Does your business have policies in place for each of payment method you accept? Payment policies are critical in protecting the financial health of a business. Small businesses without payment acceptance policies are vulnerable to fraud.
We strongly advise that the best practice before accepting any form of payment is to know your customer. Be mindful, watch for any red flags and take action to delay delivery until you gain a comfort level with the validity of your customer and their payment method.
It is especially important for merchants to understand that card payments are a convenience form of payment, not a guaranteed form of payment. Since the rules and regulations are written in favor of the cardholder, merchants must be diligent in protecting their business against fraud and disputes.
Each year millions of dollars are lost on fraudulent card use. To protect your business from chargebacks and fraud, best practices include...
- Cards accepted face to face (electronically read, receiving an approval code and cardholder signature) are the safest card acceptance method. Always obtain a manual imprint of the card on a sales draft whenever you cannot swipe the card. A disputed charge is more likely to result in a chargeback loss if you cannot provide proof that the card was present and you were able to compare signatures. Also consider using security functions such as entering the “last four digits” of the card on swiped-card transactions and match the address verification value and the card verification code (CVV2) to help identify use of counterfeit cards.
- For card not present transactions, implement AVS (address verification service) to verify the billing address, not the shipping address. Check CVV2 codes to make sure your customers have their cards in their possession. CVV2 no match transactions are 5 times more risky. The best practice is to ship to the cardholder address that matches a positive AVS response and get your customers to sign for receipt. Be suspicious of customers requesting that merchandise be sent to another state or country that is not their billing address.
- Consider implementing Verified by Visa and MasterCard SecureCode. Verified by Visa and MasterCard SecureCode are payment initiatives designed to reduce the risk of unauthorized use of a cardholder account by authenticating the cardholder attempting to make a purchase online. Authentication makes Internet shopping better and safer for both buyers and sellers on the web by reducing the merchant's exposure to fraud and frivolous disputes, while protecting the cardholder from fraudulent use of their credit card. Implementing Verified by Visa shifts liability away from the merchant and on to the card issuer in specific cases.
- Use caution when processing International Orders. Fraudulent transactions that originate overseas are on the rise. International transactions have an 8 times higher fraud rate. Properly identify the person with whom you are dealing. Take a second look at what is being ordered and where it is being shipped. Did your customer offer you multiple cards as payment? Is the customer asking for immediate shipment? Does the transaction make sense? If not, you may have just detected a fraudulent transaction and saved yourself from taking a loss. There is a tremendous amount of fraud with international transactions, and it is virtually impossible to win the chargeback case. Banks outside the U.S. may not support additional security features like AVS, CVV2, and Verified by Visa.
- Do not split a transaction. If a sale on a card for $1,000 is declined, it means the cardholder does not have the available credit. Do NOT charge the card $250 four times to get the sale to go through. The cardholder’s bank will most likely charge this back to you, and you will lose.
- Do not factor transactions. This means that you do not run transactions for another business through your credit card terminal. This will not only cause chargebacks (customers won’t recognize your business name on their statement) but MC/Visa will promptly relinquish your right to accept credit cards if you are caught doing this.
- Use Code 10 calls to your voice authorization center when you are suspicious about accepting a credit card. The phrase "Code 10 authorization" is used to avoid alerting the customer to the fact that you are suspicious of their attempted transaction. The operator then asks the merchant a series of YES or NO questions to find out whether the merchant is suspicious of the card or the cardholder.
- Be suspicious of customers wanting to use numerous cards, especially when the cards all have the same first six digits. This means that all of the cards were issued by the same bank. The “customer” has most likely obtained a list of cards from that bank and they are fishing to see which ones will get approved. Remember, it is not uncommon for a person to have multiple credit cards – each from a different bank – but it makes no sense that a person would have numerous credit card accounts with the same bank.
- Be cautious on phone orders coming from a person using a special phone system designed to assist the hearing impaired and complete thorough due diligence to verify that the transaction is legitimate. Unfortunately this system is abused to commit fraud and merchant’s sympathy may cloud judgment.
- Have your customers type their Initials as evidence that they have read and agree to your return policies. However, note that if you maintain a limited refund policy such as "No refunds / All Sales Final" the product or services is still expected to work as advertised and be what was ordered otherwise merchants may still face "Not as Described" chargebacks.
- Be cautious of first-time orders with large quantity and overnight delivery request. If you are dealing with a new customer, especially one who is placing a large order, take a few extra steps to try to verify the legitimacy of the person or business. For example, check to see if they are listed in the phone book using a service like www.whitepages.com that offers a “Reverse Search” that allows you to enter a phone number or address to see if that person or business is listed.
- When taking cardholder information, ask for card type not just card number. Fraudulent use may result in someone with a card number, not the card and who doesn't know the type of card they have.
- Watch for repeat orders in a short period of time. Fraud transactions will send a trial balloon transaction and if accepted will use this card to move in for the kill.
- Watch free email accounts. They are commonly used by those who wish to hide their identity. Be suspicious of customers who will only communicate with you via email. Take a minute to contact the customer on the phone and verify the order. This is not a guarantee that the person is not trying to commit fraud but a lot of times perpetrators will not give a merchant a valid phone number to reach them.
Bottom line: establish payment acceptance policies and if you not comfortable accepting a card payment, ask for another form of payment or pass on the sale altogether. Better safe than sorry when it comes to high risk sales.