There isn’t a simple way of preventing credit card fraud. It takes unremitting effort and an arsenal of assorted of tools to stay ahead of the bad guys. First, however, you need to learn the basics of credit card processing and understand the inherent fraud risks.
E-commerce and mail order (MO) and telephone order (TO) businesses are more vulnerable to fraudulent attacks than physical retailers. The information below will help you determine exactly where your organization’s soft spots are and what you need to reduce fraud risk.
When accepting credit cards for payment, request that your customers provide the following information and ensure it is valid:
- Cardholder name, exactly the way the name appears on the card.
- Card account number — 16 digits.
- Card expiration date — four digits (MM / YY).
- Card security code — three-digit number located in the signature panel on the back of Visa, MasterCard and Discover cards or a four-digit number located above the account number on the front of American Express cards. Security codes ensure that the card is in the possession of the cardholder at the time of purchase.
- Card billing address along with the shipping address (when different).
- Home, business or other telephone number where the cardholder can be reached.
- Request and validate the card security code. Submit the validation request with the electronic authorization request or when calling the voice authorization center.
- Verify the customer’s billing address with the Address Verification System (AVS), either electronically or by phone.
- Check your delivery service contract for who is responsible if the merchandise is not delivered.
- Get a signature for each delivery. A signature from the cardholder will give proof that the he or she received the shipment.
- Keep all delivery records.
- All authorization declines are final. Do not force through any transactions for which you have received a declined response to your authorization request.
- If the sale is on a credit card, do not refund in cash or by check or on another card. Refund sales on the same card account that the purchase was made on.
- Include your “Doing Business As” (DBA) name and customer service number on the cardholder’s transaction statement.
- Clearly communicate any and all delivery charges, restocking or other fees.
- Clearly explain any return policies and offer documentation of this policy with each sale.
- When working to resolve a chargeback, document all efforts to satisfy the customer.
- Respond to all chargebacks, even the small ones.
- For duplicate sales, or installment plans, unless otherwise stated, require an authorization for each sale.
For each transaction:
Vulnerable businesses lacking adequate data security are one of the primary sources of illegally obtained credit card information that is later used in fraudulent transactions. You will need to develop an information security strategy for your business. At the very least, you will need a Secure Sockets Layer (SSL) Certificate, firewall, cryptography tool and anti-virus software. Compliance with the PCI Data Security Standard is now mandatory.
What data protection tools have worked for you? Do you have a 20th step to preventing e-commerce fraud? Share your experience in the comments.
Image credit: VK.com.