Q: I got hit with a few large chargebacks last year from fraudulent sales at both my store and on my website. Could you give me an update on all the ways I can prevent credit card fraud at my store and website so I can avoid those losses in the future?
A: Sure, fraud stings and we never want to make the same mistake twice. First, let’s make a distinction between Card Present and Card Not Present transactions in terms of fraud exposure. When a brick and mortar retailer accepts a credit card, it is swiped (Card Present), the charge is authorized, and the merchant will get paid, even if a stolen/fraudulent card is used.
Even if the card does not swipe at the point of sale (bad magnetic swipe), as long as you take a physical imprint of the card to prove the card holder was indeed “present,” you will be protected in a fraud situation.
However, liability for fraud shifts from the card issuer to the merchant for Card Not Present sales (mail order, telephone/fax order, and internet sales). The merchant is generally liable for credit card charge backs, even when the bank has authorized the transaction.
Credit card fraud is something that can never be completely eliminated, but rather something that must be managed through best practices at the merchant level. You must develop a delicate balance between using safeguards to prevent fraud and not creating too many hoops for customers to jump through.
Let’s focus on a few preventative methods and procedures that can you can perform to limit credit card fraud.
Just because you get an “Authorization” does not mean you are safe.
Authorization approval does not mean that the merchant is guaranteed payment. Approval only indicates that at the time the approval was issued, the card hasn’t been reported stolen or lost, and that the card credit limit has not been exceeded. If someone else is using the credit card number illegally, the card holder has a right to dispute the approved charges, i.e. chargebacks.
Always get an Address Verification (AVS).
Address Verification is a simple and easy to implement process to decrease your chances of accepting a stolen credit card. When you process a credit card transaction; make sure you capture the card holder’s billing address and zip code. Manual non-swipe (Internet and MOTO) transactions will require you to capture card holder information. However, card present (swipe) transactions will not. Once you capture the card holder’s billing address and zip code you’re ready to process the sale.
Always use Card Verification Methods (CVM).
Car Verification Value (CVV) is the three-digit code on the back of a credit card (four digits for American Express). Like AVS, CVV is entered at the point of sale. The card holder’s CVV code is verified by the card issuing bank when the credit card sale is being processed. If you do not receive a CVV match you should consider declining the transaction. Online merchants should make CVV a required field.
Since most fraudulent transactions result from stolen card numbers rather than the actual theft of the card, a customer that supplies this number is much more likely to be in possession of the credit card.
Be wary of different “Bill” and “Ship To” addresses.
Require anyone who uses a different “ship to” address to send a fax/email with their signature and credit card number authorizing the transaction. Use Google to search for the numeric street address, street name, and zip code. AnyWho.com integrates telephone numbers, maps, and e-mail addresses. Check for bogus billing addresses like 123 Main Street. Use resources like maps.yahoo.com to see if the address can be verified. If the billing and shipping addresses are different, request telephone numbers for both addresses.
To ship or not to ship…Create your own e-commerce criteria or merchant rules.
Some e-commerce merchants feel this is the best method to catch fraud. The merchant sets up rules to stop or flag specific orders for review. For example, the merchant could set up rules to review all orders from a specific IP address, specific country or if a certain dollar amount is exceeded, or shipping to a specific address. This method may flag valid customers for review, but it will reduce repeat or pattern-specific types of fraud. If the IP address is dynamically assigned by an ISP, a legitimate order could be delayed or rejected.
Ask for copy of credit card and driver’s license.
When a credit card order is received by fax, phone or Web, require the customer to also fax/email copies of both sides of the credit card. This at least provides proof that the customer has possession of the credit card at the time of the order. You could also require a copy of their state-issued ID, or drivers license. It also provides additional proof the person authorized the purchase, preventing a chargeback.
Be extra careful with International Orders.
You must weigh the financial benefits of accepting international orders against the possibility of fraud. Merchants who always refuse any foreign orders could be missing potential good sales. The merchant also needs to perform their checks before orders are shipped.
It is very difficult to apprehend fraudsters or retrieve goods after they have left the country. Always require closer inspection for orders that being shipped to an international address. Pay more attention if the card or the shipping address is in an area prone to credit card fraud.
Check if mailing address is a mailbox or “ship-forward” service.
Fraudsters prefer to stay untraceable but still need to collect physical merchandise. One way is to use a public P.O. box, a private mailbox, or a drop shipment forwarding address as a temporary point of receiving. Never send merchandise to a public rented mailbox, a P.O. Box (except for those you identify as legitimate major companies by phoning their listed number), or shipping forwarder, because the actual location and identity of the receiver is undetectable.
The easiest and best technique: pick up the phone and call the customer.
If you’re suspicious, pick up the phone and call the customer to confirm the order. It will save you a lot of time, and money, in the long run. Calling customers is not only an excellent way to detect fraud, but it can also be a valuable part of your customer service. The telephone call also gives the merchant the opportunity to welcome the customer, answer their questions, and build a solid relationship.
Michael Dattoma is President of The Bart Group Retail Merchant Services in New York. Michael has been consulting with specialty retailers for over 20 years. The Bart Group Retail Merchant Services delivers broad expertise to Independent Specialty Retailers in areas including Payment Processing, PCI Security Compliance, POS Inventory Control, as well as Mobile Marketing and Social Media. Michael and his team advocate for independent specialty retailers to help empower them with the resources, tools and expertise to thrive in an increasingly competitive marketplace.
Ask Michael about payment processing and PCI security
Note: MRketplace collects promotional fees from site experts.