Fraud guide 101
Card payments will help your business grow, but they also open the door for fraudsters. This guide will help you and your customers stay safe while you sell.
Did you know the first recorded fraudulent crime happened around 360 BC?
Shocking, we know! It’s such an ancient concept, but it remains relevant today. At Yoco, we have a qualified Transaction Monitoring Team that monitors transactions and protects your business from cybercrime.
We've put this guide together to help you stay informed and reduce your risk of falling victim to fraudulent activity.
The different types of fraud and how to beat them
1. Card Not Present (CNP) fraud
CNP fraud can happen without the card or cardholder even being present. Fraudsters can memorise or copy your card number, expiry date, and 3-digit card validation code (on the back of your card) when you’re using your card to pay.
Your card information could then be used for fraudulent transactions online, even though your card is still in your possession.
How to prevent CNP fraud:
Stay alert when using your cards and making payments.
Don’t let your card out of your sight when making payments.
Check that you’ve received your own card back after every purchase.
Sign your card on the signature panel as soon as you receive it.
Review your account details and transactions on a regular basis.
2. Card skimming
Fraudsters can duplicate your card, by ‘skimming’ or copying your card details with a device that they’ve placed in an ATM or POS card slot. To get your PIN, they’ll either set up a hidden camera, or watch you type it in.
While you can’t prevent your card from being skimmed, you can prevent fraudsters from learning your PIN.
How to keep your PIN safe at ATMs:
Always cover the ATM keypad when entering your PIN.
Always be careful and alert when using an ATM.
If, for any reason, you become suspicious, cancel the transaction and remove your card.
Never let your card out of your sight when using an ATM.
3. Card swapping
Fraudsters can offer assistance at ATMs to distract you, so they can see your PIN. Then they either swap your card (you get another card, thinking it’s yours) or your card gets ‘swallowed’ by the ATM via a trapping device installed by the fraudster.
One of the most recent scams is that fraudsters offer to sanitise the ATM or your card, in order to distract you.
How to prevent card swapping:
Never accept help from strangers at an ATM.
If someone interrupts you, cancel the transaction, remove your card and leave immediately.
Always check that the card you receive is your card.
4. Lost or stolen cards
If you misplace or lose your card, contact your bank or credit card issuer right away. They can block your card and account number so no one else can use them, and give you a new card and account number.
Fraudsters will try to use any cards that are lost or stolen in order to get as much money as possible.
Steps to take if your card is lost or stolen:
Immediately contact and report the card to the bank.
Make sure your cards are in your possession or in a safe place at all times.
5. Account takeover
Account takeovers fall under cybercrime. A cardholder unwittingly gives personal information (such as their home address, mother’s maiden name, etc) to a fraudster.
The fraudster then contacts the cardholder’s bank, reports a lost card and change of address, and obtains a new card in the victim’s name.
Steps to prevent an account takeover:
Have a strong password for any access to important information.
Have strong security questions for any access to important information.
Enable two-factor authentication for any access to important information.
6. Remote Access
This tactic is used to install malicious software in order to access your banking information. You may get a request to install software on your smart device.
If you suspect you’re a victim of a remote access scam:
Block your banking profiles immediately.
Contact your bank for further assistance.
7. SMS Scam
This scam involves fraudsters contacting you via SMS, requesting that you share your banking login details, (like username or password) in order to deactivate your online banking profile.
Banks will never ask you to share your banking credentials with them.
This is when fraudsters pose as employees of financial institutions, in an attempt to persuade you to share your personal banking information over the phone.
Once they get the information, they’ll have access to your personal bank account and withdraw/spend your money.
Please take note:
Financial institutions will never ask you to share personal information, such as a pin or password for your bank account, over the phone or any other channel.
Financial institutions will never ask a customer to perform a transaction or reverse a transaction, over the phone or any other channel.
If you receive such calls, end the call immediately and block the caller's number.
This is the most common scam out there. This is when a fraudster sends you a link, which will direct you to a fake website that requests your personal and financial information.
Never click on a suspicious link, rather type the web address of the company into your search engine.
Stay safe with the free Yoco App
Get detailed information on any transaction
Analyse your sales history from anywhere
Get instant notifications when payment is made
Important FAQs about fraud
What is transaction monitoring in Yoco Terms?
A: For Yoco, transaction monitoring is a key part of the AML (Anti-Money Laundering) process. It’s a legal requirement that forces financial institutions to monitor the flow of money.
Why is transaction monitoring important?
Transaction monitoring helps block money-laundering attempts and other illegal activities. A financial institution that fails to meet AML requirements will have to pay hefty fines.
What does it mean if my account is under risk review?
One or more transactions is/are in the process of being verified.
How long does the risk review take?
1-7 working days for local payments. 1 - 14 working days for international payment.
Does Yoco have the right to hold back my funds?
Yes. As per Yoco’s merchant agreement and per the scheme rules, we're allowed to hold back suspicious or high-risk transactions until relevant supporting documentation has been provided.
When will the funds reflect in my account after the conclusion of the risk review?
Within 24-48 hours.
What could cause my services to be terminated?
Your services can be terminated when there is confirmed fraud, high risk behaviour, or you operate a business on the prohibited business list.
Why are cash loans/financial services/crypto traders not allowed?
These businesses are on our prohibited list, as outlined on our website and in our merchant agreement. You can get a full breakdown of our prohibited business list here.
What happens if one of my transactions is confirmed fraud by the bank?
Yoco’s Transaction Monitoring Team will do the following:
- Request an invoice for the confirmed fraud transaction and any other supporting documentation.
- Conduct a review of the merchant’s account.
- If Yoco determines that your account is fraudulent/suspicious, we’ll follow due process with the bank to return the funds to the cardholder, if possible.
- Yoco’s Transaction Monitoring Team will inform you of the investigation's progress via phone or email.
Why does Yoco refund money back to the cardholder?
Yoco reserves the right to refund a cardholder their money based on the following:
- If the merchant’s account transaction history is suspicious
- If the merchant displays a high-risk behaviour
- If no invoice is supplied by the merchant
- If there’s non-delivery of goods
- In cases of serious complaints/allegations from the cardholder.
Refunds generally take between 1-14 days to reflect in the cardholder’s bank account, depending on who the cardholder banks with.
Why does Yoco require an invoice for transactions?
Yoco’s Transaction Monitoring Team will require an invoice if/when they need to verify a transaction as genuine. Additionally, as per Mastercard, Visa, and Yoco T&Cs, suspicious transactions must be verified with a detailed invoice, for any goods sold or services rendered.