» Merchant Resources
» PCI Data Security
» Merchant Memos
Accepting Card Payment Best
It is important for merchants to understand that card payments are a convenience form of payment, not a guaranteed form of payment. Since the rules and regulations are written in favor of the cardholder, merchants must be diligent in protecting their business against fraud and disputes.
Best practices include...
- Ensure the cardholder billing statement name exactly matches your DBA (doing business as) name to limit confusion and cardholder disputes.
- Include your phone number on the cardholder billing statement.
- Ensure the required MCC (merchant category code) or SIC for each
product matches the product delivered.
- Implement AVS (address verification service).
You want to verify
the billing address, not the shipping address. The best practice is to ship to the cardholder address that matches a positive AVS match response.
- Check CVV2 codes to make sure your your customers have their cards in their possession. CVV2 no match transactions are 5 x more risky.
- Ship to the billing address if possible and get
your customers to sign for receipt. Be suspicious of customers requesting that merchandise be sent to another state or country that is not their billing address.
- Be suspicious of customers wanting to use numerous cards, especially when the cards all have the same first six digits. This means that all of the cards were issued by the same bank. The “customer” has most likely obtained a list of cards from that bank and they are fishing to see which ones will get approved. Remember, it is not uncommon for a person to have multiple credit cards – each from a different bank – but it makes no sense that a person would have numerous credit card accounts with the same bank.
- Be cautious on phone orders coming from a person using a special phone system designed to assist the hearing impaired and complete thorough due diligence to verify that the transaction is legitimate. Unfortunately this system is abused to commit fraud and merchant’s sympathy may cloud judgement.
- Clearly state up front what you are selling, as well as what your
billing, return, and shipping and out of stock policies are. Do not
policies deep within your site. Be open and up front.
- Have your customers type their Initials as evidence that they have read and agree to your return policies. However, note that if you maintain a limited refund policy such as "No refunds / All Sales Final" the product or services is still expected to work as advertised and be what was ordered otherwise merchants may still face "Not as Described" chargebacks.
- Display both customer service phone numbers and email service addresses
in prominent positions and promote their use by customers with questions
about their order or product.
- Be cautious of first-time orders with large quantity and overnight
delivery request. If you are dealing with a new customer, especially one who is placing a large order, take a few extra steps to try to verify the legitimacy of the person or business. For example, check to see if they are listed in the phone book using a service like www.whitepages.com that offers a “Reverse Search” that allows you to enter a phone number or address to see if that person or business is listed.
- When taking cardholder information, ask for card type not just card
number. Fraudulent use may result in someone with a card number, not
the card and who doesn't know the type of card they have.
- Always obtain and submit actual valid expiration dates. Mask these as xx/xx on printed receipts.
- Use caution when processing International Orders. Fraudulent transactions that originate overseas are on the rise.
International transactions have an 8x higher fraud rate.
- Build internal fraud avoidance files that track fraud by monitoring normal purchasing patterns and red flag those that are abnormal and consider external fraud screening tools.
- Consider implementing Verified by Visa and MasterCard SecureCode.
- Watch for repeat orders in a short period of time. Fraud transactions
will send a trial balloon transaction and if accepted will use this
card to move in for the kill.
- Watch free email accounts. They are commonly used by those who
wish to hide their identity. Be suspicious of customers who will only communicate with you via email. Take a minute to contact the customer on the phone and verify the order. This is not a guarantee that the person is not trying to commit fraud but a lot of times perpetrators will not give a merchant a valid phone number to reach them.
- Monitor retrieval request and chargebacks and respond quickly with as much evidence as possible to show you delivered as ordered. A majority (40%) of all arbitration cases filed are disputes listed "Not as Described".
- Make sure your payment systems are PCI compliant to protect cardholder data and your business. Protect your reputation as a safe place to do business.
- CALL US. Make sure your employees have our phone number and instruct them to call if they are even slightly suspicious of a transaction. We will call the card issuing bank and ask them to contact their cardholder to verify whether or not the transaction is authorized.
Know your customer, properly identify the person you are dealing with, take a second look at what is being ordered and where it is being shipped. Did your customer offer you multiple cards as payment? Is the customer asking for immediate shipment? Does the transaction make sense? If not, you may have just detected a fraudulent transaction and saved yourself from taking a loss.