E-commerce transactions are vulnerable to fraud, customer disputes and chargebacks to a much greater extent than card-present ones. There are several major reasons why this is the case and the most obvious among them are that neither the merchant can physically verify the validity of the card used for payment and the authenticity of the cardholder, nor can the customer physically inspect the product she is purchasing. Then there are the potential complications that can arise from a late delivery of a purchased product or a premature posting of the transaction to the cardholder’s account that are typically not an issue in payments accepted in a face-to-face setting.
It is unlikely that we will ever be able to bring e-commerce risk down to brick-and-mortar levels, but we can certainly take measures to make it tolerable. Listed below are eleven specific best practices that you should adhere to when accepting credit card payments on your website. Make them part of your sales process and you will see fewer chargebacks and fraudulent transactions.
11 Steps to Processing E-Commerce Transactions
1. Obtain the cardholder’s name, address and phone number. If the shipping address is different from the billing one, make a phone call to your customer or send her an email to verify the order. Do not proceed with the transaction until you get a satisfactory response from your customer.
2. Collect the card account information. Get the card number and brand. Most consumers, including criminals, do not know that a card’s brand can be determined by the card number, so a discrepancy here may indicate that the customer is not in a physical possession of the card. Also obtain the card’s expiration date and security code — the CVC 2, CVV2 or CID number, located near the signature panel on the back of the card (or on the front for American Express cards). The security code is another tool used to ensure that the customer is in possession of the card.
3. Enroll in Verified by Visa and MasterCard SecureCode. These services are used to authenticate cardholders who had previously enrolled in the programs. Participating merchants are protected from certain fraud-related chargebacks, even when customers have not enrolled.
4. Always use Address Verification Service (AVS). The AVS allows you to verify a cardholder’s billing address with the issuer. Perpetrators of fraud often do not know the account’s correct billing address.
5. Authorize every transaction. All e-commerce transactions must receive an authorization approval.
6. Avoid using voice authorizations. These cannot be used as supporting evidence in chargeback re-presentments.
7. Do not use forced authorizations. Forced is a transaction which, after an authorization request has been declined, is key-entered by the merchant. Do not do it, nor should you make repeated authorization requests in the hope of eventually receiving an approval.
8. Ship within seven days of receiving the authorization approval. If unable to do so, make a new authorization request.
9. Inform your customer of the expected delivery date. If the purchased merchandise or services are not delivered to the cardholder at the time of the transaction, inform your customer of the delivery method and (expected) date. If the delivery is running late, inform your customer immediately and provide a new delivery date.
10. Deposit transactions after the product is shipped or delivered. In card-not-present environment, the transaction date is the date on which the product is shipped, not the one on which the payment is accepted. Make the deposit within three days of the shipping (transaction) date.
11. Use the original authorization number for your deposit and refund transactions. Doing so eliminates the possibility of depositing refunds for sales transactions for which an authorization approval has not been received and which should not have been processed. This is a great fraud-prevention measure.
This is a very short list and there are many other items that can be added to it. However, if you only stick to these eleven best practices, you will be in good shape and have far fewer chargebacks, customer disputes and fraudulent transactions to deal with.
As you gain experience and your business grows, it would be a good idea to start building an internal negative file, set up velocity limits and controls, implement fraud screening and other risk management best practices.
Image credit: Giornalemetropolitano.it.