How Credit Card Information is Stolen

How Credit Card Information is Stolen

As a merchant you have a responsibility to protect your customers sensitive data, yet every year we hear about massive data breaches and most people with a credit or debit card have received a replacement card due to a breach. While these types of large scale breaches get the most attention, there are other ways to have your card information stolen. In this post we will explain some of the ways that credit card information is stolen, and precautions you can take to avoid it.

Card Skimming

Card skimming is most prevalent on ATM’s and other forms of unattended card readers. This is achieved by placing a small device where you insert or swipe your card that reads the magnetic stripe data to be retrieved later. These can take the form of a false front on the card slot at an ATM or gas station. It can be a small device attached to a card reader. These can also be accompanied by a small camera or pin pad overlay to record the pin number.

The best way to prevent card skimming is to be aware and test devices before you use them. Check that the card reader is securely fastened as most ATMs and gas pump card readers are made to be solid, so if the parts are loose or look out of place, report it to the owner and use a different ATM, gas pump, or avoid using the vending machine, whatever the case may be.

Malicious Software

While most computers have firewalls and security software, hackers are constantly innovating ways to get around them. When  malicious software is installed on the computer or your network they can track keystrokes or intercept data that is then sent to the hacker. This will include logins, passwords, secret answers, etc. To avoid this style of identity theft, ensure that your security software is up to date. Avoid downloading software from unknown sources and ensure that your computer and network are being scanned regularly to detect and remove any possible malicious software.

Dishonest Employees

Sometimes it can be an employee who is perpetrating the fraud. Whether by copying the information using a skimmer, writing down the card info, or taking the data from the office, all of these are potential data breaches. The best way to manage that is to use clear policies regarding who is able to handle card data and that it is restricted to a need to know basis and make sure that you or your managers know how to spot skimmers or potential tampering.
Prevention is your best tool in dealing with fraud because once it happens it can be very costly. If you become aware of an issue, address it right away and contact your merchant services provider for advice on how to minimize any damage caused.

No One Likes Friendly Fraud

No One Likes Friendly Fraud

While most of the time, customers are one of your greatest assets — they spend money, buy goods and help keep everything running– sometimes an unassuming customer can create a lot of headache through friendly fraud.

Friendly fraud occurs when the cardholder disputes a transaction that they knowingly entered into, but then for one reason or another decides to dispute the charge with their bank or credit card company. In this post we want to talk about a few of the ways this happens.


Sometimes, no matter how much you do to appease them, a customer may never be satisfied. While their motives may be unclear, this type of fraudster will dispute the charge for any number of reasons, including delay in shipment, product wasn’t as described, product didn’t meet expectations, and likely due to a strict  or “no” return policy, they decide to initiate a chargeback.

Lazy consumers

We’ve all at one time or another bought something in the store or online, got it home and realized you didn’t really want it. Sometimes the prospect of returning the item seems too much of a hassle, so the consumer calls and disputes the charge. This is more common with high ticket items or lifestyle goods (fashion items).

“I forgot to cancel that subscription…”

Many of us can identify with signing up for a trial or a subscription, forgetting about it, and being frustrated when you realize you forgot to cancel. For some, instead of returning the product (if available) or cancelling the subscription and letting it go, they will take the extra step and dispute the charge.

The sly ones

Sometimes people who understand how chargebacks work will manipulate the system to their advantage. After receiving the product or service, they will lie and say they never received it to get their money back.

While it’s hard to spot friendly fraud on the get go, there are some ways that you can mitigate it. As we always recommend, keeping appropriate records of transactions is always your first line of defense. Additionally, being honest and upfront about your products and what your customers can expect will go a long way towards preventing chargebacks.
If you are an eCommerce site, one way to transfer the responsibility of the fraud is to use payer authentication methods such as Visa Checkout or Mastercard Masterpass. Contact us to learn more about how to integrate these into your checkout process.

Fraudsters Move Online

Fraudsters Move Online

The migration to EMV has been difficult for many businesses and consumers. On the business side it has ranged from purchasing new equipment, and training employees and customers. On the consumer side, you may have received a new card, had to update all your payment data, had to learn how to use the chip, then been confused when the next store you go to doesn’t accept chip. No to mention the many people who are frustrated with the increased interaction and wait time. With all of this hassle, it begs the question, was it all worth it? For U.S. banks and businesses, the answer is Yes. The amount of card present fraud (meaning a person attempting to make a purchase with a copied or stolen credit card at a retail location) has declined significantly.


The problem is that this has caused fraudsters to move online. According to a report by Javelin Strategy and Research the frequency of credit card fraud committed online and through phone orders has increased around 40% from 2015 to 2016. If you’re an eCommerce business, this means you may need to step up your payment security and verification process. This can include Address Verification (AVS), Utilizing Card Verification codes (CVV), as well as using a gateway or shopping cart that includes secure options such as Visa Checkout and Mastercard Masterpass.


If you are interested in learning more about how to protect your business whether in store or online contact us by email at, or give us a call at 1-800-644-3909.


Subscribe to get notifications when new blog updates are posted! 

EMV creates a drop in Card Present Fraud

EMV creates a drop in Card Present Fraud

New data from the Auriemma Consulting Group (ACG) shows that card present credit card fraud losses have decreased by 18%, the lowest levels since 2013. With major adoption of chip technology by card issuers and merchants, card present fraud has become more difficult and has resulted in a sharp decline in related losses. However, even with accepting chip cards, there is still a risk. We recommend continuing with best practices to secure your customers credit card data.

If you know of any businesses that still aren’t able to accept chip cards, we would be happy to help them upgrade.


The Agapay Team

The full article can be found at:

Credit Card Security Features

Credit Card Security Features

When you take credit cards in person it is a good idea to ensure that your staff are knowledgeable about Credit Card Security Features. Buy knowing and understanding these features, merchants can help reduce the likelihood of card present fraud. A few good tips are to always check for a signature on the back of the card and to ask for ID to verify the signature. For more ways to prevent fraud, below are links to Visa, Discover and American Express that explain how to identify genuine cards and some other great information related to card security. If you have any questions regarding card security or on your merchant account please feel free to contact us.

Credit Card Security Features

How to Dispute Fraud on Business Visa Debit Cards

How to Dispute Fraud on Business Visa Debit Cards

One of our clients called us with an interesting question regarding disputing a fraudulent transaction on their Business Debit Card. As part of our weekly newsletter series, we asked one of our staff members to research it and explain it in a way that mostly everyone could understand.

 Here are the facts: 

  • They ran the transaction as a non-pin or “credit” transaction
  • Their card is a Business Debit Card endorsed by Visa
  • The merchant charged the business an erroneous fee on the transaction

When the business contacted their bank, the bank told them that business cards aren’t covered by “Regulation E” so there is nothing that can be done. Not willing to accept that answer, they contacted us to see if we could provide any insight. Based on our research, we were able to provide some clarity and understanding to help the business work with their bank to correct the issue. 

What we learned is that there are three primary regulatory bodies that govern what happens in the event of fraud.
1. Consumer Financial Protection Bureau (U.S. Government)
2. Card Brands (Visa, MasterCard, Discover, American Express, etc.)
3. The Cardholders Bank/Issuer 

In Regulation E (Electronic Funds Transfer Act) the Consumer Financial Protection Bureau (CFPB) outlines the regulations on liability held on “consumer” accounts, but doesn’t mention business. Which in the industry is interpreted to mean business accounts are excluded. 

The next regulatory body, Visa in this case, maintains a zero liability policy for fraud on business check cards but provides exclusions for transactions alleged to be performed by:
• A Business co-owner
• The Cardholder or person authorized by the Cardholder
• Any other person with an interest in or authority to transact business on the account 

Since the erroneous fee was not intentionally incurred by the cardholder, it would be safe to assume the disputed portion of the transaction wasn’t performed by the cardholder. 

From the bank’s perspective, they are claiming exemption based on Regulation E, however they still maintain responsibility under the Limitation of Cardholder Liability clause of the Visa International Operating Regulations. 

The conclusion, under the Visa operating regulations, the bank has a responsibility to verify the fraud and limit the liability to the business, unless it can verify that the transaction falls under an exempt category. We’ve instructed the business to try and reach out to their bank again, with their new knowledge of Visa operating guidelines, and see if they can get it resolved. 

For a more detailed explanation or to answer any questions that you have, please feel free to contact us at 

Best Regards, 

The Agapay Team

Pin It on Pinterest