Fraud is very prevalent within the industry of credit card processing and typically occurs at unexpected moments. During the weekends, holidays and late nights are the most common times that fraud will occur. These vulnerable times are due to limited monitoring within online services. There are a few steps that can be taken to help stop and prevent fraud on your account. In the event of confirmed fraud, or potential data breach continue to do the following:
1. Temporarily quarantine your website. Take it offline until further investigation is done.
2. Contact the site is hosting your website and inform them that there has been fraud or a breach on your account.
3. Contact Complete Merchant Solutions Risk team for further suggestions and steps to get back online (877)267-7324.
4. Verify ownership of your site. Sometimes if a fraudster is able to get access into our site they will adjust settings and contact information to gained additional access in the future. Remember to validate owner name, communication status (emails, phone numbers, alert contact information, etc.).
5. Reset all passwords pertaining to your website, gateway, point of sale system, etc.
6. Create a new source key and adjust API's. If you do not know how to do this please contact your I.T. or our Customer Support team (877-267-4324).
1. Identify point of penetration. How did you discover the fraud? system alert, reports, customer calls about misc charges? This will help you determine how the fraud occurred.
2. Identify the window or time frame of the intrusion. This will help you get a better understanding of who is affected by the possible breach.
3. Void any transactions you cannot validate. This will help rectify affected credit cards and prevent chargebacks.
4. Identify if and what data may have been exposed or stolen. If credit card information could have been stolen please report to our Risk team for further validation (877-267-4324). If you know which customers may have been affected contact that customer and inform them on the fraudulent activity. If needed have them contact their bank account associated with their credit card to inform the bank of possible fraud.
5. If Social Security number(s) or other personal information with your customer is at risk notify your customer. Have them check their credit card, bank account, credit report, contact bureaus and set fraud alerts. Have them put a freeze on their credit so no credit lines can be activated or opened.
6. Perform system and website scans, if applicable:
Validate PCI DSS compliance. If you are not PCI compliant call our customer support team to become PCI compliant (877-267-4324).
Scan for spy and malware on your computer(s)
Check for malicious code and unauthorized 3rd party links
Check website for modified pages and unauthorized redirects
Check security of all applications and plug-ins
7. Submit scan results to Risk for review and assistance.
8. Document all actions taken to remediation and possibly provide to the police.
9. If needed submit a police report to your local police department.
1. If possible adjust thresholds in gateway, activate fraud modules, risk mitigation settings, etc.
2. In many gateways and point of sale systems it is possible to exclude certain BIN's (credit card numbers) from going through the systems. This would include preventing foreign credit cards or cards associated with a specific geographical location that are attempting to do card testing on your account.
3. If you have the Complete Gateway as your online gateway we encourage that you go into the Fraud Modules and activate the ones that would work for our business model. for further information on the fraud module please see the Fraud Module Introduction module.
If fraud has occurred on your account please reach out to our Risk team for reporting, further assistance and any additional questions you may have (877)267-4324.
Article ID: 36000130754