8 actionable tips to prevent card present fraud

Last Updated on June 10, 2025 by Victor Wu

While a lot of attention is given to card-not-present fraud (and rightly so!), it's important to remember that fraud can also happen with in-person (card-present transactions). The good news is that modern card technology has made this less common, but staying alert and knowing what to look for can help you keep your business and your customers secure.

This article will discuss some best practices and red flags to watch out for at the point of sale.

8 actionable tips to prevent card present fraud

Unlike card-not-present transactions, in-person transactions provide you with more clues and signals to identify fraudulent transactions. Below are some tips to prevent card-present fraud:

• Prioritizing EMV (Chip & PIN) and NFC (Tap) payments
• Avoid keying in an in-person transaction
• Asking for customer ID when the card signatures are missing
• Paying attention to suspicious card behavior and error messages
• Recognizing counterfeit cards
• Paying attention to customer traits and body language

1. Prioritizing EMV (Chip & PIN) and NFC (Tap) payments

Encourage customers to use cards with visible chips or that are enabled for tap (NFC payments). These methods are significantly more secure than swiping the magnetic stripe.

• Chip cards (EMV): The data on a chip card is encrypted and constantly changing, making it incredibly difficult for fraudsters to copy. To tamper with a chip, a fraudster would need some serious technical know-how and expensive gear.
• Tap to Pay (NFC): Similar to chip cards, NFC transactions use secure, encrypted card data for each payment.
• The risk of swiping: Magnetic stripes, on the other hand, contain static, unencrypted data. Fraudsters can use card skimmers on card readers to steal this information. If a customer has a chip card, avoid swiping it unless the chip reader is malfunctioning (and even then, be cautious).

2. Avoid keying in an in-person transaction

If a customer has their physical credit card in hand, they should be the one using it—by inserting or tapping it themselves. If a customer is trying to use a physical card that is not theirs, they may ask that you key it in so they can avoid having to enter a PIN. As a general rule, manually keying in credit card information to your terminal should only be an alternative solution that you, the merchant, suggest, not the customer.

3. Asking for customer ID when the card signatures are missing

Cardholders are supposed to sign the back of their credit cards before using them. If the card isn’t signed, you can ask for ID to check that the name and signature match. However, it's important to know the card brand rules.

For example, Visa rules and policy states that you can ask for ID but cannot "require it as a condition of Visa card acceptance." Visa Core Rules also state that "if the Cardholder does not provide identification, the Merchant may decide whether to accept the Card."

Mastercard Rules states that "a merchant may request, but must not require, a cardholder to provide additional identification information as a condition of card acceptance unless such information is required to complete the transaction, such as for shipping purposes, or the standards specifically, permit or require such information to be collected."

Your best bet is to follow your instinct – if something feels off, a polite request for ID is reasonable.

4. Paying attention to suspicious card behavior and error messages

If a customer tries multiple cards unsuccessfully, it could indicate they're trying out stolen cards. You can confirm that the name is the same on both cards the customer presents. Some fraudsters may have multiple stolen cards with them and will test them by trying the different cards to see which ones work and which ones will be declined.

Besides, if the card payment is declined, paying attention to error messages on your terminal:

• DECLINED: The issuing bank (card issuer) has refused the transaction. If you see this multiple times with different cards from the same customer, be wary. You should generally only try a card twice before asking for another form of payment.
• PICK-UP CARD: This can mean the card is expired or has been reported stolen. Don't return the card; follow the instructions provided by your terminal or acquirer, which may include contacting the voice authorization center.
• CHIP ERROR / INSERT/SWIPE ERROR: This could indicate a counterfeit card or a damaged chip. A fraudster might hope you'll then key in the transaction, bypassing the chip's security. It's often best to request another form of payment with a working chip.

5. Recognizing counterfeit cards

Like paper money, credit cards have security features. Here are a few things to look for:

• Print quality: Is the printing clear and aligned? Fake cards might have blurry text or off-center embossing.
• Holograms: Most cards have a hologram (like a dove for Visa or globes for Mastercard). These are hard to fake.
• Expiration date: Is it valid? If the card says it's expired but still seems to work, that's a red flag.
• Receipt match: Do the last four digits on the card match the receipt from the transaction? If not, reverse the transaction immediately.

6. Paying attention to customer traits and body language

How a customer behaves can also be an indicator:

• Nervous or rushing: Are they overly anxious or trying to hurry you through the sale?
• Odd timing: Some fraudsters target stores right at opening or closing when staff might be busy or less attentive.
• Big-ticket disinterest: Purchasing expensive items with little concern for price, features, or delivery details can be suspicious. They might also request unusual next-day shipping or want someone else to pick up the item.
• Distraction tactics: Be wary of customers trying to distract you to gain access to the terminal or obscure an error message.
• Memorized numbers: If a customer wants you to key in a card number they recite from memory, this is highly suspicious.

Card-present fraud prevention checklist

A little observation can go a long way. Pay attention to both the card itself, your payment terminal, and the customer's behavior.

Quick checklist: card-present fraud red flags

• Is the customer insisting on swiping/keying a chip card?
• Are there multiple cards declined? Or was the card pulled from a pocket instead of a wallet?
• Does the card look tampered with, low quality, or shows signs of alteration?
• Does the customer seem overly nervous, rushed, or eager to distract you?
• Is the purchase unusually large with no questions asked about the product?
• Does the signature on the receipt look forced or very different from the card?

Quick checklist: terminal security basics

• Always use a chip or tap if the card supports it.
• Regularly check terminals for any signs of tampering or skimmers.
• Never leave terminals unattended where customers can access them.
• Use strong, unique passwords on your terminals (not the default!).
• Observe customers during PIN entry (discreetly, of course) to ensure they aren't struggling or trying to bypass PIN.
• Make sure your terminal makes a sound with each keystroke—this can help you notice if a customer is pressing more keys than expected (e.g. trying to access menus or issue a refund).

What are the best practices to protect your business from card-present fraud?

There are a few easy ways you can help protect your business from fraud when processing in-person transactions.

• Updating your payment machine with the latest technology
• Having a custom supervisor password for your terminal
• Stay alert to what your customers are doing in your store
• Keep an eye out for customers' suspicious behaviors

1. Updating your payment machine with the latest technology

Being able to accept chip and pin or NFC and contactless payments instead of swiping a card can help keep the transaction more secure because the cards are enabled with chip technology that is harder to tamper with compared to magnetic strip cards. Some fraudsters target businesses that still exclusively rely on swiping credit cards and are not using EMV-compliant terminals, so you don't want your business to be a safe haven for fraudsters.

2. Having a custom supervisor password for your terminal

You can also add a custom supervisor password to your terminal to help ensure that only your employees will be able to access the terminal menu and the different transaction types. The password will act as a barrier to prevent an unauthorized user from refunding transactions without permission or accessing the terminal menu.

3. Staying alert of what your customers are doing in your store

Stay alert and aware of what your customers are doing in the store and the condition of the cards they're using to pay for purchases. While it's easy to get into a routine while processing transactions all day, every day, it's worth keeping an eye out for fake credit cards. Signs that a credit card might be fake are:

• If the printing and the embossing on the card are misaligned
• If there is no hologram on the front of the card
• If the expiry date has passed
• If the last four numbers on the card do not match the transaction receipt.

4. Keeping an eye out for customers' suspicious behaviors

Keep an eye out for customers who might be pressing more keys than usual. This could be a sign that they might be trying to access the terminal menu, key in their card number, or issue themselves a refund.

If you want to be able to monitor which keys a customer is pressing on your terminal, you can configure the settings so that a sound accompanies each keystroke. If you notice they are pressing more keys than required, be sure to double-check the receipt and confirm it shows accurate transaction information and that the terminal wasn't tampered with.

5. Not accepting compromised cards at my business

Educate your staff on what unusual activity looks like at the point of sale. Watch for signs like customers using multiple cards that trigger error messages, as they are likely fraudulent charges. To stay ahead, educate customers too. Let them know you take security seriously and may ask for additional verification if something seems off. Simple steps like checking the card’s chip, matching ID, or confirming the last four digits on the receipt can go a long way in stopping fraud before it happens.

What are common mistakes that lead to card-present fraud?

There are a few key things you should avoid if you're processing in-person transactions.

Firstly, don't leave your terminal unattended in a place where a potential fraudster would be able to tamper with it and potentially install a card-skimming device. Learn how to protect your credit card reader from fraud here.

If you spot anything unusual on your terminal or see unfamiliar equipment attached, stop using it until you’re sure it hasn’t been tampered with.

It’s just as important not to leave customers alone with the terminal during a sale. Some fraudsters know how to access menus and may try to issue a refund to their own card instead of completing a purchase. This risk is even higher in places like restaurants, where customers are often left with the terminal while staff are busy elsewhere.

What you should do if you think a transaction is fraudulent

Even if you have a strong understanding of all the red flags that can indicate fraud, there may still be a situation where you end up processing a transaction that you suspect is fraudulent. In these cases, you should make a CODE 10 CALL, which is an authorization request that can be done at any point during a transaction to alert the issuing bank of suspicious activity without notifying the customer.

You can also cancel a questionable transaction by running a VOID transaction before the batch settles. This will prevent the transaction from being processed and prevent processing fees from being charged.

Final thoughts

These tips can help you protect your business from fraud when processing in-person transactions. While it's nearly impossible to completely remove risk from credit card processing, the benefits of accepting credit cards still outweigh the risks, especially if you're vigilant when it comes to fraud.

FAQs

Can card-present fraud happen for debit cards?

Yes, debit cards can be targeted in card-present fraud, especially if the transaction is done by swiping the magnetic stripe or if a fraudster convinces you to key in the card number. Just like with credit cards, fraudsters may use skimmers to steal unencrypted data or try to bypass PIN entry. Chip-and-tap (NFC) payments are much safer for debit transactions. Always follow the same precautions you would for credit cards—look out for red flags and don’t process a payment that feels off.

Can I refuse a sale if a customer won't show ID when their card isn't signed?

Card brand rules can be specific. For instance, Visa allows you to ask but not to decline solely based on not having an ID if other valid criteria are met. It's best to use this as one factor in your overall assessment of the transaction's legitimacy. If you're very uncomfortable, you can politely decline the sale.

What should I do if the terminal says "PICK-UP CARD"?

This usually indicates the card has been reported lost or stolen. You should not complete the transaction or return the card. Follow any prompts on your terminal or contact your merchant services provider for guidance.

How often should I change my terminal password?

It’s good practice to change it periodically, especially if staff members who knew the password leave your employment. Helcim automatically mandates a password change every 90 days. Ensure the new password is a strong one that isn't easily guessed.