How to Manage the E-Commerce Check-out Process

The check-out page is among the most underrated parts of an e-commerce website. Many merchants feel like by the time a customer is taken to the check-out, the sale is complete and they can move on. Well, this is not exactly the case. The check-out form is very much a part of the sales process and not even the end of it. The sale is not complete until all necessary transaction information is collected, verified and processed successfully. After all, what good is there in a sale that comes back a week or two later as a fraud or chargeback?

The e-commerce check-out process should be designed in a way that allows merchants to collect all information that is needed to verify the validity of both the card and the customer and then to make a well-informed decision on how to proceed with the transaction.

Required E-Commerce Check-out Data Fields

The check-out process begins with the customer filling out a payment form. In order to enable you to verify the validity of the transaction and to identify high-risk orders, customers must be required to populate the following data fields:

• Cardholder name and billing address. If needed, the cardholder’s name and billing address can be verified using reverse directory services.
• Card number and expiration date. These will be verified during the authorization process.
• Shipping name and address. If these are different from the billing information, the transaction’s risk level increases greatly. You have the option of not accepting orders if shipping and billing data don’t match, but this is a bit too drastic of a solution.
• Telephone number. As with names and addresses, if needed you can validate phone numbers using reverse directories.
• Card security codes. These are also referred to as card verification or validation codes. For Visa, MasterCard and Discover, security codes are the three-digit numbers located in the right corners of the signature panels on the back of the cards. For American Express, security codes are the four-digit numbers located above the account numbers on the front of the cards. These numbers are used to verify that cardholders are in physical possession of their cards at the time of the transaction. Merchants are not allowed to store security codes, which makes it very difficult for hackers to obtain them, even if other account data are compromised.

If the customer leaves any of the above fields blank, your system must be designed to prompt him to fill it out, before the transaction information can be processed. You may also want to ask for an email address. Although its validity cannot be verified, a free email address is higher-risk than a paid one (like a business email). Additionally, you can ask for the card’s brand and check whether the first digit of the account number corresponds to the brand’s allocated one. For example, the first digit of a Visa card is always 4, for MasterCard it is 5, for American Express it is 3 and for Discover it is 6.

Editing of Check-out Information

If your customer submits incomplete or erroneous information or if the response to your authorization or security code validation request is negative, your system should prompt him to edit the data in real time. More specifically, you should:

• Immediately display in your customer’s browser which required information fields are incorrect or incomplete. You can do that by highlighting the fields using for example a different color, bold font or an asterisk.
• Request that your customer corrects the information if it was incomplete or not provided in the required format.
• If corrections are needed, allow editing of the incomplete fields, while saving all correct information. You can very easily annoy legitimate customers if you send them back to the check-out form and have them fill it out all over again, just because they have made a single error.

Additionally, you should specify the number of corrections a customer is allowed to make, before the system locks him out. You need to do that to prevent criminals from trying to guess a particular piece of information they have not been able to obtain.

Image credit: Smsintel.ru.