Listed below are fifteen concrete steps that merchants operating in a card-not-present environment should incorporate into their e-commerce risk management systems. If implemented correctly and consistently, these suggestions will help you process card-not-present transactions securely and will substantially reduce customer disputes and fraud-related chargebacks.
- Educate and train your staff on e-commerce risk. The extent of your risk exposure largely depends on your business policies, operational practices, the fraud detection and prevention tools you have implemented, security controls, and the types of products and services that you provide. Everyone in your organization should understand the risks associated with online transactions and be able to follow your established risk management procedures.
- Find the right payment processor. The right credit card processing company will provide effective risk management support and help you understand the specific e-commerce fraud risk and liability. Adequate customer data protection capabilities are also something you will want to consider when making your selection.
- Create essential website content. Your website must include and prominently display your privacy, shipping, return and refund policies. It must be reliable and to provide customers with easy and simple navigation. Placing links to these policies in the footer of your website will make them present on every page.
- Focus on risk reduction. A well designed sales order process will help you address a number of risk concerns. You should indicate or highlight required transaction fields in your online payment acceptance form and verify card and cardholder information that you receive from your customers over the internet.
- Develop internal fraud prevention structure. The profitability of your e-commerce organization depends on your internal strategies and controls for minimizing fraud. A risk management structure, combined with adequate transaction controls, will help you avoid fraud-related losses.
- Use fraud prevention tools. There are a number of fraud prevention tools to help reduce your risk exposure. The most widely used among them are the Address Verification Service (AVS), the Card Security Codes (CVV2, CVC 2 and CID), Verified by Visa and MasterCard SecureCode.
- Build a fraud screening process. When adequately implemented, the screening of online card transactions can help you minimize fraud for large-ticket items and for high-risk transactions.
- Protect your merchant account from intrusion. Implementing proactive measures can minimize the risk of criminals gaining access to your shopping cart or payment gateway and making fraudulent fund deposits.
- Participate in Verified by Visa and MasterCard SecureCode. The two fraud prevention tools enhance security by requiring cardholders to authenticate themselves by entering a password during the checkout. The password is verified by the card issuer and, if correct, the transaction is allowed to be completed. Implementing Verified by Visa and MasterCard SecureCode protects merchants from fraud-related chargebacks.
- Secure the process of routing your authorizations. You must ensure that your authorization requests are submitted in a secure and efficient manner, before you can start accepting card payments over the internet.
- Establish a process for handling transaction post-authorizations. You need to set up an effective process for dealing with approved and declined authorizations before fulfilling an order.
- Ensure PCI compliance. The Payment Card Industry (PCI) Data Security Standards (DSS) provide web-based merchants with standards, procedures and tools for protecting sensitive account information. You will need reliable encryption capabilities for data transmission and effective internal controls for protecting stored card and cardholder information. You will also need to review your security measures on a regular basis.
- Minimize unnecessary chargebacks. Chargebacks result in extra processing time and costs, while hurting your profits and may result in a loss of revenue. By carefully tracking and managing chargebacks, you will be able to set up concrete procedures for avoiding future chargebacks. You will also need to know your re-presentment rights.
- Monitor chargebacks. Effective chargeback monitoring mechanisms will help you detect excessive chargeback activity, identify the causes, and apply corrective measures to bring chargeback levels down. You can develop your own monitoring process or implement a third-party solution.
- Use collection efforts to minimize losses. You can utilize a third-party collection service or build your own to help recover unwarranted chargeback losses.
Image credit: Regionalobala.si.