Merchants accepting credit cards online, over the phone or otherwise in a card-not-present environment have a much more difficult job verifying the payment information provided by customers than their counterparts operating brick-and-mortar stores. Consequently, risk exposure and processing fees are correspondingly higher in virtual payment settings.
Risk Exposure in Card-not-Present Transactions
There are two major factors that determine the level of risk exposure for card-not-present merchants: fraud and chargebacks. It is ultimately the merchant who bears the financial liability for processing fraudulent transactions and ones that are subsequently charged back. Developing a solid process for verifying the payment information provided by the customer at the checkout goes a long way toward limiting your risk exposure.
The verification of payment information consists of two separate, although interrelated processes: cardholder authentication and card validation. We have written in some detail on how to verify the authenticity of a payment card and will no doubt be doing so again in future posts, but in this article I will focus on verifying cardholder information.
Fraud Screening and Scoring
Before we dive into the verification procedures, I’d like to say a few words about screening and scoring transactions. Screening is an automated mechanism for identifying high-risk transaction characteristics and suspending the processing of such payments. Fraud scoring is the process of rating the highest-risk card-not-present transactions that need to be additionally examined.
You will need to either develop your own or implement third-party fraud screening and scoring solutions. The reason you need them is that these processes will increase the efficiency of your fraud prevention strategy by helping you concentrate your efforts on these transactions that are most likely to be fraudulent, rather than evaluating all of them.
5 Steps to Verifying Cardholder Information
Virtually all information provided by a customer at the checkout can be verified, to one degree or another. Here is how you can do this (I am assuming that you have implemented fraud screening and scoring mechanisms):
- Verify land-line and cell phone numbers. Check the land-line number’s area code and telephone prefix (the first three digits after the area code) and make sure that they are valid for the provided city and state. However, many consumers no longer use land-lines, so cell phones will often be the only option. Even though the above characteristics are much less applicable to cell phones, you should still call the provided number when there is a discrepancy.
- Check the ZIP code. There are many directory services you can use to verify that the entered ZIP code corresponds to the provided city and state. You may want to consider allowing customers to override error alerts, as information may have been recently updated.
- Validate the email address. You should be sending order confirmations to your customers’ email addresses. If the email is returned as “undeliverable,” this can be a sign of fraud. Very few customers provide wrong email addresses at the checkout, because they want to be notified of their order’s status.
- Call the issuer. If you suspect fraud or unauthorized card use, you can call the card issuer directly and:
- Verify the name, address and phone number the issuer has on file for their cardholder.
- Check if the cardholder has recently changed their address.
- Call the cardholder. If you have not been able to verify the information, call the cardholder at the number on file with the issuer and ask them whether or not they have placed the order.
The above verification procedures can be very time consuming, which again is the reason you should implement fraud screening and scoring. You don’t want to be verifying information for transactions that are unlikely to be fraudulent in the first place. Additionally, you don’t want the verification process to be costlier than the potential loss.
Image credit: Magnoliahotelsalou.com.