As fraud tactics and cybersecurity breaches evolve, payment processors, card issuers, and merchants must work closer together to prevent attacks and remediate potential* impacts to merchants and their customers. As card brands like Visa and Mastercard roll out new fraud detection technologies*, businesses should also take action to protect their operations, employees, and customer payment data from bad actors. By partnering with your payments processor, you can understand how fraudsters target your business, tactics they use to steal customer payment information, and solutions for preventing fraud from occurring at the point of sale – in-person or online. Here is what you need to know.

Fraud categories: understand why bad actors are targeting your business

Detecting cyber-attacks, scams, and other threats to your business starts with understanding who is targeting your business and what they are trying to achieve. Most merchant fraud falls into these three categories:

  • True fraud
    While that may sound like an oxymoron, it is one of the oldest types of fraud. True fraud* occurs when bad actors use stolen credentials to open accounts in the victim’s name or uses stolen credit card information to make purchases online. Most commonly, these fraudulent purchases are eventually disputed by the actual cardholder which results in the card account being closed and the assignment of a new account number and card. If the dispute is considered valid, the merchant is required to refund the amount of the transaction plus a chargeback fee paid to the payment processor.

  • Carding fraud
    Fraudsters don’t always use the information that they steal; instead, carding fraud* occurs when cybercriminals package together thousands of stolen credit cards to sell to other groups for fraudulent use, or use stolen credit cards to buy prepaid cards to sell to unsuspecting customers. Like true fraud, cardholders will likely report their information as stolen and dispute the fraudulent purchases.

  • Friendly fraud
    This type of fraud goes by a lot of names – friendly fraud, first-party fraud*, or chargeback fraud. Regardless of terminology, it occurs when the cardholder disputes a transaction that they made (and was correctly fulfilled, like an online order or services rendered). This can happen unintentionally if the cardholder doesn’t recognize a credit card charge on their billing statement; it can also happen maliciously, if a cardholder tries to use a chargeback to get a refund even when they actually received the goods or services that they paid for. This type of fraud is harder to track or prevent* because the cardholder is the bad actor – merchants have to closely monitor their chargebacks and see if there are patterns or repeat offenders that they need to challenge.

Fraud tactics: learn common ways bad actors will try to exploit security vulnerabilities

Regardless of who the bad actor is or why they are targeting your business, they use and adapt numerous tactics to steal customer information and payment data. These constantly evolve to meet the challenge of antivirus software and other cybersecurity tools, which is why it is important for your business to be vigilant:

  • Card testing
    Fraudsters engage in card testing schemes* when trying to determine if a stolen credit card number is valid or what the credit limit is; they will make a large amount of small test purchases on merchant websites, which will usually result in chargebacks or fraud disputes that are costly for merchants. It is important for businesses to keep track of all transaction authorizations and declines, regardless of dollar amount*, to be vigilant about card testing and subsequent costs and consequences. This type of fraud tends to be more problematic for merchants, who might get hit with separate chargebacks for many small purchases, incurring fees for each transaction or authorization.

  • Phishing
    Using phishing tactics*, fraudsters will relentlessly try to gain access to your business systems to steal customer personal information and payment data – often by targeting your staff via email, text, and spoofed websites. The scammers may pretend to be legitimate businesses, banks, online resources, and credit card companies to trick people into sharing personal information, passwords, and possibly financial information – then using this stolen information to access your business’s systems and confidential data.

  • Account takeover fraud
    Fraudsters may gain control of customer bank accounts, social media accounts, or other valuable access credentials to make purchases; when customers regain control of their accounts, they will dispute transactions and file chargebacks that can be costly for merchants. While businesses cannot completely prevent account takeover fraud* that affects their customers, they can monitor for unusual types or volumes of purchases and prevent transaction authorizations that could turn out to be fraudulent later on.

  • Card-not-present fraud
    Any time someone makes a payment without presenting a physical card, it is called “card-not-present” – this includes online shopping, app purchases, and manually entered card details. Making fraudulent purchases can be easier when a card doesn’t have to be physically presented to make a purchase – like buying items online or subscribing for services. Thus, merchants must be vigilant about preventing card-not-present fraud* in their ecommerce operations with additional authentication measures, like address verification and CVV codes.

Fraud prevention and remediation tools: get started protecting your business, employees, and customers

Bad actors are constantly evolving their tactics to steal customer data, access business systems, and make fraudulent transactions. Businesses must continually evaluate their operations and implement improvements to stop data insecurity from creating huge financial and reputational losses. Consider these prevention and improvement tactics.

  • PCI DSS compliance validation
    PCI DSS requirements* apply to businesses of any size that accept credit card payments. These security standards and best practices help you protect customer payment data and frequently review your operations for security vulnerabilities. From technical requirements to employee protocols, PCI DSS is a comprehensive framework that your business should follow; if businesses do not validate and maintain compliance with PCI DSS, they may be found liable for any fraudulent transactions and incur larger financial/reputational losses.

  • EMV, encryption, and tokenization
    Card issuers and payment processors are always innovating to protect merchants from fraud attempts and data insecurity. It is critical for businesses to implement the latest payments technology to protect customer card data and improve data security for all operations. EMV-enabled payment devices* read and authenticate the card from the  secure chip on customer credit cards, while encryption and tokenization* mask card data during transactions to reduce the amount of information fraudsters can steal in a potential breach.

  • Address Verification Service (AVS)
    To combat in-person and online fraud, some checkout processes will prompt users to enter additional details beyond card number to help verify they are the legitimate cardholder. When these authentication steps include address details, like zip code, it is a feature of the Address Verification Service* offered by payment processors. Requiring users to enter some or all of their billing address can thwart bad actors who only have a small amount of stolen cardholder data and prevent the authorization (and eventual chargeback) of fraudulent transactions.

  • CVV codes
    Like the Address Verification Service, payment processors also enable businesses to request additional cardholder information before authorizing transactions; requiring online shoppers to enter the Card Value Verification (CVV) code* on the back of the physical card at checkout can prevent purchases by fraudsters who only have a stolen credit card number.

Fraudsters will continue improving their tactics to target business information systems and customer payment data; that’s why it is important to partner with your payments processor to understand emerging threats, identify vulnerabilities in your operations, and invest in solutions to prevent fraudulent transactions at checkout – online or in-person.

* By selecting this link, you will leave Elavon content and enter a third-party website. Elavon is not responsible for the content of, or products and services provided by this third party, nor does it guarantee the system availability or accuracy of information contained in the site. This website is not controlled by Elavon. Please note that the third-party website may have privacy and information security policies that differ from those of Elavon.


Request a call back

We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7/365.

This contact form is for US customers only. If you are looking for one of our other locations, please visit to find your country or region.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

By providing us with an email address you are expressly consenting to receiving email communications – including but not limited to marketing material/advertising, promotions, sales campaigns, and questioner/research surveys. By providing us with a telephone number for a cellular phone or other wireless device, including a number that you later convert to a cellular number, you are expressly consenting to receiving communications – including but not limited to prerecorded or artificial voice message calls, text messages, and calls made by an automatic telephone dialing system – from us and our affiliates and agents at that number. This express consent applies to each such telephone number that you provide to us now or in the future and permits such calls for non-marketing purposes. Calls and messages may incur access fees from your cellular provider. We accept relay calls. Your privacy is important to us. By clicking “submit” you agree to our terms and conditions.


Available Mon. – Fri.
9:00 AM - 7:00 PM EST

Customer Support

Available 24/7