Managing the E-Commerce Authorization Process
Tags: Address Verification Service (AVS), card security codes, e-commerce, e-commerce merchants, e-commerce risk, Electronic Commerce Indicator, fraud prevention, MasterCard SecureCode, transaction authorization, Verified by Visa
The e-commerce transaction authorization process has a significant impact on risk, customer service and operational expenses. Implementing the following best practices will ensure that it is managed effectively and will keep your chargeback level low:
- Focus on fraud prevention. When a cardholder initiates a transaction, follow these best practices:
- If you are participating in Verified by Visa (VbV) or MasterCard SecureCode, complete the respective authentication process and provide the authentication data in the authorization request. These services add an additional security layer to help protect merchants that accept cards over the internet.
- Perform internal fraud screening. Fraud screening procedures can be developed internally or obtained from third-party vendors. There are many fraud screening products available today to help e-commerce merchants assess the risks associated with online transactions and to help you verify the validity of both the cardholder and the card. Transactions should be matched against velocity parameters, high-risk locations and internal negative files. Transactions that raise suspicions should be subjected to a further review.
- For transactions that pass your internal scrutiny, you should obtain authorization from the card issuer. The authorization should include Address Verification Service (AVS) and Card Security Codes (the 3- or 4-digit codes on the back or front of credit and debit cards) to help determine whether the card issuer or you should decline the transaction.
- The Address Verification Service (AVS) is a risk management tool that enables merchants accepting card payments in a non-face-to-face environment (e.g. e-commerce, mail order and telephone order [MO / TO]) to verify the validity of the billing address provided by their customers by comparing it to the one on file with the card issuer. Using AVS helps card-not-present merchants minimize fraud and fraud-related chargebacks.
- The Card Security Codes (CVV2, CVC 2 and CID) were introduced to help e-commerce and mail order and telephone order (MO / TO) merchants verify that their customers are in a physical possession of their cards at the time of the transaction. It is a feature that all major payment gateways support and your payment processing provider should make it available to you.
- If you are using a third-party fraud screening service, obtain a fraud score for these transactions that have not yet been declined by you or the card issuer. The fraud score provides the probability that a transaction may be fraudulent. Evaluate the costs and benefits of fraud scoring for low-risk transactions. For many merchants it will not be cost-effective to obtain fraud scores, internal or third-party, for every single transaction.
- Use the correct Electronic Commerce Indicator (ECI) for all e-commerce transactions. The ECI identifies the transaction as “e-commerce” and helps acquirers to differentiate internet merchants from other merchants. All online transactions should be identified with the correct ECI, entered into the appropriate field of the authorization and settlement messages.
- Obtain a new authorization if the original one expires. If your business sells products online and if the products are shipped to your customers more than seven days after the original authorization was obtained (i.e. back order), you should obtain a new authorization before proceeding with the shipment. This practice is required by Visa and MasterCard and implementing it will help protect you from chargebacks due to no authorization.
Says:
May 19th, 2010 at 9:43 am
[...] daily monitoring of authorizations and transactions. In particular, you should check daily for the [...]
Says:
May 22nd, 2010 at 6:01 pm
[...] authorization for card-not-present transactions. Obtaining an authorization is part of the process of verifying the cardholder’s identity and the validity of the [...]
Says:
May 27th, 2010 at 8:00 pm
[...] the process of routing your authorizations. You must ensure that your authorization requests are submitted in a secure and efficient manner, before you can start accepting card payments over [...]
Says:
May 29th, 2010 at 6:23 pm
[...] amount exceeds the actual cruise costs. In some cases, the previously estimated amount for which authorization was approved will exceed the actual cost of the cruise. In such cases, you will need to submit an [...]
Says:
May 30th, 2010 at 11:05 am
[...] and the response is seen on the terminal’s screen. In e-commerce transactions, however, the authorization response can take longer to be generated and displayed on the customer’s computer screen and he or she [...]
Says:
May 30th, 2010 at 11:28 am
[...] merchant is required to request authorization if the amount of the advance deposit exceeds $50. If the result of the authorization call is [...]
Says:
May 30th, 2010 at 1:05 pm
[...] in MasterCard SecureCode, the card issuer provided the UCAF data for this transaction, all other e-commerce authorization request message and clearing requirements were satisfied, and the authorization request response [...]
Says:
May 30th, 2010 at 4:41 pm
[...] the CVC 2 is not included in the authorization [...]
Says:
May 30th, 2010 at 5:25 pm
[...] is approved by an issuer indicates that the credit card account is in good standing. However, the authorization approval is not a proof that the legitimate cardholder is making the purchase, nor is it a [...]
Says:
May 31st, 2010 at 10:35 am
[...] generate. Standard authorization procedures should be followed for the extension period. If the authorization is declined, you should contact the customer and request an alternative payment [...]
Says:
May 31st, 2010 at 3:41 pm
[...] authorization system will send all transactions identified as self-service terminals in the authorization request message to the card [...]
Says:
May 31st, 2010 at 4:35 pm
[...] The gateway collects the payment information and sends it, securely encrypted, to the processing bank for authorization. [...]
Says:
May 31st, 2010 at 4:48 pm
[...] identify IFC services or products with the most appropriate merchant category code (MCC) in the authorization message and merchant business code (MCC) in first presentment messages. If an airline also acts as the [...]
Says:
May 31st, 2010 at 5:13 pm
[...] submitted an AVS query during the authorization process and received a “U” response from a U.S. card issuer. This response means that the card [...]
Says:
May 31st, 2010 at 5:29 pm
[...] messages in card-not-present environment. The Recurring Payment Indicator is required in all authorization and clearing records. Recurring transactions are typically lower risk than single transactions and [...]
Says:
June 1st, 2010 at 7:25 pm
[...] not submit the transaction for authorization until the card number passes the Mod 10 [...]
Says:
June 4th, 2010 at 9:34 am
[...] the originally authorized amount exceeds the final transaction amount, you will have to submit an authorization reversal for the [...]
Says:
June 4th, 2010 at 6:13 pm
[...] cards are presented. When multiple cards are presented for payment in a single transaction, and an authorization is obtained for the portion of the transaction charged to a credit or debit card at [...]
Says:
June 6th, 2010 at 12:47 pm
[...] biggest gap in Lagorio’s review, however, is perhaps the failure to explain what gateway authorization fees are and how they differ from the other per-transaction fees that merchants are charged. The [...]
Says:
June 7th, 2010 at 5:43 pm
[...] Transaction authorization. All card-not-present transactions have a floor limit of zero, which means that they all require authorization. Always obtain authorization before completing a transaction and take into account the authorization result code. [...]
Says:
June 8th, 2010 at 4:40 pm
[...] Address Verification Service (AVS) and Card Security Code (CVV2, CVC 2 or CID) requests with the authorization. For internet transactions, also use Verified by Visa or MasterCard SecureCode, where applicable, [...]
Says:
June 9th, 2010 at 5:52 pm
[...] and clearing records. Depending on the CAT level indicator, other specific data is required for authorization and [...]
Says:
June 10th, 2010 at 6:11 pm
[...] entire process, from authorization to settlement, takes approximately 2-3 business [...]
Says:
June 16th, 2010 at 7:05 pm
[...] D, M. Generally speaking, you will want to proceed with transactions for which you have received an authorization approval and an “exact [...]
Says:
June 30th, 2010 at 6:56 pm
[...] Electronic Commerce Indicator (ECI) for all online transactions. The ECI must be included in the authorization and settlement message and it identifies the transaction as [...]
Says:
July 1st, 2010 at 10:34 am
[...] transaction and ask your customer for an alternative payment method. Do not try to circumvent the authorization system as you will probably lose your chargeback re-presentment [...]
Says:
July 2nd, 2010 at 9:41 am
[...] request additional information if it decides that the transaction requires further scrutiny. The authorization process protects both the merchant and the issuer from fraudulent transactions and chargebacks. Merchants [...]
Says:
July 9th, 2010 at 9:17 am
[...] fraud and you should still examine the transaction for fraudulent characteristics. Remember that an authorization approval will not protect you against fraud-related chargebacks. If the response is a decline, you should [...]
Says:
July 16th, 2010 at 9:21 am
[...] authorization approval for each card-not-present transaction is key to minimizing such chargebacks. You should [...]
Says:
July 16th, 2010 at 6:30 pm
[...] chargeback level low: Focus on fraud prevention . When a cardholder initiates a transaction, … Read More RECOMMENDED BOOKS REVIEWS AND OPINIONS Charity retailer transforms staff [...]
Says:
July 18th, 2010 at 1:24 pm
[...] all transactions. Authorization is the process by which a card issuer approves or declines a payment card transaction. The floor [...]
Says:
July 22nd, 2010 at 7:38 am
[...] for transactions that exceed your floor limit and technology has made this easier. Today authorization requests are sent out automatically by most POS terminals and, if approved, a sales receipt is printed out. [...]
Says:
August 10th, 2010 at 9:39 am
[...] Cancellation or change of authorization. If a previously authorized sale is canceled or its amount changes, you have to call Discover and request a cancellation of the authorization. An authorization can be canceled within 8 days of receiving it. You will have to provide the following information when canceling an authorization: [...]