The  following  Internet  and  telephone  credit  card  fraud  prevention  and detection guidelines are derived from  APACS -Association for Payment Clearing Services. For full unabridged and up-to-date guidelines and advice on credit card fraud, please visit their website.

In 2001 the banking industry introduced new security measures to help fight Card-Not-Present (CNP) fraud, i.e. mail, internet or telephone card purchases, namely, the Address Verification Service (AVS) and Card Security Code (CSC). These services are available to you if you use the automated electronic authorisation process. It verifies the additional information, supplied by the cardholder, to help you decide whether to proceed with the transaction. To further reduce the amount of credit card fraud, PIN (Personal Identification Number) has been introduced and is fast becoming the cardholder verification method for all UK credit and debit card face-to-face transactions but as yet does not apply to CNP transactions.

In 2006 the Credit Card companies also introduced a series of measures aimed at even further reducing fraud by setting conditions on the data which can be held within applications which take card payments.  These are extremely onerous for small developers if you want to store the raw data.  However, there is a simple solution which almost entirely eliminates your need to keep card information at all.  You may see references to PCI DSS and PCA Compliance.  For more information see the PCI Security site.  The short answer here is that you CANNOT HOLD ANY CARD INFORMATION on your local system or databases without stringent conditions and additional costs.  And if you take credit card details over the internet / phone etc, you MUST be DSS compliant.  More on this here

It is vitally important to note that the fact that a credit card transaction is authorised and an authorisation code is provided does not guarantee payment - it simply means that the card has not been reported lost or stolen and that there are sufficient funds available at the time of the authorisation. Even with an "authorised" payment you could still be subject to credit card fraud. Identity theft is a major issue these days.

Card Security Code (CSC) provides additional security digits to confirm that the card number given is genuine. For MasterCard, Visa and Switch cards, this code is the last three digits in reverse italics on the signature strip on the back of the card. In the case of American Express cards, this code is a four-digit number printed on the front of the card, above the embossed card number. CSC can be checked against all cards issued within the EU. This reduces the risk of credit card fraud in cases where the fraudulent user does not actually possess the credit card itself.

The Address Verification Service (AVS) helps in credit card fraud prevention by allowing you to confirm the numeric in a cardholder's billing address with the issuer. AVS is available for all UK-issued MasterCard, Visa, Switch and American Express cards. Whilst a fraudster with a lost or stolen card may be able to supply a CSC, it is less likely that they will be able to provide the genuine cardholder's address.

To prevent credit card fraud whether on the Internet or over the telephone or in a face-to-face transaction, the following information should be obtained from the customer:

• card account number
• cardholder's name, as it appears on the card
• card expiry date, as it appears on the card
• card issue number and start date (if present)
• cardholder's billing address
• cardholder's address for delivery of goods
• contact phone number (preferably not a mobile number)
• the  name  of  the  issuing bank,  building society or  other  financial institution that issued the card

If AVS is not used, personal customer address details can be checked in the Electoral Register, the telephone directory, with third-party suppliers or from BT's Phone Disc CD-ROM or via their online service. The TOPS© system works with PostcodeAnywhere's software to verify all UK addresses; these are all valuable resources in credit card fraud prevention and detection. Other checks to help reduce the risk of credit card fraud and incurring a chargeback include:

1. Checking details of new business customers in a local business directory or register
2. Obtaining a phone number  for the customer's address through directory enquiries and
3. Contacting the customer to confirm the order
4. Using the 1471 call back facility - be wary if the phone number has been withheld
5. Using a caller display service to ascertain which telephone number a customer is calling from
6. Being wary if the contact phone number is a mobile number; a landline number should be requested where possible. Bear in mind that even these can be deceptive because it is possible, for example by using a VOIP service, to purchase a "local" phone number which is not local.
7. Checking order records to see if there are a large number of transactions over a short period of time from a company or person with whom previous business has not been conducted
8. Checking if the delivery address has been used previously with different card details
9. As mentioned above, using BT Phone Disc or online service or another commercial solution supplier to check the correct name and address has been provided

APACS provide ten tips to help spot and help you prevent credit card fraud and stop the card-not-present fraudsters:

1. Is the sale too easy? Is the customer disinterested in the price or details of the goods? Are they a new customer?
2. Are the goods high-value or easily resalable?
3. Is the sale excessively high in comparison with your usual orders? Is the customer ordering many different items? Do they seem unlike your usual customers?
4. Is the customer providing details of someone else's card e.g. that of a client or a family member?
5. Is the customer reluctant to give a landline contact phone number - are they only prepared to give a mobile number?
6. Does the address provided seem suspicious? Has the delivery address been used before with different customer details?
7. Is the customer being prompted by a third party whilst on the phone?
8. Is the customer attempting to use more than one card in order to split the value of the sale?
9. Does the customer seem to lack knowledge of their account?
10. Does the customer seem to have a problem remembering their home address or phone number?
11. Does the customer sound as if they are referring to notes?

Another very helpful set of credit card fraud prevention tips is provided by Catalogue & Ebusiness:

1. Take time and effort to validate each order. Don't accept orders unless complete information is provided, including full address and phone number.
2. Be wary of orders that come from free email services, as there is a higher incidence of fraud from them.
3. If the contact phone number is a mobile phone (starting 07), ask for a landline number also. Many criminals who commit Cardholder Not Present (CNP) fraud use mobile phones, however that DOES NOT mean that all who give a mobile number are fraudsters.
4. Take extra interest in orders that are larger than usual. Do they match?
5. Take extra care with international orders and do everything you can to validate the order before shipping. Especially be wary of orders from Eastern Europe, Nigeria, Israel, Saudi, UAE and Iraq, as there has been a particularly high incidence of fraud relating to online purchases from these areas.
6. Do not allow a consumer to make an alteration of the delivery address at short notice. Avoid sending goods to guesthouses or hotels unless you are confident that the customer is genuine.
7. Be wary of a consumer who demands next day delivery and / or phones on the day of delivery asking what time the goods will be delivered.
8. Do not accept orders from a consumer quoting someone else's card details, e.g., wife using her husband card.
9. Be wary of a consumer who offers several card numbers to cover an order as they may be attempting to avoid authorisation detection, or working through a list of cards.
10. If you have any suspicions, consider contacting the customer. It might cost money and take time, but if they are genuine, then you have a new customer and if they are trying to defraud you then you have prevented them. Either way you win!

Thoroughly good advice from two different sources!