7 Ways Merchants Can Protect Themselves from Credit Card Fraud

In today’s market, offering a wide range of payment options helps boost revenue, but every credit card transaction comes with risk.  Learn how to protect your organization with a layered strategy that combines verification tools, operational safeguards, and thorough documentation.

 

Card-Present vs. Card-Not-Present Transactions

Before you can protect your payments, it’s important to understand the types of transactions and how their risk levels differ.

Transactions typically fall into two categories:

  • Card-present (EMV chip) transactions are the safest, because built-in authentication shifts liability away from the merchant. If it’s practical for your organization, prioritize in-person, chip-enabled payments whenever possible.

  • Card-not-present (CNP) transactions include phone orders, manually keyed entries, and online payments. They carry higher inherent risk and demand the layered security measures outlined below.
 

Verification Tools: Your First Line of Defense

 

When accepting card-not-present payments, always enable Address Verification Service (AVS) and CVV checks. If either fails, decline or investigate before proceeding.

FrontStream’s payments platform offers filters that can automatically decline a transaction before it reaches the processor—for example, when the ZIP code or street number doesn’t match, or the CVV is incorrect.

Keep in mind that strict filters may require follow-up with repeat customers to gather missing data. Our team can help you configure these settings under Card Verification for the right balance of security and convenience.

>> Related: Payments Are Complicated. Your Vendor Shouldn’t Be. <<

 

Handling New vs. Repeat Customers

 

New customers deserve extra scrutiny. Best practices include:

  • Shipping only to the card’s verified billing address (require an AVS match).
  • Requiring signature confirmation on delivery.
  • Setting internal thresholds (e.g., manager approval for first-time orders over a set dollar amount).
  • Calling the customer back using a verified number – not just the one provided on the order, but one listed on the company’s website or listed in public directories. Once connected, it’s important to speak directly with the individual placing the order to confirm legitimacy.
  • Avoiding shipments to UPS Stores, P.O. boxes, or freight forwarders until a relationship is established.
  • Retaining full documentation, including invoices, call notes, proof of delivery, etc..

Once a customer builds a positive history, you can cautiously allow alternate shipping addresses or larger orders.

 

Validating Unusual Orders

 

For large or unusual transactions, confirm legitimacy through a call-back and request supporting documentation. This can include:

  • A photocopy of the front and back of the card (with the card number truncated and CVV masked for PCI compliance).
  • A photocopy of a government-issued ID that matches the cardholder’s name.
  • A photocopy of a work ID or credential tying the individual to the represented business.
 

Using Payment Authorization Forms

 

Another useful tool to avoid and win disputes is the use of payment authorization forms for high-value or first-time transactions. These forms are signed by the cardholder and typically include:

  • Cardholder’s name and billing address
  • Card number (or tokenized reference if using a secure vault)
  • Expiration date, last 4 digits of the credit card, and the CVV
  • Authorized transaction amount (or recurring billing terms, if applicable)
  • Cardholder’s signature and date
  • Optionally, a copy of a government-issued ID to confirm the signature

Whether or not you use authorization forms, always keep copies of invoices, signed authorizations, proof of delivery, and communication records. Strong documentation is crucial when disputing chargebacks.

 

Operational Safeguards

 

Strong internal processes are just as important as technology:

  • Train staff to spot red flags and escalate suspicious activity.
  • Break up large orders into smaller shipments when possible.
  • Establish internal thresholds that trigger manager review.
  • Create a review cadence and checklist, and never skip it.

>> Related: Understanding Chargebacks, and How to Win Them <<

 

Strengthen eCommerce Security with 3D Secure (Payer Authentication 2.0)

 

3D Secure (3DS) is a multifactor authentication tool that helps secure card-not-present transactions. (You may have encountered it already when buying concert tickets!)

This solution prompts the cardholder to verify their identity directly with their issuing bank (often through their mobile banking app or a one-time passcode), which can reduce fraud risk and shift liability away from the merchant.

Things to know about 3DS:

  • Cardholder Enrollment – For 3DS to be effective, the cardholder must have their card enrolled with their issuing bank. If the card isn’t enrolled, the authentication step won’t occur.
  • eCommerce Integration – 3DS is designed for eCommerce merchants who employ an integrated checkout solution. If your business practices are not currently aligned with eCommerce, migrating to such a solution would require operational adjustments. We can support you in exploring this option, though it would mean some changes to how transactions are processed.
  • Practical Limitations – While 3DS strengthens security, it does have some drawbacks. The cardholder must have immediate access to their mobile device or banking app to approve the request. Issues such as service interruptions or outages can occasionally prevent completion.

And of course, we’re always here to help. Talk with our team if you’d like to learn more, including:

  • A New Customer Verification Policy example
  • A Risk Mitigation Checklist
  • A Quick Reference Guide covering both card-present and card-not-present best practices
September 23, 2025 | By FrontStream

Share this article

    
See All Blog Articles

Smarter Fundraising Starts Here

Talk to Us or Request a Demo