It takes an assortment of tools to prevent fraud. Reading through the rest of the FAQs listed here will help you determine what your business needs to do to reduce your fraud risk.
Below are some guidelines for preventing Internet, telephone or mail order fraud.
Do not use key card information to force through a sale for which you have received a declined response to your authorization request.
The following behaviors indicate higher-risk transactions. One behavior alone may not be a concern.
These best practices apply to internet commerce.
Protecting Customer Information
Refer to your Merchant Operating Regulations for further card-not-present (CNP) requirements for the submission of sales.
If there is a breach in your system, notify Discover Security within 48 hours by calling 1-800-347-3083 or emailing firstname.lastname@example.org
The CID helps ensure that the cardholder possesses the card at the time of purchase. It may also help protect you against chargebacks in the event of a dispute.
Ensure that the proper person received the shipment by requiring documentation of delivery. In a chargeback dispute, you can then verify delivery information. Also refer to the requirements in the Merchant Operating Regulations, Section 4.
The best way to protect your business is to develop an information security strategy. The basics include but are not limited to firewalls, cryptography tools, and anti-virus software. The rule with data security is: you can’t be too careful.
If a card's magnetic stripe can't be read, obtain an imprint of an embossed card. Ensure the imprint clearly shows the card number, expiration date, cardholder name, and stylized "D" character. Refrain from keying unembossed cards if you are suspicious.
Call 1-800-347-1111 and ask for a Code 10 authorization if you suspect a transaction is fraudulent.
Help protect your cardholders and your profits through our multilayered fraud prevention programs and services.
Card identification features for the major credit card types can help. Order them by contacting your acquirer.
The three-digit CID provides an additional layer of security to reduce authorization testing. The CID may also be entered into your point-of-sale (POS) system for a swiped or keyed transaction to further authenticate the validity of the card.
To limit fraud on CNP transactions, we require merchants to capture the cardholder's address for verification.
Enroll in our free fraud prevention solution, which compares the customer's full name, complete billing address, up to three phone numbers, and an email address with the issuer's records. You will receive an immediate match/no-match response from our website.
Minimizes the risk of account takeover fraud. When supported by your acquirer or processor, merchants requesting an AVS are sent an ACN. The ACN indicates the number of days since the last cardholder billing address change (if the change was within the last 45 days).
A unique value is encoded on the magnetic stripe of the card; the issuer provides it as protection against counterfeit cards.
Merchants who become suspicious during a card-present transaction can phone in a Code 10 authorization request, which alerts the issuer and protects the cardholder. Our automated authorization line will connect the merchant to the appropriate issuer.
We protect profits by requiring authorization on all transactions.
Assists participating issuers with merchant authorizations when systems are down.
Discover sponsors seminars and lectures on fraud prevention. To learn more, call 1-800-347-6634, or email us
Discover Network supports efforts to combat misuse of intellectual property. If you are an intellectual property right holder and want to report a merchant violation of your intellectual property rights, email us at email@example.com
Please include the following information in your email (if available):
The Discover Information Security & Compliance (DISC) program helps implement and maintain efficient data security and procedures for its constituents and promotes the adoption of secure transaction processing of cardholder data on the Discover network.
As part of DISC, Discover partnered with other major payment card brands to form the Payment Card Industry Security Standards Council, LLC (PCI SSC). The PCI SSC launched on September 7, 2006, to manage the PCI security standards, which focus on improving payment account security throughout the transaction process. Discover is committed to the PCI security standards as the industry standards for the payment card industry. The DISC program promotes compliance to PCI security standards by helping safeguard cardholder data and limit data compromises.
To find out more, please visit the PCI SSC website
In addition to requiring compliance to PCI security standards, Discover requires that each new implementation of payment applications by merchants, and their agents, is compliant with the Payment Card Industry Payment Application Data Security Standard (PA-DSS).
For a list of PA-DSS-compliant applications, or information on PA-DSS, visit the PCI SSC website
There are separate compliance requirements for acquirers and service providers. In addition to requiring compliance to the PCI security standards, Discover supports the PA-DSS and recommends that acquirers ensure that their merchants, service providers, and agents use payment applications that have been validated as compliant with PA-DSS.
For more information on PA-DSS, visit the PCI SSC website