Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 967
- Points
- 113
Not long ago, imprinters (handheld card readers) were the norm at checkout counters. The buyer waited while the cashier used this bulky device to take down the card information and place the order. Today we have contactless payments, and with them it is much easier and faster to pay for purchases. But the new technology is causing a lot of controversy. A video.
was posted online in which a man, using a card terminal, quietly debited funds from the card of an unsuspecting buyer. He placed the device close to the victim's pocket, and it recorded the proximity of the card and processed the payment. This video sparked a major debate in the payments industry. Contactless payment technologies use radio frequency identification, implemented in smartphones, watches and other compact devices that people always carry with them. In this regard, many who watched the video were concerned about the possibility of fraud using payment terminals. If criminals can use such a device to withdraw funds from a card hidden in a wallet in the back pocket, then surely it will be even easier with a phone or watch. Card readers scan the radio space at a distance of 4 to 10 cm, so it is likely that someone would want to use the technology to steal money from smartphone owners. But, although cases of theft of funds have been recorded previously, we are not threatened with a wave of fraud using contactless technologies. Merchants have already taken additional protective measures.
Accepting a merchant into a provider network is a long and thorough process. It includes at least several, and ideally all of the following steps:
In the event of negligence or serious misconduct, legal liability may be incurred by any party, but is typically borne by the card issuing bank or merchant. Many merchant services provide equipment for free up front, and merchants pay for its cost through transactions. And in each case a check is carried out. Without careful monitoring, merchant services risk their reputation and may be subject to legal liability if they provide services to a fraudulent organization operating, for example, for the purpose of money laundering.
Merchant services also risk losing profits on each transaction returned to consumers if the merchant makes a mistake. Transaction fees are non-refundable and this creates significant profitable risk.
Ultimately, it becomes incredibly difficult for fraudulent businesses to get into this system.
In the first stage (client data verification), basic information confirming the applicant’s identity is analyzed. This includes the collection of identification and registration documents. Static data is also taken into account, such as office location and address, and account information. In addition, commercial history and blacklists are checked. And in e-commerce, search robots are used to detect malicious traffic.
The second step (credit check) checks the business history of the company's managers: for example, how long they have been in the industry. The information is verified against the merchant category code (MCC). It also evaluates transaction volume, geographic coverage and a company's credit rating.
At the last, third step, the merchant service conducts a final check of all provided documents.
Fraudsters will have to work hard to overcome all the legal obstacles and procedures, given the number of tests and the amount of information collected. They will have to fabricate an entire business, and any of the steps described above could expose them to clean water or raise serious suspicions.
When a computer connects to a server, the server knows its IP address. The IP address tracker determines the geographic location and other information of the computer, which allows the merchant service to detect fraudulent requests.
Trackers compare information about the IP addresses of businesses submitting applications. It is so easy to discover that a potential client is connecting from another country, while posing as a merchant from Ohio. If an impostor tries to access the online merchant service portal, the IP tracker will immediately determine his location.
Also, modern software and machine learning make it possible to determine whether certain sequences of the provided data have previously been used in other similar applications. The collected information is checked against data on revoked or suspicious merchant accounts. Such analysis tools are becoming increasingly common across the industry.
In addition to active support from merchants who ensure the security of contactless payments for their businesses, the industry is introducing new standards to reduce the risk of fraud. Most contactless payment systems have a limit on the amount of one transaction. And if someone manages to steal this amount of money from a client, most credit card companies will operate under a zero liability agreement, which involves returning all stolen funds to the victim.
Despite the fact that the scam video worried viewers, in reality, customers are reliably protected from such scams.
was posted online in which a man, using a card terminal, quietly debited funds from the card of an unsuspecting buyer. He placed the device close to the victim's pocket, and it recorded the proximity of the card and processed the payment. This video sparked a major debate in the payments industry. Contactless payment technologies use radio frequency identification, implemented in smartphones, watches and other compact devices that people always carry with them. In this regard, many who watched the video were concerned about the possibility of fraud using payment terminals. If criminals can use such a device to withdraw funds from a card hidden in a wallet in the back pocket, then surely it will be even easier with a phone or watch. Card readers scan the radio space at a distance of 4 to 10 cm, so it is likely that someone would want to use the technology to steal money from smartphone owners. But, although cases of theft of funds have been recorded previously, we are not threatened with a wave of fraud using contactless technologies. Merchants have already taken additional protective measures.
Checking reputation and other information about new merchants
Payment terminal providers, also known as merchant service providers (MSPs), often act as intermediaries between merchants and payment processing companies such as Visa and Mastercard. They require merchants to go through strict checks before they gain access to terminal hardware and software.Accepting a merchant into a provider network is a long and thorough process. It includes at least several, and ideally all of the following steps:
- Verification of the identity of business owners (business registration information, personal documents).
- Check account history, if available.
- Analysis of the company's work (checking the website, business model, operations).
- Clarifying whether the business follows the security rules of card networks.
- Assessing the credit solvency of a business.
In the event of negligence or serious misconduct, legal liability may be incurred by any party, but is typically borne by the card issuing bank or merchant. Many merchant services provide equipment for free up front, and merchants pay for its cost through transactions. And in each case a check is carried out. Without careful monitoring, merchant services risk their reputation and may be subject to legal liability if they provide services to a fraudulent organization operating, for example, for the purpose of money laundering.
Merchant services also risk losing profits on each transaction returned to consumers if the merchant makes a mistake. Transaction fees are non-refundable and this creates significant profitable risk.
Ultimately, it becomes incredibly difficult for fraudulent businesses to get into this system.
Merchant services use a strict credit check process
In addition to approving new clients, merchant services also strictly evaluate their creditworthiness, which provides more opportunities to identify fraudsters. This procedure can be divided into three stages:In the first stage (client data verification), basic information confirming the applicant’s identity is analyzed. This includes the collection of identification and registration documents. Static data is also taken into account, such as office location and address, and account information. In addition, commercial history and blacklists are checked. And in e-commerce, search robots are used to detect malicious traffic.
The second step (credit check) checks the business history of the company's managers: for example, how long they have been in the industry. The information is verified against the merchant category code (MCC). It also evaluates transaction volume, geographic coverage and a company's credit rating.
At the last, third step, the merchant service conducts a final check of all provided documents.
Fraudsters will have to work hard to overcome all the legal obstacles and procedures, given the number of tests and the amount of information collected. They will have to fabricate an entire business, and any of the steps described above could expose them to clean water or raise serious suspicions.
IP trackers help detect fraudulent applications
No matter how strict the processes for accepting and verifying merchants are, there is always a percentage of violators who managed to outsmart the system. To find them, merchant services use IP trackers.When a computer connects to a server, the server knows its IP address. The IP address tracker determines the geographic location and other information of the computer, which allows the merchant service to detect fraudulent requests.
Trackers compare information about the IP addresses of businesses submitting applications. It is so easy to discover that a potential client is connecting from another country, while posing as a merchant from Ohio. If an impostor tries to access the online merchant service portal, the IP tracker will immediately determine his location.
Also, modern software and machine learning make it possible to determine whether certain sequences of the provided data have previously been used in other similar applications. The collected information is checked against data on revoked or suspicious merchant accounts. Such analysis tools are becoming increasingly common across the industry.
In addition to active support from merchants who ensure the security of contactless payments for their businesses, the industry is introducing new standards to reduce the risk of fraud. Most contactless payment systems have a limit on the amount of one transaction. And if someone manages to steal this amount of money from a client, most credit card companies will operate under a zero liability agreement, which involves returning all stolen funds to the victim.
Despite the fact that the scam video worried viewers, in reality, customers are reliably protected from such scams.