E-commerce transactions, as well as all other transactions carried out in a card-not-present environment, are inherently riskier than face-to-face transactions and typically generate higher rates of fraudulent activity. Merchants operating in the virtual domain lack the advantage that their physical counterparts enjoy of accepting physical cards, presented by cardholders in person. A face-to-face setting allows for the inspection of the card and, if there are suspicious signs, of the cardholder as well. E-commerce, mail order, telephone order and other card-not present merchants cannot do that. Yet, the good news is that there are a number of fraud prevention services which, if combined with following a set of fraud prevention guidelines, will help merchants significantly decrease their fraud rates.
Following is a list of guidelines to help card-not-present merchants prevent fraud:
- Authorize all transactions. Authorization is the process by which a card issuer approves or declines a payment card transaction. The floor limit for all card-not-present transactions is zero, which means that you should request an authorization for every single one of them, no matter what the transaction amount. The authorization occurs when the cardholder account’s information is submitted online or over the phone. Not obtaining authorization leaves you helpless against both fraud and customer disputes.
- Obtain the cards’ expiration dates. You should always ask your customer to provide his or her card’s expiration date. It is another way to verify that the customer is in a physical possession of the card at the time of the transaction.
- Request the card verification codes. Card verification codes are numeric codes that are unique for each payment card. Visa, MasterCard and Discover use three-digit verification codes that are printed on the signature panel on the back of the cards. American Express cards have four-digit codes that are located or the front of their cards. Card verification codes were implemented by the card companies and associations specifically to help card-not-present merchants verify that their customers are in actual possession of the card at the time of the transaction. Merchants should never store card verification codes in their systems. It is prohibited by the Credit Card Associations and violators may be assessed significant fines. Moreover, card verification codes change every time an account is updated and a new card is issued.
- Use the Address Verification Service (AVS). AVS enables merchants that accept card-not-present transactions to compare the billing address (the address to which the card issuer sends its monthly statement for that account), provided by a customer with the billing address on file with the card issuer before processing a transaction. After comparing the provided address with the one they have on file for their cardholder, the card issuer responds by issuing an AVS Response code. Address verification and transaction authorization occur simultaneously and, within seconds, the merchant receives both results.
Merchants who use the above listed services and implement the suggested best practices into their fraud prevention procedures on a continuous basis will see their fraud rates go down and stay down. Customer disputes and chargeback levels will also be greatly reduced. This will result in lowering your overall processing cost and freeing up a lot of customer service time, allowing you to spend more time addressing issues that real customers have.
Image credit: Homecaregenerations.com.