Inside the Black Hole

Whenever a cardholder does not recognize a particular transaction on her statement, she will typically call her card issuer and file a dispute. The issuer’s representative will ask questions to establish exactly what the cardholder is disputing: the transaction amount, or the validity of the entire transaction. The issuer may ask the cardholder to contact the merchant directly and try to work out the issue or may facilitate a conference call with the merchant and the cardholder. If a phone call cannot resolve the dispute, the issuer will request, on its cardholder’s behalf, that the merchant provide a copy of the transaction’s sales receipt as a proof of its validity.

The merchant typically has 30 days to provide it. The transaction receipt must provide the following information:

• Merchant name and location.
• Merchant online address (if applicable).
• Transaction date.
• Description of goods or services sold.
• Payment method used.
• Transaction type: purchase (sale) or credit.
• Authorization code.
• Transaction amount.
• Cardholder signature (if applicable).
• Return / refund policy (optional).

Merchants should respond to all transaction copy requests they receive in a timely manner. If you do not respond within the 30-day time frame you will lose the dispute, regardless of whether the transaction was valid or not.

Transaction copy requests are the first stage of the chargeback cycle and as such, you should keep them to a minimum.

Keeping copy requests to a minimum helps merchants lower their chargeback levels and achieve higher profitability. The following best practices will help you achieve this goal:

• Use the right billing descriptor. Billing descriptor is the way your company’s name appears on your customer’s credit card statement and we have written about it in detail in a separate article. Cardholders must be able to look at their statements and recognize transactions the participated in at your store. You will need to contact your merchant account provider and make sure that your billing descriptor is set up correctly.
• Make sure that your business name is legible on your sales receipts. You need to make sure that your company’s name, address and phone number are accurately and legibly printed on your transaction receipts. Your company’s information details should not obstruct the transaction details. For best results, you should keep the white copy of the sales receipts for you and give the customer the bottom one. Change the printer cartridges as soon as the ink begins to fade and the printer paper should be replaced as soon as the colored streak appears.
• Train your sales staff. Many transaction copy requests can be prevented if your sales staff is adequately trained on your payment processing procedures. Instruct your sales staff to:
  • Follow proper card acceptance procedures.
  • Review each transaction receipt for accuracy and completeness.
  • Ensure the transaction receipt is readable.
  • For card-present sales, give the cardholder the customer copy of the transaction receipt, and keep the original, signed copy.

    
    Staff should also understand that, in the event of a dispute, your store could lose both the merchandise and the transaction amount.

• Measure your copy request volume. Visa recommends in its “Rules for Visa Merchants” manual that “your monthly copy request volume should not exceed 0.16 percent of your total Visa sales.” You should aim to keep your copy request volume below that level for all of your credit card sales. To estimate this volume, you should divide the number of copy requests by the total credit card transactions minus returns and adjustments.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

Typically, when a consumer contacts his or her credit card issuer to dispute a transaction, the bank first asks its cardholder to try and resolve the issue with the merchant. Some issuers, especially the larger ones, may assist you with your communications with the merchant. Often, bank representatives keep the customer service numbers of larger merchants readily available, so they can conference them in, when a cardholder calls with a dispute. When a dispute cannot be resolved, however, and if the issuer verifies that the complaint is not frivolous, a chargeback may be inevitable.

In order to initiate the chargeback process, the issuer will request that its cardholder provides the following types of documentation in support of his or her claim:

• Sales receipt. The card issuing bank is required by Visa and MasterCard rules to send to the processor the original or a legible photocopy of the actual sales receipt that was generated at the completion of the transaction. There are exceptions to this rule, however. For example, when the type of transaction allows the issuer to provide an electronic proof of the transaction or when the cardholder uses a personal identification number (PIN) to complete the transaction, instead of a signature.
• A written cardholder complaint (letter or form). Typically, the cardholder must produce a letter that provides specific information about his or her dispute of the transaction. Alternatively, the card issuer may provide an email message sent by the cardholder, instead of a written complaint generated by the cardholder. The written cardholder complaint certifies that the issuer has a relationship with the cardholder and that the message is a true, accurate, and complete message that the issuer received from the cardholder.
• A written complaint (letter, form, or email message) from a company or government agency representative on behalf of a corporate card cardholder for (1) non-fraudulent type of disputes and (2) no-cardholder-authorization types of chargebacks when the authorized cardholder no longer is employed by the company or government agency and the issuer has closed the account. This document provides specific information about the dispute of the transaction, including the cardholder’s name, account number, transaction date, transaction amount, disputed amount, and a statement that the complaint was written by a company or government agency representative on behalf of a corporate card cardholder.
• An Expedited Billing Dispute Resolution Process Form for non-fraudulent type disputes. This form is completed by the issuer’s customer service representative while on the telephone with the cardholder or a company or government agency representative on behalf of a corporate card cardholder. The Expedited Billing Dispute Resolution Process Form may be provided in place of a written complaint generated by or on behalf of the cardholder and may be used only for non-fraud-related chargebacks. The customer service representative signs the form or electronically prints his or her name on the form. A cardholder signature in documentation supporting these chargebacks is not required.
• Progressive cardholder documentation. This is a cardholder complaint (letter or form), created as described in the three preceding bullets of this section, that is sent as supporting documentation with an arbitration chargeback. The progressive cardholder documentation must specifically address new information or a merchant’s rebuttal that was provided with a second presentment. The progressive cardholder documentation must be dated after the issuer received the second presentment documentation.
• For chip-read transactions, the transaction certificate and related data.
• Any other documentation that may be appropriate to support a particular chargeback, second presentment, or arbitration chargeback, such as Electronic Data Capture (EDC) log, magnetic stripe-reading (MSR) terminal or hybrid terminal printer certification, merchant rebuttal, or the authorization log.

Learn how to minimize chargebacks and fraud

Learn how to minimize chargebacks and reduce your processing costs. The Chargeback Management kit contains a video and an e-book:

• E-Book – Chargeback Manual (40 pages).
• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).

Travel agencies are infamous in the payment card industry for producing some of the highest levels of credit card fraud, especially in card-not-present transactions. So infamous in fact, that most U.S.-based payment processor will not provide merchant services to new travel agencies and will go into great lengths to ensure that applicants with processing history can actually be trusted to implement adequate risk management procedures to minimize fraud, customer disputes and chargebacks.

What exactly makes travel agencies so risky and unpalatable to processors? Well, the question is more like whether there is a high-risk transaction characteristic that is missing from their sales. Travel operations tend to involve high-ticket, high-volume sales, often exclusively conducted in a card-not-present environment. These are the classical high-risk features, but travel agencies go beyond that. In most of their transactions the service is provided weeks or months after the sales date, which leaves plenty of time for even perfectly legitimate sales to deteriorate into chargebacks. So if you bought a cruise package for the summer, but a family emergency prevented the trip, you would have to cancel the transaction. Yes, you would be allowed to do that, but you would have to pay a cancellation fee. True, the cancellation fee was prominently featured in the contract that you signed, but this doesn’t make it any more enjoyable. You would still go ahead and honor your contractual obligation, but many others would do their best to avoid it, including filing a dispute with their card issuer. And if legitimate transactions can be a source of disputes, what about the fraudulent ones?

Yes, the high levels of fraudulent transactions have not done much to improve the status of travel agencies as one of the highest risk credit card processing types of businesses in the U.S. Yet, many organizations have managed to develop risk management systems that have reduced their risk exposure and have improved their card processing credentials. Crucially, the successful travel agencies have trained their staff in the proper application of these card acceptance best practices on a consistent basis. The following procedures should be taken into consideration when developing your own set of best practices:

• Set aside large-value bookings for fraud review. Large-value transactions may increase your exposure to fraud and customer disputes. A careful review of such transactions before they are settled can mitigate risk and minimize potential fraud-related losses. For best results contact the cardholders involved in such transactions to verify the booking.
• Track key fraud characteristics. Track known fraud transactions and identify all key characteristics in these bookings. Then store the information in a database that you can use to make risk assessment. The following characteristics should be included:
  • Passenger name, address and telephone number.
  • Cardholder name, address and telephone number.
  • Email addresses, Internet Protocol (IP) addresses and Internet Service Providers (ISP).
  • Transaction times, amounts, airlines, classes of service and travel itineraries.
• Screen high-risk bookings. Screening high-risk bookings can help you detect and prevent fraud before it happens. Make sure that you screen bookings with the following characteristics:
  • Passenger name is different from cardholder name.
  • First or business class tickets.
  • Electronic tickets or tickets not delivered to the billing address.
  • Date of travel is less than six days after the date of purchase.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

Selling products and services in a card-not-present environment is substantially riskier than doing it in a face-to-face setting. A number of things can and do go wrong that a physical interaction would have helped overcome.

Fraud. E-commerce businesses are much more vulnerable to fraud than brick-and-mortar operations. It is much more difficult to prevent fraudulent transactions when neither the card nor the cardholder is present at the point of sale. You cannot physically examine the card or request an ID to verify the cardholder’s identity, if you are suspicious about a particular transaction. It is no surprise then that fraudulent transactions and data security breaches cost e-commerce and mail order / telephone order (MO / TO) merchants billions of dollars every year, despite their best efforts to fight back. Internet fraud can take several shapes:

• A criminal uses a stolen card number to fraudulently purchase products or services.
• A family member uses a card to make purchases without the cardholder’s authorization.
• A customer falsely claims that he or she did not receive a shipment.
• Criminals hack into an e-commerce merchant’s card payment processing system and issue credits to themselves.

Theft. Criminals are constantly trying to identify and exploit vulnerabilities in merchants’ data protection systems. Information theft can be committed online or at a physical location:

• Data stolen online. There are a couple of ways for hackers to access personal account information:
  • Intercepting card account data during its transmission to or from the merchant.
  • Accessing inadequately protected processor’s payment systems and stealing data from them.
• Data stolen from a physical site. There is a number of ways in which information can be stolen from a physical data center, including:
  • Stealing account data by an outsider from a payment processor’s site and using it or selling it for unauthorized use.
  • Stealing account data by a processor’s employee and using it or selling it for unauthorized use.
  • A dumpster-truck’s driver steals unshredded account data from a payment processor’s site.

Customer disputes and chargebacks. Unfortunately, fraud is not the only, not even the biggest, risk that e-commerce and MO / TO merchants are faced with. Customer disputes and chargebacks are much costlier and, if left unchecked, can cause the suspension of the merchant’s credit card processing service. There are multiple reasons why a customer will dispute a transaction but the most common are:

• The ordered merchandise was never received.
• A service was not performed as expected.
• The product or service is not as described in the promotional material or website.
• The customer did not make the purchase; it was fraudulent.
• The customer is billed before the goods are shipped or the services provided.
• There is a misunderstanding about the cancellation of an order (often in a recurring payment plan) or the return and refund of a product.
• The customer is billed twice for the same order, or the transaction amount is incorrect.
• A credit has not been processed when the customer expected it would be.
• The customer does not recognize the merchant’s name on his or her credit card statement.
• The customer’s card is charged without his or her approval.

Your organization will need to adequately address all of these risks, before you start accepting payments. If not kept under control, fraudulent transactions and the resulting chargebacks can quickly lead to the suspension of your merchant account.

Learn how to minimize chargebacks and fraud

Learn how to minimize chargebacks and reduce your processing costs. The Chargeback Management kit contains a video and an e-book:

• E-Book – Chargeback Manual (40 pages).
• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).