If you operate a retail or e-commerce business, accepting all major credit cards and electronic checks is a required method of customer payment. However, when deciding to accept electronic payments, business owners must also consider the potential cost of fraud. Studies have shown that both traditional and online merchants have lost billions in fraudulent transactions. Today, technology provides proven methods to identify and prevent fraudulent transactions.
Fraud can take many forms. It goes without saying that fraud is bad for business. If you process a fraudulent customer order when you learn their credit card was stolen, you have already shipped the product. Fraudulent orders generally result in a chargeback from the customer’s credit card to your business. Unfortunately, at that time, you have delivered and lost your product, you have lost the income from the sale and to top it off; you will receive a chargeback fee from your credit card processor. I am sure we can agree that there is a great need to identify and stop a fraudulent order before delivering your product. Fortunately for the merchant, there are many steps and processes that can be implemented to reduce and eliminate credit card fraud.
10 WAYS TO REDUCE CUSTOMER CREDIT CARD FRAUD
1. Address Verification Service (AVS) – it is a simple and easy process to implement to decrease your chances of accepting a stolen credit card. When you process a credit card transaction; be sure to capture the cardholder’s billing address and zip code. Manual no-swipe transactions (Internet and MOTO) will require you to capture cardholder information. However, card-present (swipe) transactions will not. Once you enter the billing address and zip code of the cardholder, you are ready to process the sale. Your point of sale system will verify AVS with the card issuing bank. You can receive a street address only match, a postal code only match, or a street address and postal code match. If you do not receive a match from AVS, you should consider declining the transaction. Approximately 80% of fraudulent transactions in the US are AVS mismatches. Note that most AVS systems can be configured, so be sure to check the AVS settings. Implementing AVS can have a major impact on reducing credit card fraud.
2. Card verification (CVV / CVV2) – is similar to AVS. CVV is the 3-digit code found on the back of a credit card (4 digits for American Express). Like AVS, CVV is entered at the point of sale. The card issuing bank verifies the cardholder’s CVV code when the credit card sale is processed. If you do not receive a matching CVV, you should consider declining the transaction. Online merchants must make CVV a required field.
3. Use a threshold management service – Threshold management allows the merchant to set parameters for the transactions he will accept. For example, transactions can be analyzed based on the amount of money charged per transaction, the number of transactions charged, the frequency of transactions, the average user ticket, etc. Transactions that are flagged as a possible fraudulent transaction will require additional review by the merchant. Threshold management services are often available as ancillary services.
Four. Browse free email account orders – Scammers and thieves like to hide. One of the easiest ways to hide the identity of a thief is to use a free email account. Most fraudulent transactions use a free email service. Merchants should not reject all transactions from a free email service. However, you may want to provide those requests with more scrutiny.
5. Examine orders with a different shipping address than the billing address – The thief with the stolen credit card may have the owner’s billing address and zip code. If so, you will receive a match from AVS and CVV on your order. However, to receive their product they will request that the order be sent to a different address. Merchants should review all orders with a different shipping and billing address. If the shipping to the address is a foreign country, please pay even more attention to the order.
6. Browse international orders / foreign credit cards – If your business model requires you to ship to foreign countries, you must obtain an international merchant account. Since non-domestic orders have a higher fraud rate than domestic orders, having an international merchant account will provide you with a higher level of protection. In addition, an international trading account will allow you to settle in the local currency. If you need a domestic and international merchant account, you must use a load balanced payment gateway. Load balancing provides the merchant with the ability to use multiple merchant accounts under a single payment gateway account.
7. Understand that an authorization code does not mean that your credit card is not stolen. – An authorization code is provided when the transaction is approved. However, an authorization code simply means that the credit card is valid and has the credit available to process the transaction. Ultimately, as the business owner, it is up to you to decide whether to accept or decline the transaction.
8. Use an early fraud protection service – Advanced fraud protection services allow the merchant to block transactions by IP address, country of origin and other fraud filters. Advanced fraud protection services are often available as an additional service.
9. Use a PCI compliant data storage service – Merchants with a requirement to store customer credit card details must use a PCI compliant data storage service. PCI compliant data storage service merchants to transmit and store customer payment information in a PCI Level 1 certified data facility. Once the customer record has been securely transmitted and stored, the merchant can initiate transactions remotely without having to directly access credit card or electronic check information. This process is accomplished without the merchant storing the customer’s payment information in their local database or payment application.
10. Review and implement PCI policies (payment card industry standards) – Merchants can review PCI standards online at pcisecuritystandards.org. If you are using a PCI compliant POS solution and you are not storing payment data, you are already in good shape. However, merchants should contact their merchant account provider for more information.
Fraud prevention is a necessary activity for traditional and online merchants. Exposing your business to fraudulent transactions and high chargeback rates is bad for business and could cause you to lose your merchant account. Leading real-time payment gateway services provide advanced fraud protection tools. However, many fraud prevention techniques can be implemented at no additional cost.
Main real-time payment gateway services
1. Planetauthorize (US domestic and international)
2. Authorize.Net (US national)
3. PlugnPay (US domestic)
4. Skipjack (US national)
5.eProcessing Network (US national)