Skip to main content Skip to footer site map

Fraud Prevention FAQ

How can I prevent fraud?

It takes an assortment of tools to prevent fraud. Reading through the rest of the FAQs listed here will help you determine what your business needs to do to reduce your fraud risk.

How can I prevent Internet, telephone or mail order fraud?

Here are some guidelines for preventing Internet, telephone or mail order fraud:
Request that cardholders provide the following information during the order taking process:

  • Cardholder Name, exactly how their name appears on their Discover card
  • Card Number
  • Card Expiration Date, four-digit number MM/YY
  • CID (Card Identification Data), the three-digit number located on the back of the card in the signature panel
  • Card billing address along with the ship-to address (when necessary)
  • Home, business or other telephone number where the cardholder can be reached

For each transaction, be sure to:
  • Request and validate the Card Identification Data (CID) (the three-digit code on the back of the card in the box to the right of the signature panel)
  • Verify the customer's billing address, either electronically or by our address verification service (AVS)
  • Verify the cardholder name, full billing address, email address and phone number with the Issuer in real-time using our free fraud prevention solution, Verify+
  • Check your delivery service contract for who is responsible for merchandise not delivered
  • Get a signature for each delivery and keep all delivery records
  • Do not key card information to force through a sale for which you have received any declined response to your authorization request
  • If the sale is on a credit card, refund sales on the same card
  • Include your common DBA and customer service number on the customer’s transaction receipt
  • Clearly communicate any and all delivery charges, restocking or other fees
  • Clearly explain any return policies and offer documentation of this policy with each sale
  • When working on a chargeback, document efforts to satisfy the customer. Be sure to respond to all chargebacks
  • Duplicate charges, or installment plans, unless otherwise stated, require an authorization for each sale


What are some of the signs of suspicious behavior for Internet, telephone or mail orders?

Please consider that these are only indicators of higher-risk transactions. One behavior alone may not be a concern.
  • New customer attempts to make a very large credit card transaction
  • Customer doesn't know the Card Identification Data (CID) found on the back of the card, indicating that they don't have the actual card
  • Customer's address does not match when obtaining an Address Verification
  • Customer ships to an address other than the billing address
  • Customer tries lower dollar amounts when a decline message is received
  • Customer tries different expiration dates when initial attempts fail
  • Customer has difficulty supplying personal information
  • Customer repeatedly sends e-mail messages requesting confirmation of shipment
  • Customer attempts to ship multiple orders using different cards to the same address
  • Customer attempts to purchase large quantities of a single item
  • Customer purchases several large-ticket items, which do not go together or appear random
  • Customer calls a few minutes before closing and wants several large-ticket items
  • Customer splits up to avoid paying "import taxes" and/or "duty fees"
  • Customer requests shipment to an overseas destination
  • Customer seems overly concerned about delivery time frames to overseas destinations
  • Customer attempts to place a large order using several credit cards to obtain the total authorization amount
  • Customer offers the phone number to an authorization center to speed up the credit card approval process
  • Customer has little regard for price
  • Customer shows little or no concern for return policies, manufacturer warranties and/or rebates when purchasing in large quantities

Are there any best practices for Internet commerce?

  • Clearly identify your company name on your Web site, on each page if possible
  • Include your common DBA and customer service number on the customer’s transaction receipt
  • Offer a street or P.O. Box address (some people may not want to utilize e-mail) as contact information on your Web site
  • Offer a customer service telephone number
  • Clearly identify all features of a product or service
  • Clearly communicate any and all delivery charges, restocking or other fees
  • Clearly identify your company's return policy and shipping time frames and offer documentation of these policies with each sale
  • Disclose the information security policies and processes your business has in place

How can I protect customer information on my Web site?

Protecting Customer Information
  • Truncate all credit card information
  • Do not store any CID data in your records or on any type of sales data
  • Secure your site. Data MUST be stored in a secure environment that is protected by firewalls from your Web site or access over the Internet. This data should be password protected with limited authorized use
  • Do NOT store any customer or credit card information on your Web Server
*Please refer to your Merchant Operating Regulations for further Card Not Present (CNP) requirements with respect to the submission of sales.

If there is a breach in your system, notify Discover Security within 48 hours at 1-800-347-3083.


Why should I require CID on my Web site?

CID helps provide assurance that the card was in the possession of the cardholder at the time of purchase. It may also help protect you against chargebacks in the event of a dispute.

Why should I require a signature when delivering Internet, telephone or mail orders?

In addition to the requirements in the Merchant Operating Regulations, Section 4, obtaining documentation of successful delivery will ensure that the proper person received the shipment and may be verified in the event of a chargeback situation.

How can I protect my business and customers from hacking attacks?

The best way to protect yourself is to develop a solid information security strategy for your business. Some basics include, but are not limited to getting the most technologically advanced firewalls, cryptography tools and anti-virus software. The rule with data security is that you cannot be too careful.

Where can I report suspected merchant fraud?

Please contact our Merchant Fraud Prevention Department at 1-800-347-3083.

Where can I meet other merchants that may have the same Card Not Present (CNP) fraud concerns that I have?

Risk-focused organizations include:

What are some signs of suspicious behavior in-store?

  • Makes random purchases without paying attention to size, value or price
  • Presents you with a card taken from a pocket instead of a wallet
  • When asked, claims to have left photo identification at home or in the car
  • Arrives at or about closing time and tries to hurry you through the sale
  • Purchases a large item and refuses delivery
  • Displays no interest in the warranty on expensive items
  • Is overly slow and deliberate when signing the sales draft, perhaps because the signature is being forged

What are some characteristics I should look for if I suspect a card is forged?

  • Embossed card is missing the stylized "D" character
  • Seems counterfeit or as though the information (e.g., expiration date, card number, embossed name) has been altered
  • The signatures on the card and the sales draft are different
  • The validation date has expired
  • The ultraviolet image of the word “DISCOVER” is missing from the front of the card
  • The signature panel shows signs of tampering or the word “VOID” is exposed by an erasure
  • The printing of the word(s) “DISCOVER” or “DISCOVER NETWORK” in the signature panel is unclear or not tilted at the standard 20-degree angle
  • The hologram or holomagnetic stripe is damaged or appears to have been tampered with
  • If a card's magnetic stripe cannot be read, always obtain an imprint of an embossed card.  Ensure the imprint clearly shows the full card number, expiration date, cardholder name and stylized "D" security character.  Refrain from keying non-embossed cards if you are suspicious.

What do I do if I suspect a Card is fraudulent in a Card Present situation?

Call 1-800-347-1111 and ask for a Code 10 authorization if you have any reason to suspect the transaction or are suspicious of the customer.

What are some tools offered by Discover to help prevent fraud?

Here are a few Fraud Prevention tools that can be used for training purposes. These can be ordered by contacting your acquirer.
  • Card Identification Features - For Major Card Brands (#33844) - A helpful slick that provides card identification features for the major credit card types. 

What are some programs and services offered by Discover to help prevent fraud?

Help protect your cardholders and your profits through our multi-layer fraud prevention programs and services.

Card Identification Data (CID)
The three-digit CID provides an additional layer of security to reduce authorization testing.  The CID may also be entered into your Point-of-Sale (POS) system for a swiped or keyed transaction to further authenticate the validity of the card.

Address Verification Services (AVS)
To limit fraud on Card Not Present transactions, we require merchants to capture the cardholder’s address for verification.

Fraud Prevention Solution:  Verify+

Enroll in our free fraud prevention solution which compares the customer's full name, complete billing address, up to three phone numbers and an email address with the Issuer's records.  You will receive immediate match/no match responses from our website.

Address Change Notification (ACN)
Minimizes the risk of account takeover fraud. When supported by your Acquirer or Processor, merchants requesting an AVS in the authorization message are sent an ACN. The ACN indicates the number of days since the last cardholder billing address change, if the change was within the last 45 days.

Card Verification Value (CVV)
A unique value encoded on the magnetic stripe by the issuer provides protection against counterfeit cards.

Code 10: Suspicious Situations
Merchants who become suspicious during a card present transaction can phone in a Code 10 authorization request, which alerts the issuer and protects the cardholder. Our automated authorization line will automatically connect the merchant to the appropriate issuer.

100% Authorization Requirement
We protect profits by requiring authorization on all transactions.

Stand-in Functionality
Assists participating issuers with providing merchants authorizations when systems are down.

Fraud Prevention Seminars
Discover also sponsors seminars and lectures on fraud prevention. To learn more call, 1-800-347-6634

Other Important Reminders:

  • Your authorization code does not eliminate the possibility of a fraudulent sale
  • You are the first line of defense against fraud
  • Discover is here to assist you in the fight against fraud!

How do I report an Intellectual Property Rights violation?

Discover Network supports efforts to combat misuse of intellectual property. If you are an Intellectual Property Right-Holder and want to report a potential merchant violation of your intellectual property rights, please email us at

Please include the following information in your email (if available):
  • A description of the alleged infringement, including the identity of the site allegedly engaged in the sale of Illegitimate Products and evidence proving the allegation. If only certain items on a website are alleged to be Illegitimate Products, the Request must clearly identify those specific products and their location on the website
  • Evidence that the Illegitimate Products could be purchased using a Payment System Operator’s services, for example, by providing a screenshot of the Payment System Operator’s logo appearing on the merchant website. Test transactions are helpful, but not required to submit a complete Request
  • A copy of the Right-Holder’s cease & desist letter or DMCA notice notifying the website operator that it is engaging in infringing activity, or an attestation that, to the best of the Right-Holder’s knowledge, the site is not licensed or otherwise authorized to sell the alleged Illegitimate Products in question
  • Evidence demonstrating that the Right-Holder owns a copyright or trademark in question
Please Note: JavaScript is not enabled in your web browser. In order to enjoy the full experience of the Discover Network website, please turn JavaScript on. If JavaScript is disabled, some of the functionality on our website will not work.