Part 2: Safe and Smart: Teaching Customers How to Make Secure Online Payments
DISCLAIMER NOTE: The information provided in this article is for informational and awareness purposes only and should not be construed as legal advice.
Digital payments are projected to reach $9.46 trillion in 2023, and a recent report by Juniper Research estimates that online payment fraud is projected to reach $362 billion over the next five years. As a merchant, online and digital payments can make life easier for you and your customers, but knowing how to protect against fraud is essential for both of you.
In the first article of this series, we outlined the scale of online and digital payment fraud, how to identify it, and how to teach your customers to protect themselves against it. For this installment, we will now cover your next steps if you should ever find yourself a victim of fraud or potential fraud.
In this article, we will cover:
- Who is responsible for covering fraudulent transactions (customer or merchant)?
- How to report suspicious activity
- Consumer rights and liability
- Educating customers about online payment safety
Use these articles to help inform your customers so they may feel safe and secure in conducting their online transactions with your business.
Who Is Responsible for Fraud?
When a customer realizes that their card has been used in a fraudulent transaction, they rightfully feel violated. Despite their frustration, the question of responsibility will be at the top of their (and the merchant’s) mind(s). The customer had their card used by someone else, but the merchant likely provided goods or services to someone that they may not recoup.
So who is responsible?
The Federal Trade Commission reported that more than 441,000 cases of credit card fraud were reported in 2022, which is a 13% rise over 2021. These rising numbers mean this is an important topic to be aware of.
Is it the customer's responsibility?
If the customer is diligent in checking their statements and sees a charge that they didn’t make or authorize, there is a reporting process with their bank and/or card issuer - but there are a few catches that card users need to be aware of.
Any card that bears the logo of one of the major credit card issuers (Visa, Mastercard, American Express, Discover) will cover fraudulent transactions or charges, but each has its own investigatory process. The Fair Credit Billing Act of 1974 limits a consumer’s liability to $50 regardless of how much was charged and gives 60 days from the statement date in which to make a report. By law, the bank or card issuer then has 90 days in which to complete an investigation.
In what are called “zero liability” policies, most card issuers will even waive the $50 liability outlined in The FCBA so that cardholders don’t pay anything if their cards or information is stolen and used in fraud.
This means that it is imperative that both card users and direct account payment users check their statements regularly. If an illicit charge is discovered, there is a timeline in which a claim may be made for reimbursement, but that opportunity may be lost if too much time passes.
Does the merchant suffer the loss?
If legislation exists specifically to protect the consumer from fraud, what happens to the merchant that has actually provided the goods and services paid for with payment fraud? Do they have an opportunity to recoup their losses?
Whether the merchant or bank ends up having to absorb the loss from payment fraud often boils down to how the payment was actually made. When a card is physically used illicitly, this is called “card-present fraud,” meaning the physical card was swiped for the transaction. For this, the card issuer or bank is usually liable and will have to absorb the costs. Now that chip reading technology has been enabled on many cards (which is far more secure), merchants who don’t have the capability to scan these chips may be liable in some cases for card-present fraud.
An issue that happens mostly in online payments, “card not present fraud” means that a transaction is made with no physical card being present or swiped. In these cases, the merchant will, unfortunately, be the one who typically has to absorb the cost of fraudulent payments.
What about the reputation risk?
Even though the credit card transaction networks outline the liability for payment fraud, there is a reputational risk for merchants who have higher-than-normal instances of payment fraud. Whether an indication that the merchant has lax security procedures, or that they themselves are involved in/allowing fraud, too many instances may harm the merchant’s reputation and ability to even accept online card payments.
Reporting Suspicious Activity
Submit your claim
While many banks and card issuers follow a “zero liability” policy for their cardholders, time can be a factor in your ability to recoup fraudulent payments. To stay on top of this and ensure that you aren’t submitting claims too late, do your best to check your statements every month for any charges that you don’t recognize.
If any are found, The Fair Credit Billing Act covers you legally, as long as a claim is made within 60 days of the statement date. To submit a claim, you have several options:
- Submit a written letter and documentation of your claims to your credit card’s address for billing inquiries
- Call your credit card company or issuing bank to speak with the fraud department and make your claim
- If your card is issued by your bank, most large banks also have an option within their phone applications through which you may submit a claim
Most (but not all) banks and card issuers will immediately credit the funds back to you while they are doing their own investigation, and those charges in question will not accrue any interest during the investigation. You will likely be issued and mailed a new card, meaning that there will be an interim period during which you do not have a usable credit card while awaiting the replacement.
Alert the credit bureaus
If someone has gained illicit access to your card information, there is a chance that they may have found more of your personal information than just a card number. Each of the major credit bureaus (TransUnion, Equifax, Experian) has the option to report credit card fraud, which will cause them to look closely for red flags in new accounts being opened up in your name.
Be aware that this may also make your own life slightly more difficult when trying to open new accounts or perform credit checks in the short term, but it’s worth the peace of mind to know that someone isn’t out there stealing your identity and ruining your credit.
Educating Customers about Payment Safety
If your business is conducted online, it’s important to create a way to make your customers feel safe making transactions with you. Education can be key to creating an environment in which they feel safe to make these payments, especially if you do business with older generations who may be less technologically savvy.
Allow them to feel safe making online payments
Secure technology can help to make websites and payment pathways safer for online transactions and prevent payment fraud, but many online consumers don’t even know how to identify those secure features. Educating your customers to look for the SSL “lock” icon for secure websites, and that the URL is an https versus http (the “s” stands for secure) can help set their minds at ease. Each of these indicators shows that data is encrypted and secured went it passes from the browser to the website server.
As outlined in the previous article, it is also important to teach your customers the two absolute no-nos of online payments and transactions:
- Don’t conduct online transactions over public, unsecured Wi-Fi
- Turn off your phone’s Bluetooth when it’s not in use
Giving them the option to pay offline or over the phone
Some people place far more trust in their ability to speak with a live human, so offering the option to pay or submit their card information over the phone could be quite beneficial. If you choose to make this an option, make sure that your legitimate phone number is clearly identified on your website, so that customers know that they are speaking with a representative of your company.
For Our Next and Final Article in This Series
In this and the previous article we’ve outlined the scale of payment fraud globally, how it can be identified, how to protect yourself, consumer rights & liabilities, steps to take if a consumer suspects payment fraud, and how to make consumers feel safe about making online payments.
In our next and final article, we will cover some real-life examples of online fraud and how it could have been prevented, as well as a summary of everything that has been covered in this series.
To read about those real-world examples now, click here.