It takes an assortment of tools to prevent fraud. Reading through the rest of the FAQs listed here will help you determine what your business needs to do to reduce your fraud risk.
Here are some guidelines for preventing Internet, telephone or mail order fraud.
We request that cardholders provide the following information during the order-taking process:
For each transaction, be sure to:
Do not use key card information to force through a sale for which you have received a declined response to your authorization request.
The following behaviors indicate higher-risk transactions. One behavior alone may not be a concern.
Yes. These are a few of them:
Tips for protecting customer information:
Refer to your Merchant Operating Regulations for further card-not-present (CNP) requirements for the submission of sales.
If there is a breach in your system, notify Discover Security within 48 hours by calling 1-800-347-3083 or emailing email@example.com
The CID helps ensure that the cardholder possesses the card at the time of purchase. It may also help protect you against chargebacks in the event of a dispute.
Ensure that the proper person received the shipment by requiring documentation of delivery. In a chargeback dispute, you can then verify delivery information. Also refer to the requirements in the Merchant Operating Regulations, Section 4.
The best way to protect your business is to develop an information security strategy. The basics include but are not limited to firewalls, cryptography tools, and anti-virus software. The rule with data security is: you can’t be too careful.
If a card's magnetic stripe can't be read, obtain an imprint of an embossed card. Ensure the imprint clearly shows the card number, expiration date, cardholder name, and stylized "D" character. Refrain from keying unembossed cards if you are suspicious.
Call 1-800-347-1111 and ask for a Code 10 authorization if you suspect a transaction is fraudulent.
Help protect your cardholders and your profits through our multilayered fraud prevention programs and services.
Card Identification Features—for Major Card Brands (#33844)
Card identification features for the major credit card types can help. Order them by contacting your acquirer.
Card Identification Data (CID)
The three-digit CID provides an additional layer of security to reduce authorization testing. The CID may also be entered into your point-of-sale (POS) system for a swiped or keyed transaction to further authenticate the validity of the card.
Address Verification Services (AVS)
To limit fraud on CNP transactions, we require merchants to capture the cardholder's address for verification.
Fraud Prevention Solution: Verify+
Enroll in our free fraud prevention solution, which compares the customer's full name, complete billing address, up to three phone numbers, and an email address with the issuer's records. You will receive an immediate match/no-match response from our website.
Address Change Notification (ACN)
Minimizes the risk of account takeover fraud. When supported by your acquirer or processor, merchants requesting an AVS are sent an ACN. The ACN indicates the number of days since the last cardholder billing address change (if the change was within the last 45 days).
Card Verification Value (CVV)
A unique value is encoded on the magnetic stripe of the card; the issuer provides it as protection against counterfeit cards.
Code 10: Suspicious Situations
Merchants who become suspicious during a card-present transaction can phone in a Code 10 authorization request, which alerts the issuer and protects the cardholder. Our automated authorization line will connect the merchant to the appropriate issuer.
100% Authorization Requirement
We protect profits by requiring authorization on all transactions.
Assists participating issuers with merchant authorizations when systems are down.
Fraud Prevention Seminars
Discover sponsors seminars and lectures on fraud prevention. To learn more, call 1-800-347-6634, or email us
Other Important Reminders:
Discover Network supports efforts to combat misuse of intellectual property. If you are an intellectual property right holder and want to report a merchant violation of your intellectual property rights, email us at firstname.lastname@example.org
Please include the following information in your email (if available):
The Discover Information Security & Compliance (DISC) program helps implement and maintain efficient data security and procedures for its constituents and promotes the adoption of secure transaction processing of cardholder data on the Discover network.
As part of DISC, Discover partnered with other major payment card brands to form the Payment Card Industry Security Standards Council, LLC (PCI SSC). The PCI SSC launched on September 7, 2006, to manage the PCI security standards, which focus on improving payment account security throughout the transaction process. Discover is committed to the PCI security standards as the industry standards for the payment card industry. The DISC program promotes compliance to PCI security standards by helping safeguard cardholder data and limit data compromises.
To find out more, please visit the PCI SSC website
In addition to requiring compliance to PCI security standards, Discover requires that each new implementation of payment applications by merchants, and their agents, is compliant with the Payment Card Industry Payment Application Data Security Standard (PA-DSS).
For a list of PA-DSS-compliant applications, or information on PA-DSS, visit the PCI SSC website
Acquirers & Service Providers
There are separate compliance requirements for acquirers and service providers. In addition to requiring compliance to the PCI security standards, Discover supports the PA-DSS and recommends that acquirers ensure that their merchants, service providers, and agents use payment applications that have been validated as compliant with PA-DSS.
For more information on PA-DSS, visit the PCI SSC website
ProtectBuy is a Discover Three Domain Secure (3DS) customer authentication solution. With ProtectBuy, both merchant and issuer can help mitigate card not present fraud risk and reduce chargebacks by verifying the customer’s identity at the time of the transaction.
As EMV® reaches critical mass in safeguarding the card present space, fraudulent activity will migrate to card-not-present transactions, as already seen in Europe. ProtectBuy will help reduce the likelihood of fraudulent usage of payment cards.
Three Domain refers to the security from these three domains: 1.) Merchant/Acquirer 2.) Network 3.) Issuer. 3DS creates a secure pipeline across the three parties, which validate a consumer’s identity when they are shopping online.
ProtectBuy provides an additional layer of security so that both Merchants and Issuers can help mitigate card not present fraud risk and reduce chargebacks by validiating the customer’s identity at the time of the transaction. ProtectBuy improves customer confidence in online shopping and provides a simple, easy cardholder experience.
ProtectBuy uses risk-based authentication. Simply put, we will analyze the customer behavior and only challenge the riskiest transactions. Previous versions in the market would challenge every transaction, which led to shopping cart abandonment and a poor customer experience.
The customer will receive a one-time password via text or email, which is to be used in the ProtectBuy pop up on the merchant’s page. By doing this, a customer does not have to remember user names, passwords, or answers to security questions.