Fallback Card Fraud Hits Home

Despite the inherent protections of chip cards (also known as EMV cards), card-present fraud still occurs and, unfortunately, I have first-hand experience. I live in Minnesota, but someone used a counterfeit version of my card account—with a fake/unreadable chip—to make purchases at big box retailers in the Miami, Florida area. My card issuer alerted me within an hour of the fraudster completing six successful transactions one morning last week. These are considered “fallback transactions” because a card was inserted into each store’s POS chip reader, but, when it didn’t work, the fraudster made the purchases by falling back to the old method—swiping the magnetic stripe. I assume the fraudster went into stores instead of shopping online because they likely lacked information required for most online purchases like the security code on the back of the card and/or part or all of the billing address.

Fallback fraud has become increasingly more common as fraudsters continue to reinvent their methods of operation in response to advancements in card security. I’ve read articles suggesting that card issuers should decline fallback transactions at the POS due to the risk of fraud, but, of course, such transactions could be legitimate. There could be a problem with the POS device, the chip on a real card, or the way a cardholder inserts the card into a chip reader.

We know card fraud can happen to anyone. Fortunately, card issuers typically protect cardholders from financial losses. Nevertheless, for Commercial Card programs, it still pays to take precautions. Following are three action items for card program managers.

Action Items for Card Program Managers

1. Train cardholders on card security practices, such as:

  • how to properly dispose of documentation reflecting their account number

  • the approved devices for making business purchases electronically (e.g., work computer versus home computer)

  • how to safely make purchases electronically (e.g., do not use public/unsecured WiFi, look for “https” in a web address, etc.)

2. Verify whether your card issuer sends text messages to cardholders about potential fraud, as this is typically the quickest way to reach a cardholder. If yes, encourage your cardholders to provide their mobile number to the card issuer. (In my case, my card issuer communicated three ways: text, email, and phone).

3. Ensure cardholders know how the issuer would alert them in cases of potential fraud and what the communications would look like. Cardholders should be equipped to discern between legitimate and fraudulent communications. Internal auditors should test their awareness as part of their annual “process audits.”

Final Thought

Above all, cardholders need to be diligent. They should quickly return messages from the card issuer, but ensure they have the right information for determining whether a purchase is fraudulent. In my case, the first text from the issuer only specified the vendor and dollar amount of the first fraudulent charge. Coincidentally, the day prior, I used the same vendor in Minnesota and the dollar total was nearly the same. I almost replied that the transaction was fine, but decided to wait until I could view my receipt. Subsequently, I saw the related email, which provided the key piece of information—that the transaction occurred in Florida.

Related Resources

Visit the card/payment security page for content about EMV, phishing, cybersecurity and more.

Subscribe to the Blog

Receive notice of new blog posts.

Subscribe

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Why Your Card Provider is Frustrated

Why did the Commercial Card account manager cross the road? Answer: To help their clients get to the other side. I use this version of the old chicken joke to illustrate a common hurdle for banks. They are often stuck assisting their clients with routine tasks that it leaves little time to work with them on program strategy and growth. Both parties lose out. As a former card program manager, I definitely understand frustrations that end-users might have regarding their card providers. However, I also see the other perspective. Keep reading to learn more, including action items for both providers and end-users to improve this crucial relationship.

End-user Clients

As I have asked in the past, are you a good client by taking advantage of the self-service technology offered by your provider? But it goes even deeper. If most of your time is consumed by routine tasks rather than program optimization, it is time to evaluate why and commit to a resolution. If, for example, you are constantly making temporary adjustments to limits or MCC restrictions, you should consider making permanent changes. If needy cardholders are a problem, then maybe your internal training should be revised. Look to your provider for insight.

  • Ask your account manager for tips on how to make your program management efforts more efficient. They typically have a keen bird’s-eye view of what could be plaguing your card program.

  • Be proactive about learning and using the technology available to you.

Providers

Providers want to deliver good customer service, but I will speak on their behalf by saying it needs to be worth something. If doing routine tasks for a client leads to the client growing their program, then there is some value. On the flip side are clients who can drain a provider’s resources while never getting close to realizing their program’s potential. I have to wonder whether such clients are worth retaining once the contract expires. Providers, to help clients help themselves:

  • Define up front the expectations of who does what, especially when/for what the client should use self-service technology.

  • Offer training and/or training materials on how to take full advantage of the technology features.

  • Suggest ways they might be able to free up some of their time for more strategic activities.

Final Thoughts

Providers can deliver valuable knowledge and support, but end-users need to be receptive. If end-users can take care of the simple things on their own, account managers can focus on helping their clients maximize the benefits of Commercial Cards. Both parties win.

Related Resource

Clients can deplete a provider’s resources, leaving little time to work on program strategy and growth.

Clients can deplete a provider’s resources, leaving little time to work on program strategy and growth.

Subscribe to the Blog

Receive notice of new blog posts.

Subscribe

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

When P-Cards are NOT the Best Option: A Real-life Example

Purchasing Card, Virtual Card, or other payment method? A company for which I did some consulting work was initially planning to adopt P-Cards for certain orders under $2,000. After all, this is where P-Cards traditionally excel. However, a review of the facts revealed otherwise in this case. My ultimate recommendation to them was to back away from their P-Card plan and instead consider Virtual Cards. Keep reading to see why and how this case might align with circumstances within your organization. 

The Situation

The company thought it was spending too much time on low-dollar purchases. Specifically, buying departments had too many invoices to approve and, subsequently, accounts payable had too many invoices to pay. It sounded like a great P-Card opportunity until they mapped out the related purchase-to-pay (P2P) process for these orders. The purchases in question utilized an eInvoicing model for which the suppliers, in conjunction with invoice submission, electronically provided various order details requested by the company. The P2P process was quite slick. The main drawback was the invoice volume; orders under $2,000 comprised approximately 55% of the activity.

Changing to a P-Card process would have actually complicated everything, negating the benefits of P-Card usage. They had cost analyses to prove it. Ironically, the company had a separate P2P process (not their eInvoicing model) that could have benefited from P-Card adoption.

A Better Solution

In their eInvoicing model, Virtual Card payments could have helped by retaining the existing process efficiencies, but providing a secure, electronic payment option. Low-dollar invoices could be consolidated into fewer payments for AP to make and tweaks to their invoice approval process could reduce the burden on buying departments.

Key Takeaways

When contemplating a change to your payment strategy, be sure to:

  • specifically identify the pain points you are trying to solve
  • revisit your P2P requirements, as perhaps some simple tweaks could resolve the pain points
  • document today’s P2P process cost and what it might be after implementing a particular change
  • research various options before making any decisions
Every new payment strategy plan deserves another look before pursuing. You might find that a Plan B would be better. 

Every new payment strategy plan deserves another look before pursuing. You might find that a Plan B would be better. 

Subscribe to the Blog

Receive notice of new blog posts.

Subscribe

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more