Electronic Exchange Systems
1 (877) 865-7744
Register Now for EXS

Preventing Fraud

At EXS, we take your business seriously. EXS utilizes a sophisticated fraud detection system that monitors all card transactions in real time, 24 hours a day, seven days a week. This fraud detection system is one way EXS protects your business.
Reading and complying with the standards and the policies in this guide will be your best defense against fraud and help you remain in compliance with your merchant agreement.

While it is not always possible to prevent fraud from happening, education and awareness are the best ways to avoid it. This information is provided to make you aware of the many ways that fraudulent activity occurs, what to watch for, and the things you and your employees can do to protect your business.
Our commitment to providing security for credit transactions helps both you and your customers feel safe about using payment cards; however, there are precautions that can significantly decrease the probability of fraud or another credit-related crime from occurring.

Card Not Present Scams

The risk of fraud increases greatly if your customer and their credit card are not present at the time a purchase is made because you don’t have the opportunity to inspect the card. “Card not present” transactions typically occur over the telephone or fax, through the mail or over the Internet. Without the card in hand, you are unable to inspect the card, check for suspicious markings or verify the customer’s signature. As a merchant, you put yourself and your company at greater risk by accepting card not present transactions without the proper Merchant Agreement in place to protect you in a fraudulent situation.

If you are processing card transactions by telephone, mail, fax or Internet, make sure that you have signed the specific Merchant Agreement required to perform these transactions where the card is not present. Even after you have the proper agreement in place, it is crucial that you take the precautionary steps to prevent potential chargebacks.


In many instances, thieves are reaping the benefits of our rapidly growing world of technology. One example of skimming is when the fraudster uses a device to read the data on the magnetic strip of a credit card – a process known as “skimming.” Other times the information is received by tapping into phone lines. Regardless of the method used, skimming is responsible for millions of dollars of losses.

Watch for devices used to swipe credit cards. They are usually box-shaped cordless devices that will fit in the palm of the hand, although laptop computers have been used to accomplish the same thing.

Don’t Be Bullied

Here, the customer attempts to intimidate the cashier by causing a fuss at the register so that the purchase is rushed, which may lead to improper check out. They may tell you that the card won’t read and not to bother running it through – that you’ll have to key it in manually. In such instances, customers have also been known to complain about the service or length of the line. They may even demand to see a manager – anything to keep the cashier’s attention off the authorization of the credit card. By creating a tense atmosphere, the cashier is often prone to rush the person through the process just to get the customer out of the store. This is when criminal activity takes place. The result is usually a costly chargeback for the merchant.

Use only the authorization numbers provided by EXS. Never call a telephone number given by the cardholder for authorization. Don’t be intimidated by these bullies; always take your time and make sure the correct procedure is followed when authorizing the card. You may not be losing a sale by making the impatient customer wait – you may be saving your company the cost of a chargeback later.

Deceptive Deliveries

An easy way to spot a situation that may be fraudulent is to look at the delivery address. Often thieves will have a package delivered to an address that is not permanent or requires the package to be left at a front desk. Look carefully at orders that require deliveries to office complexes, hotel lobbies or post office boxes, as they are almost impossible to trace if the transaction is questioned. In this situation, it is best to call the customer and ask for a permanent address.

The Manual Key-In

Often fraud occurs when the thief damages the card on purpose so that you are forced to manually enter the number in the electronic point-of-sale terminal. Fraudulent cards are often damaged in order to bypass the antifraud features that are placed on them – the magnetic strip cannot be swiped and transmitted to the verification center for authorization in the case of a manual key-in.

If you have an electronic point-of-sales terminal, swipe every card that you come across – no matter how damaged or worn. And be wary of customers who let you know right away that their card won’t read. If the card doesn’t work and you end up keying in the number, make sure you take an imprint of the card. If the card is severely damaged, simply ask for another form of payment.

Borrowed Cards

Beware of people waving letters of authorization for use of a credit card. Under no circumstances are these letters an acceptable form of verification or authorization. Don’t fall for children borrowing their parent’s card either. Friends, coworkers, and spouses are not permitted to borrow each other’s cards. The only person who should be presenting the card to you is the person whose name is on the front of the card and signature on the back of the card. Most often, the rightful owner gets the statement and a chargeback occurs.

One Person’s Trash Is Another’s Gold Mine

The garbage may be the last place you would think to protect. Thieves look in your trash for credit card slips, banking information, warranty information, credit applications or returned slips – anything that has personal information such as a name, address or phone number. Your “trash” could be a thief’s treasure, with all of the information a criminal needs to make a false card, as well as information about your company that could hurt you later if it fell into the wrong hands. Recognize materials that may contain private information and dispose of them properly. Destroy any documents that have any personal information on them with a paper shredder before declaring them trash. Protecting your customers and your business is worth a few extra seconds.

The Terminal Repair Scam

This is the oldest scam in the book, but also one of the most popular and most effective ways for thieves to lift confidential information. We’re all familiar with the “bait and switch” technique. They come into your business and tell you that your POS terminal needs to be repaired – offsite. But don’t worry; they’ll replace your broken one with a loaner. Once the loaner is in place, all of the information you scan through is recorded, and now the information is theirs.

You may not even see it coming, as these criminals often pretend to work for POS companies or say that they are attending to other official business. Any unsolicited attempts to repair your terminal should be reported to the police, and no replacement terminals should be accepted. The safest thing you can do is to be cautious and report any suspicious happenings immediately by calling into the EXS Help Desk. They will check to see if there is a replacement request noted for your location.

Fraudulent Returns

Fraudulent returns are a major problem associated with fraud and theft. Staff members have been caught returning items that were never purchased and pocketing the money. In some cases, merchants don’t even realize they have been victimized until it is too late. Make sure your employees take the necessary steps to ensure this doesn’t happen in your business. Some EXS terminals can also limit access to returns by requiring the use of passwords (see the terminal documentation.)

Keep your point-of-sale terminal passwords confidential and stored in a safe place. Change your password often to protect yourself in case someone does get into your system. Don’t share your terminal, AND Make sure to follow the proper procedures when it is time to shut down. Keep a record of your balances each day so you can identify a problem as soon as it occurs.

International Credit Cards

Take extra care when accepting international credit cards. Thieves use foreign cards because cashiers are not as familiar with them. The criminal searches for a busy merchant who may overlook irregularities in a card issued by a foreign bank rather than become suspicious.

Inspect the card thoroughly, checking to make sure the card is valid, and always swipe it. The main elements of the card – logo, hologram, clear embossing and so on – should be the same despite where the card originated. Check to make sure the signature matches the name on the card, and that once swiped, the number on the terminal matches the number on the card. Also, watch out for customers who check out the cashiers first before getting in line – criminals often look for an inexperienced clerk or someone who may be easily intimidated. If anything seems suspicious during the transaction, call in a Code 10.

Office Products Scams

Watch out for companies trying to sell office products such as copy paper, ink cartridges, stationery and other supplies to your business. They may try to appear as if they are working for a reputable company. In reality, they will overcharge you for inferior merchandise. Deceptive telemarketing is a violation of the law – report any suspicious persons immediately.

Phone Fraud

Like the paper scammers, you may not see the phone fraud coming until it is too late. Of course, there are telemarketers who use the phone to further their illegitimate businesses and scam money. But what about the criminals that aren’t selling anything at all?

These crooks still use the phone to swindle merchandise from the retailer. Most of the time the criminal will phone a store, telling the clerk he has picked out the items he wants but cannot come to pick them up for some reason or another. He will ask the clerk to run his credit card through and assure the clerk that a courier will be by to pick up the merchandise.

Once the merchandise has left the store, there is no way of knowing to whom it actually went or where it was going. Often these phone fraudsters pose as respected individuals with high profile jobs and qualifications. It is not uncommon, however, to find out the person has stolen a credit card and is using someone else’s identity to receive the desired merchandise. There is no real way of knowing if the card is legitimate in a situation where the cardholder is not able to show up. It is safest to stick to the rules in these situations – don’t take credit card numbers over the phone, and reject a credit card that is not being handed to you by its lawful owner.

The Last Minute Shopper

Be on the lookout for the shopper who is purchasing expensive items just before closing time, or someone who is hurriedly filling a shopping cart with this type of item, without paying much attention to price, size or quality. These are the shoppers whose transactions need to be handled with your utmost attention.

Point of Sale Protection

Research shows that some businesses repeatedly expose their customers to fraud by asking them to provide a phone number with a credit card transaction or a credit card number as a voucher for a personal check. Shield your customers from card thieves by not recording private information. If you must list the identifying information, write it elsewhere (such as your copy of the sales receipt or on a store invoice. Keep these pieces of information somewhere that is not accessible to just anyone. Your customers will appreciate the fact that you are looking after their best interests. Thermal printers can further safeguard your customers since only the merchant copy of the sales draft will have the cardholder signature.


Stolen and counterfeit cards are a huge problem for merchants and credit card issuers alike. Because of the technology available to them, counterfeiters are able to reproduce false cards that are high quality, even without the benefit of the original. All they really need is personal information and technology to produce credit cards, debit cards and smart cards. The result is a huge financial loss to businesses around the globe. The card association rules prohibit retention of magnetic-stripe or card authentication numbers (CVV2/CVC2/CID) by merchants or their third-party terminal providers since this information could be used to counterfeit cards.

Protect your business by teaching your staff to recognize the signs of a false card. Call in a Code 10:

  • If the embossing on the card is illegible
  • If the last few numbers are not embossed on the hologram, or if these numbers do not match the account number on the sales draft or at the terminal
  • If there is no Bank Identification Number (BIN) above or below the first four digits
  • If the name on the card does not match the signature or there is a misspelling
  • If the hologram is not clear or the picture in the hologram does not move
  • If the card does not have an expiration date
  • If the card does not start with the correct numeric digit – all Visa cards should start with a 4, all MasterCards with a 5
  • Be aware of cards that don’t swipe – check these cards for other security features
  • If a card does swipe, make sure the card number and the number that appears on the terminal match
  • If you receive any message other than “approved” or “declined.”

Spotting Counterfeit/Altered Cards

Knowing the distinctive qualities of both Visa and MasterCard credit cards can help you detect counterfeit or altered cards.

Color: Check the card for discoloration or an uneven feel. Edges should be smooth.

Embossing: Check to see that the account number and name embossing is even in size and spacing, and that the card has not been ironed and re-embossed. Check the valid dates to see that they have not been altered to extend the term of an expired card. MasterCard embossing starts with a 5. Visa card embossing starts with a 4. The first four digits of the card number correspond to a small number printed on the card face just above the account number.

Signature Panel: The signature panel is printed with a color MasterCard or Visa background pattern. It should be smooth to the touch and should not show evidence of tampering. The panel should be signed, and the signature should correspond to the signature on your sales draft. All or a portion (last four digits) of the account number and card authentication (CVC2 or CVV2) are printed.

Hologram: The hologram is a three dimensional foil image on the card that helps deter counterfeiting. The foil material can be gold or silver, and the image should reflect light and change as you rotate the card. The Visa hologram appears to be a dove in flight. MasterCard’s newest hologram is called the MC Micro Globes. It shows two-dimensional rings made up of repeated MC. The three-dimensional globes consist of high-resolution texture mapping of continents onto black spheres. The word MasterCard is distinguishably micro-printed in the background of the hologram in two alternating colors. A hidden image is placed at a specific angle in the hologram during the manufacturing process.

MasterCard Formats

The same basic design is used for all MasterCard cards. Until all cards are replaced by the new format, you may see the two previous MasterCard card formats at your place of business. Cards may be any color or even feature a background pattern or a photograph. Regardless of the card design presented, check the signature and other card features for validity and don’t hesitate to call for a Code 10 authorization if you are suspicious.

Security Features

The following features appear on MasterCard cards:

  • The unique security character, embossed on the lower right portion of the card front, is your signal that the following two security features should be present on the card.
  • A small account number (last four digits or all 16 digits) with a three-digit card authentication code (CVC2) printed on the signature panel in reverse italic, slightly indented characters.
  • An encoded account verification number (CVC1) programmed into the magnetic stripe which will correspond to and verify the number which is indent printed on the signature panel.

Visa Card Formats

Every Visa card is designed with special security elements to deter counterfeiting or alteration. When presented with a Visa Classic, Visa Gold (Premier), or Visa Business Card, look for these security elements.

Security Features

The following features are required for all VISA cards and must appear on all cards:

  • An embossed, stylized V beside the “good thru” date
  • Micro-printing around the Visa logo
  • The issuing bank identification number embossed in the first four card numbers. This bank ID number is also printed directly below the first four card numbers.

Don’t Hesitate! Call In a Code 10

Any time you have doubts about something – a fraudulent card, a signature or even a customer’s behavior – call in a Code 10. A Code 10 allows you to call for an authorization without the customer becoming suspicious. After dialing the authorization center, inform the operator that you have a Code 10. The operator will put you through to the correct person, who will ask you a series of “yes” or “no” questions. Hold on to the card if possible while making the call. If the operator decides something is amiss, he or she will deny authorization. The operator may even request to speak with the cardholder to ask account information questions that only the true owner of the card would know.

A Code 10 can be used any time you feel a transaction may not be legitimate, even if you have already gotten approval on a transaction or if the customer had already left the premises.

Defeating Fraud Helps You and Your Customers

Whether it’s a different twist on an old scam or a new scam altogether, there will always be someone who tries to pull the wool over your eyes. If you and your staff are well prepared with the skills to recognize suspicious transactions, and know how to correct the situation, then, you’re beating fraudsters at their own game.

Take the extra steps to stop fraud before it starts. After all, it is the merchant – not the consumer – that stands to lose the most from credit card fraud. The most important thing you can do is stay educated on the ways fraud occurs and follow your instincts when you find yourself in a suspicious situation. The majority of the time, plain old common sense can prevent losses. By following the information in this guide and working together, we increase the chances of successfully protecting your business against fraud!

Pick Up Card Procedures

If you receive a pick up card response from your terminal or the Authorization Center, you are eligible for a cash reward from EXS. Simply cut the card in half directly through the entire account number. Place the card in an envelope along with your name, merchant number, date of pick up, and your address and mail it to:

Global Payments Inc.
10705 Red Run Blvd.
Owings Mills, MD 21117






CONTACT US |  EXS is a registered ISO of Wells Fargo Bank, N.A., Walnut Creek, CA