Best Practices: Preventing and Responding to Fraudulent Booking Attempts

Summary

As online payment activity increases across the industry, it’s more important than ever for campgrounds to recognize and respond appropriately to potential fraud. This article outlines common signs of fraudulent booking attempts and recommended steps to take if you suspect a booking was made using a stolen credit card.

Understanding the Attempt

Fraudsters may attempt to make reservations using stolen credit card information. They often start with small test transactions to confirm whether a card is active, followed by larger bookings—sometimes exceeding $1,000.

Once a high-value reservation is successfully booked, the fraudster may contact the park to modify or cancel the reservation and request that the refund be issued to a different card.

⚠️ Important: Refunds should only ever be issued to the original card used for payment. Requests to refund to a different card are a strong indicator of fraudulent behavior.

steps to take after a fradulent booking

If you believe a booking was made using stolen card information, follow these steps:

Do not issue a refund manually.

Refunds should always go back to the original payment method. Issuing a refund to another card or outside the original payment path can result in financial loss to your park.
Attempt to void the payment in card processor merchant portal (if same day).

If you are able to identify the fraudulent booking within the same day that the booking was made, and the payment has not been batched or processed, you may still be able to void the payment. Doing so will return the payment back to the cardholder and avoid further risk of a fraudulent refund request scenario.
If the void option is not available, wait.

Once a batch has closed, the void option is no longer available. In most cases, the legitimate cardholder will notice the charge and file a dispute with their bank. When this happens, funds are automatically withdrawn by your payment processor—no action is needed on your end.
Avoid issuing a second refund.

If a cardholder dispute (chargeback) occurs and you’ve already refunded the guest, this could result in a double refund, meaning your park loses additional funds.

Important Note: Once a chargeback has been assigned to your merchant account, you should accept it. This differs from a standard chargeback (not related to fraud), which you would typically dispute.

5. Cancel the reservation in Campspot once confirmed fraudulent.

Once you’re confident the booking was fraudulent, you can cancel the reservation in Campspot to reopen the site for new bookings.

how to reconcile the transaction in campspot

Follow the steps below to reconcile the fraudulent transaction in Campspot.

Cancel the reservation and uncheck “Send Email” to prevent a cancellation email from being sent.
Refund the overpayment to “Virtual CC Terminal.”After the cancellation is processed, there will be an overpayment on the reservation. Refunding to Virtual CC terminal will not move the money anywhere but will balance your books.

Important Note: If the reservation was made through the Marketplace, Campspot will continue to apply the standard Marketplace percentage to your next invoice until the reservation is cancelled.

Preventative Measures for Parks

While it’s not possible to prevent every type of fraud attempt, there are a few proactive steps you can take to strengthen your defenses:

Enable Address Verification (AVS) and CVV checks in your CardPointe settings under Administration > Security. These settings help validate that the billing address and security code entered by the guest match what their bank has on file.

Keep in mind: Strict AVS settings can sometimes result in legitimate declines (for example, if a guest mistypes an address). This is an important consideration to make before turning on AVS.

Never issue refunds to a card other than the one used for payment.
This is one of the most effective ways to prevent loss due to fraud.
Verify suspicious callers.
If someone calls about a recent booking and seems unsure which park they’ve contacted or which card was used, it may be a sign of a widespread fraud attempt. Always ask the caller to verify information rather than offering it.

frequently asked questions

Q: Does Campspot has any safeguards and/or procedures that we need to be aware of to prevent these fraud attempts and/or to recover our losses?

Campspot has safeguards in place to prevent certain kinds of fraudulent attempts, notably to identify card testing or brute-force attacks. Additionally, the payment processor (Fiserv/CardPointe) has fraud mitigations in place (i.e. they will decline cards they believe to be being used fraudulently, will shut down gateways if too many attempts are tried, etc.). However, there is no way to prevent all fraud and is an inherent risk to taking credit card payments - fraudulent activity is going to be tough to completely stop for any company that operates in an online market.

Q: Does Campspot offer any fraud protection for losses sustained by Campspot customers?

No, there is inherent risk of potential fraud for all merchants who take credit card payments.

Q: Are there any best practices that we can implement to identify these attacks and to identify fraudulent reservations?

Being vigilant to suspicious inquiries from customers, especially those wanting a refund to another form of payment - a request to refund to a different payment method is a sign of potential fraud.

Never Refund to a Different Payment Method: This is the most critical rule. We strongly urge you to only issue refunds to the original credit card used for the purchase. Making exceptions to this policy is at your own discretion and significantly increases your financial risk.
Void Suspicious Same-Day Transactions: If you identify a transaction you believe is fraudulent on the same day it was made, you should attempt to void it immediately via your credit card processor. A void cancels the transaction before it settles, once your daily batch has closed, this option is no longer available.
Do Not Refund Settled, Suspicious Transactions: If the payment cannot be voided (e.g., the batch has already closed), we recommend that you do not refund the payment if you suspect fraud. In most cases, the legitimate owner of the stolen card will dispute the charge with their bank. This will result in a chargeback, which will automatically process and remove the payment from your bank account. Important: If you issue a refund and the chargeback occurs, you risk doubling your loss (refunding the money yourself and also having it reclaimed by the chargeback).

Q: Is there a setting that will block any attempt to return funds to a card that is different than the original payment card?

Yes, this feature exists but is currently can only be turned on or off by a Campspot team member. Soon, parks will be able to turn it on or off directly in Campspot. We’ll share an announcement once it’s released. If you would like to disable this safeguard prior to the feature release, please contact support@campspot.com.

Additional safeguards that you can take:

Enable notifications: In your CardPointe/CardConnect portal, enable notifications for "Per Declined Transactions" and "Per Chargeback". This may be a forewarning to attempted fraud if you notice an influx of declined transaction notifications.
Enable AVS or CVV: An additional safeguard you can take is to enable AVS or CVV in your CardPointe portal. This means if there is a name, address or CVV mismatch to the card number, the transaction will be immediately declined. However, CardPointe has seen transactions that should have been approved get declined, so there is also some risk with these additional security features enabled.