Card Acceptace Best Practices

It is important for merchants to understand that accepting a card payment should be consider a ‘convenience’ form of payment, NOT a ‘guaranteed’ form of payment. Since the rules and regulations are written in favor of the cardholder, merchants must be diligent in protecting their business against fraud and disputes that lead to chargebacks.

What to do

  • Ensure your DBA (doing business as) name that your customer will recognize appear correctly on the cardholder billing statement.  Confusion about charges from unrecognized transactions lead to unnecessary cardholder inquires and disputes.  It is also a best practice to make sure your customer service phone number appears on the cardholder billing statement, so your customers have the choice of calling you directly before calling their card issuing bank. 
  • Implement AVS (address verification service) to verify the billing address, not the shipping address.  The best practice is to ship to the cardholder billing address that received a positive AVS match response and get your customers to sign for receipt.  Be suspicious of customers requesting that merchandise be sent to another street address, state or country that is not their billing address.
  • Check the CVV2 code on the card to make sure your customers have their cards in their possession. Transactions that return a CVV2 code ‘no match’ response are 5x more risky.
  • Clearly state up front what you are selling, as well as what your billing, return, and shipping and out of stock policies are. Do not bury these policies deep within your site, they must be clearly disclosed. For maximum protection, have your customers type their Initials as evidence that they have read and agree to any limited refund policy such as "No refunds / All Sales Final".  Note, even with restrictive refund policies, products and services must work as advertised and be what was ordered otherwise merchants may still face "Not as Described" chargebacks.
  • On your website, display both customer service phone numbers and email addresses in prominent positions and promote their use by customers with questions about their order or product.
  • Consider implementing Verified by Visa and MasterCard SecureCode.
  • Make sure your payment systems are PCI compliant to protect cardholder data and your business. Protect your reputation as a safe place to do business.
  • Reference the Card Acceptance Guide.

What to avoid

  • Do not run your personal card through your own merchant account service to receive a cash advance. This is a violation of the terms of service.  If you need a cash advance from your credit card, go to your local bank.
  • Do not split a transaction into smaller amounts on the same card.  For example, if a sale on a card for $1,000 is declined, it means the cardholder does not have the available credit. Do NOT charge the card $250 four times to get the sale to go through. The cardholder's bank will most likely charge this back to you and you will lose by rule.
  • Do not factor transactions. This means do not run transactions for another business through your merchant account. This is strictly prohibited by card brand rules and is very risky as you will be responsible for any chargebacks.  

What to guard against

  • Be suspicious of customers wanting to use numerous cards, especially when the cards all have the same first six digits. This means that all of the cards were issued by the same bank. The “customer” has most likely obtained a list of stolen cards. Remember, it is not uncommon for a person to have multiple credit cards – each from a different bank – but it makes no sense that a person would have numerous credit card accounts with the same issuer.
  • Be cautious on phone orders coming from a person using a special phone system designed to assist the hearing impaired and complete thorough due diligence to verify that the transaction is legitimate. Unfortunately, this system is abused to commit fraud and merchant’s sympathy may cloud judgement.
  • Be cautious of first-time orders with large quantity and overnight delivery request. If you are dealing with a new customer, especially one who is placing a large order, take a few extra steps to try to verify the legitimacy of the person or business. For example, check to see if they are listed in the phone book using a service like www.whitepages.com that offers a “Reverse Search” that allows you to enter a phone number or address to see if that person or business is listed.
  • Use caution when processing International Orders. Fraudulent transactions that originate overseas are on the rise. International transactions have an 8x higher fraud rate.
  • Watch for repeat orders in a short period of time. Fraudsters often try a small transaction and if accepted will use the card again for additional orders.
  • Watch free email accounts. They are commonly used by those who wish to hide their identity. Be suspicious of customers who will only communicate with you via email. Take a minute to contact the customer on the phone and verify the order. This is not a guarantee that the person is not trying to commit fraud, but a lot of times perpetrators will not give a merchant a valid phone number to reach them. 
  • Do not manual key enter credit cards that do not dip/tap/swipe.  Always ask for another form of payment.  “Damaged” cards are more likely to result in disputes and chargeback fraud.  
  • Be very cautious accepting calls asking you merchant account questions.  Warn your employees about being instructed to make programming changes to your terminal or point of sale.  Warn your staff not to follow instructions about how to run a transaction from any customer ‘trying to help’.  Protect your point of sale and card acceptance devices from unauthorized access.  

Conclusion

Use common sense when accepting a card payment.  Know your customer, properly identify the person you are dealing with, take a second look at what is being ordered and where it is being shipped. Did your customer offer you multiple cards as payment? Is the customer asking for immediate shipment? Does the transaction make sense? If not, you may have just detected a fraudulent transaction and saved yourself from taking a loss.