mini hologram or holographic power failure or system problems, please revert to
magnetic stripe on the back of the card. your manual floor limit procedures, i.e. phone for
Please see pages 7-10 for additional details authorization, record the authorization number on
the sales draft and take a manual imprint of the
2. Ensure that the imprint is clear and legible credit card on any transactions equal to, or greater
on all copies of any sales drafts: than, your manual floor limit.
3 If you have an electronic terminal and cannot
4. Ensure that the cardholders signature on the
swipe the card through your terminal, you may
sales draft matches the one on the signature
key the transaction manually. Take special care to
panel of the credit card. Ask for identification if
review the security features of cards that do not
necessary.
swipe successfully.
3 Also, you must ensure you take a manual
imprint of the credit card as proof that the card
was present during the transaction. Make sure
you have a merchant plate affixed to the manual
imprinter. Record the date, authorization number
3 4
All cards have a signature panel on the back. Compare
CODE 10 authorization the signature on the signature panel with the one
Whenever you are suspicious of a credit on the sales draft for correct spelling and similar
card transaction or a cardholder, call the handwriting. If they are different, do not hesitate to ask
TD Merchant Services Authorization Centre for identification. Never accept an unsigned credit card.
immediately at 1-800-363-1163 and identify You should check the signature panel for obvious
your call as a CODE 10 authorization. signs of tampering, such as scratching, the presence
The CODE 10 authorization is a procedure of white tape or white correction fluid, or signs that
designed to alert the operator that you suspect a felt-tipped pen has been used to write over a
that the transaction may be fraudulent or pre-existing signature. If you can see the word
suspicious, without alarming the individual void repeated on the signature panel, then the
who is presenting the card. A series of yes panel has been erased or compromised in some
or no questions will be asked to verify the way and you should not accept the card.
authenticity of the card. The operator may give All cards have a magnetic stripe on the back which
you an authorization code or may instruct you is encoded with account information. This stripe
to retain the credit card. It is for this reason should be smooth and straight and show no signs of
that you should hold the card throughout the tampering.
authorization process.
If you have an electronic terminal, the magnetic stripe
Do not try to apprehend or detain the person is read and the account number is displayed on your
using the credit card. Take note of his or her terminal screen each time you swipe a card. Make sure
physical appearance and of any other relevant the number that appears on the screen matches the
information, in case the person leaves your account number on the front of the card. When the
premises. receipt is printed, you should also compare the account
number on the receipt with the one on the card. Only
on a swiped transaction, if the numbers do not match,
Security features of all credit card designs call for a CODE 10 authorization.
Recognizing suspicious cards is a good first step On the following pages, you will find images of the
toward protecting yourself against credit card fraud. front and back of Visa* and MasterCard designs,
You need to know what security features appear along with a guide to the specific security features of
on each type of card, and you should be able to each one. Familiarize yourself with these features so
recognize common signs of tampering in order to that you will be able to recognize suspicious cards and
detect cards that may be fraudulent or counterfeit. protect yourself against fraud.
Before accepting a card, make sure the account
number shows no signs of re-embossing or alteration. EMV liability shift
Check that the validity dates, which are embossed Did you know that if you process an
below the account number, do not appear altered. EMV CHIP card by using the magnetic
Do not accept a card that is being used prior to the swipe you could be found liable for
Valid from date or after the Good thru date. a chargeback, unless your terminal
prompted you to do so.
5 6
Security Features
Visa Card
1
1 The Account Number
All Visa account numbers have 16 digits and begin 2
with a 4. You should check that the numbers are 3
clean and clear, and that all the numbers are the
same size and regularly spaced. If the numbers TD Business Visa* Card without CHIP
appear fuzzy, the card may have been re-embossed.
4 Signature Panel
The signature panel is tamper evident with the 6
word MasterCard printed in multiple colours
at a 45-degree angle. For magnetic swiped
1
transactions, remember to compare the signature 2
on the back of the card with the cardholders on
the receipt.
7
5 Card Verification Code 2 (CVC2)
The four digits printed on the signature
panel must match the last four digits of the
account number, followed by the three-digit
indent-printed CVC2 number.
4
5
9 10
Card-not-present fraud
Watch for suspicious behaviour What is card-not-present fraud?
While any of the following can occur in a Card-not-present fraud refers to fraudulent
perfectly legitimate transaction, some or all transactions that occur without the use of an actual
of these characteristics are also frequently card. Typically, it occurs in situations where
present during fraudulent transactions. Be customers provide only a credit card number, such
alert for the customer who:
as in online, telephone or mail-order transactions.
akes random purchases with little regard
M Because the card is never presented to you, you have
for price, size, colour or style. no way of checking its validity using the security
P urchases an unusual quantity of features outlined on pages 710.
expensive items. Card-not-present fraud is the fastest-growing type of
harges expensive items on a newly valid
C fraud in Canada. It is popular with criminals because
credit or debit card. it allows them to commit fraud without the risks
involved in going into a store and attempting to
P urchases large items such as TVs or stereos,
make a purchase with a counterfeit or altered card.
and insists on taking the merchandise
immediately even when delivery is included in What are Visa and MasterCard doing to help
the price. prevent card-not-present fraud?
akes several small purchases in order to
M To help you protect yourself from card-not-
test the cards acceptance. present fraud, Visa has developed the Verified by
Visa* program, the Address Verification Service
emoves the credit or debit card from a
R
(AVS) and added the Card Verification Value 2
pocket rather than a wallet.
(CVV2) to all cards. MasterCard has developed
P rovides multiple cards to make a single the MasterCard SecureCode program and the
purchase after a decline (especially in a Address Verification Service (AVS) and added the
card-not-present transaction or a transaction Card Verification Code 2 (CVC2) to all cards.
with magnetic swipe cards).
annot provide photo identification
C
upon request.
urries the clerk at quitting time or is
H
excessively talkative because of nervousness
or in an attempt to frustrate the clerk.
S eems too familiar with your terminals
functionality or provides you instructions on
how to process the card.
O
verpays for your services and requests a
wire transfer, money order or certified cheque.
11
What are the Verified by Visa and What are the Card Verification Value 2 (CVV2) and
SecureCode programs? Card Verification Code 2 (CVC2)?
Verified by Visa and MasterCard SecureCode1 use CVV2 and CVC2 are credit card security features that
a password system to add a new level of security to help you ensure that the person making an online,
online Visa card and MasterCard card transactions. telephone or mail-order purchase from you is actually
A cardholder creates a password, which they enter a legitimate cardholder. The CVV2 and CVC2 are
whenever they make a purchase at the website three-digit security codes that appear on or to the
of a merchant who participates in Verified by Visa right of the signature panel on the back of Visa and
and SecureCode. This helps ensure that the person MasterCard cards. (See the card visuals on pages 8
making the purchase is the actual cardholder and not and 10 for examples of the CVV2 and CVC2.)
just someone who has the account number of a card.
How do the CVV2 and CVC2 protect
Your customers are aware of the growth in online you against fraud?
credit card fraud and, when they see that your
Whenever you take a card-not-present order
website participates in Verified by Visa and
online, by phone or by mail make sure you
SecureCode, it can help make them feel secure
request this three-digit number. The Visa and
about purchasing through your website. As well, if
MasterCard systems provide a real-time check to
you participate in the Verified by Visa or SecureCode
ensure that the CVV2 or CVC2 you have been
programs, you can receive greater protection from
given is the one properly associated with the
fraud-related chargebacks.
account number provided by the customer.
By supplying the CVV2 or CVC2, the customer
shows that they are actually in possession of
the card. If the customer has only the account
number or the account number and expiry date,
it may indicate that the transaction is fraudulent.
14
Hacking What else are Visa and MasterCard doing?
As businesses come to depend more and more on Visa and MasterCard have aligned with a data
technology, criminals look for new ways to exploit security standards program offered by other payment
technology for their own purposes. Todays tech- organizations to create a Payment Card Industry
savvy criminals can hack into your computer system (PCI) set of data security standards. This alignment of
to gain access to sensitive information about you, standards is designed to increase the security
your business and your customers. of card information and further protect cardholders
and merchants against fraud. It also simplifies
How does Visa and MasterCard help protect your
things for merchants like you, by establishing one
business against hackers?
set of security standards for you to implement.
The Visa Account Information Security (AIS) and
MasterCard Site Data Protection (SDP) programs are How can Visa and MasterCard help ensure your
global programs that help make both the virtual and business is secure?
the physical portions of your business more secure. To assess how secure your business is against
AIS and SDP provide you with an easy-to-use toolkit fraud, you can visit visa.ca/securewithvisa
designed to help you protect cardholder account Additionally, visit visa.ca/ais and
and transaction data against unauthorized access by mastercard.com/ca/merchant to confirm
hackers. The AIS and SDP programs incorporate a your business complies with the Payment Card
self-assessment questionnaire that lets you evaluate Industry Data Security Standards (PCI DSS).
how well your business is protected. For more information on the PCI Council,
visit pcisecuritystandards.org
16
How can you safeguard your
customers information?
Any documents containing credit card account
numbers should be stored and destroyed in a secure
manner to safeguard your customers information.
17
Please immediately
report any suspicious activity
involving credit card
or debit card use to
TD Merchant Services at
1-800-363-1163
The TD logo and other trade-marks are the property of The Toronto-Dominion Bank.
581614(1113)