Credit Card Processing Blog

When it comes to fraud prevention, the size of your average sale’s amount is of a huge importance. In effect, it sets a limit on the amount you can spend on verifying each transaction’s validity, which places small-ticket merchants at a disadvantage, while the opposite is true for their big-ticket counterparts. Not to mention that it is often physically impossible for merchants selling small-ticket items to scrutinize each transaction, even if it were financially justifiable.

On the other hand, the good news for small-ticket merchants is that they can absorb much more easily a number of fraudulent transactions that would be totally unacceptable (possibly ruinous) to a seller of large-ticket items. It is a numbers game for both merchant types and you need to know how to play it.

Why Fraud Is Hard to Combat

In theory, e-commerce merchants can prevent just about all fraudulent credit card transactions from being processed. Online shopping has been around long enough to have allowed for solid fraud prevention tools and best practices to be developed that could, if applied consistently, shut down the vast majority, if not all, of fraudulent transactions. And yet, fraud stubbornly persists and even thrives. Yes, criminals are hard at work at devising ever more sophisticated strategies of their own, but their ingenuity can take us only so far towards explaining why fraud is so hard to combat.

Part of the reason for the failure to eradicate fraud is that many merchants are either inexperienced or do not allocate enough resources for fraud prevention. But even well-funded e-commerce businesses that take the issue seriously and have equipped their well-trained fraud prevention staff with the latest tools find it hard to achieve a total victory over the criminals.

For a big-ticket merchant, anything less than a complete shutdown of fraud may well be unacceptable, but that is not the case for small-ticket ones. It’s a numbers game in both cases, but the lower your average sale’s amount is, the greater the number of fraudulent transactions you can live with. With that in mind, if you sell inexpensive merchandise, your goal should not be to eradicate, but to control fraud. Achieving total victory, even if it were possible, could turn out to be unaffordable.

How to Screen Small-Ticket Transactions

When devising your fraud screening procedures, you should account for the fact that it is not cost-effective to review each and every one of your transactions. Your system should be able to identify and set aside for review only transactions with potential fraud losses that are lower than the cost of a manual examination. In particular, consider the following factors:

• Dollar amount of the sale. Set a lower limit on transactions for manual reviews.
• Cardholder relationship. You would not want to review orders placed by returning customers.
• AVS result. You should not be reviewing transactions, for which you received a negative AVS result. These should be rejected.
• Card security code. As with the AVS, you should put a stop to transactions, for which the security code provided by the cardholder did not match the one on file with the issuer.
• Cardholder authentication result. If it makes financial sense to participate in Verified by Visa and MasterCard SecureCode, these two services will be doing some of the screening for you.

Once you have applied these fraud screening procedures, you can proceed to manually review the transactions that have survived the culling process or, again if it makes financial sense, you can run them through a third party fraud scoring service to further narrow the field.

The Takeaway

The victory over e-commerce fraud comes at a cost and the point of implementing fraud screening procedures is to ensure that we don’t spend more trying to prevent it than what makes sense. That means that we have to learn to live with risk and to accept fraud losses as a cost of doing business. Again, it is a numbers game and what counts is winning the war, not each individual battle. Moreover, if you process thousands of small-ticket transactions, individual losses don’t really matter all that much.

Image credit: Serglo.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

Processing international credit card transactions, settling in foreign currencies and currency conversion on e-commerce websites are topics that I am often discussing with merchants. Their requirements vary and different types of set-ups are usually needed, but often enough the solution is fairly straightforward and simple to implement. It is called Dynamic Currency Conversion (DCC).

What is Dynamic Currency Conversion?

DCC is a credit card processing service that enables U.S. businesses to offer their international customers the option to pay in their own currency, in addition to U.S. dollars. DCC is currently available for Visa and MasterCard transactions only, both in face-to-face and card-not-present environments.

Now, U.S. businesses can accept foreign-issued bank cards perfectly well without DCC, however, the currency used in such transactions is always the one in which the merchant settles. Moreover, merchants are charged additional fees for accepting foreign-issued cards, which can be quite steep (typically in the range 0.50% – 1% of the transaction amount).

How Does DCC Work?

The DCC service supports 36 foreign currencies at present and the transaction process at participating merchants goes through the following stages (in an e-commerce setting):

• The customer enters his or her payment information at the checkout.
• The DCC-enabled software determines if the card has been issued by a foreign bank.
• The exchange rate for the customer’s home currency is calculated by adding the wholesale interbank rate and the merchant’s foreign currency fee.
• The converted amount is displayed to the customer and they are asked to select between paying in U.S. dollars or their own currency.
• If the foreign currency is chosen, the transaction receipt will show the exchange rate including conversion fees, the U.S. dollar amount and the foreign transaction amount (see sample receipt at right).

It turns out, perhaps unsurprisingly, that most customers choose to pay in their own currency, even though the aggregate currency conversion fee charged on DCC transactions is often higher than the one charged by the card issuer.

I don’t think it would be much of a stretch to suggest that at least some customers would not have completed a transaction, if the option of paying in their local currency was unavailable.

DCC: Merchant vs. Consumer Perspective

So, if a merchant’s volume is sufficiently high to offset the DCC maintenance fees, I see no reason not to use the service, provided the processor supports it. The merchant would still be paying the foreign transaction fee charged by the processor, but would be able to make up for it by charging its customers a conversion fee.

From a consumer’s perspective, things look quite differently. Using DCC at the checkout is typically a very expensive way to complete a transaction. The DCC currency conversion fee is almost certain to be substantially higher than the issuer’s foreign transaction fee (3% is the prevalent rate in the U.S., however Capital One charges no such fee).

Accept credit cards at one flat rate!

Accept credit cards with our flat rate e-commerce merchant account with no fixed monthly fees! You will get:

• One rate for all types of MasterCard and Visa cards (including rewards, commercial, etc.).
• No mid-qualified and non-qualified fees.
• No merchant account application or set-up fees.

Criminals are constantly improving their strategies and tactics for stealing and then using credit card information for fraudulent purchases. It is a high-stakes arms race between the e-commerce merchants and service providers on one side and the hackers and fraudsters on the other. It is a struggle that can be seen very much in evolutionary terms: you either learn to constantly evolve or you will perish.

Compliance with the requirements of the Payment Card Industry (PCI) Data Security Standards goes a long way towards ensuring that sensitive account data is well protected against hackers. We will review the PCI DSS requirements again in the near future, as there have been some recent changes that need to be examined.

In this post, however, I will focus solely on how to recognize a potentially fraudulent transaction, so that you can flag it for a more detailed examination, before processing it.

9 Telltale E-Commerce Fraud Indicators

Following are 9 of the most typical fraud indicators for e-commerce transactions. Keep in mind that the presence of any single one of them does not necessarily mean that fraud is under way. It simply heightens the probability of the transaction being fraudulent. So if you have identified two of these indicators, the fraud probability rises further and so on. You should develop a policy for investigating such transactions, based on their fraud risk and verify that both the card and the cardholder are genuine before processing the payment. So here are the signs:

1. New customers. Needles to say, you need to be careful here. You need as many new customers as you can get and the last thing you want to do is antagonize them. At the same time, criminals are likely to only use stolen card information once in any given store.
2. Unusually large orders. As the card account whose information is stolen is typically quickly shut down, criminals will try to use up as much of its credit line as possible in this limited time frame. Placing large orders is a way to do that.
3. Ordering multiple identical or similar items. This is another tactic for maximizing profit in a stolen credit card account’s limited life span.
4. Expensive items. Expensive merchandise has correspondingly high resale value, which is what makes it attractive to criminals. Incidentally, this is also a major reason merchants with high average ticket amount are categorized as high risk by payment processors.
5. Overnight delivery or other expensive shipping option. As criminals do not spend their own money and are solely interested in getting their hands on the merchandise as quickly as possible, shipping charges are of no concern to them.
6. International orders. A disproportionately large number of fraudulent e-commerce orders are placed from outside the U.S. Some countries are higher risk than others and you will have to decide whether or not to accept orders from their residents in the first place.
7. Similar card numbers. Fraudulently generated card numbers are often very similar, only different by a digit or two. Your system should be designed to identify such numbers.
8. Multiple orders with the same shipping address. This is a very strong indication that a stolen batch of account information is fraudulently used.
9. Multiple orders with different cards, but from the same IP address. This may be an indication that the orders are placed from the same computer, even if multiple shipping addresses are used.

Your fraud detection system should be able to identify each of the above items. For evaluation purposes you may want to assign different weight to each one of these indicators and adjust it as you collect more data. So if, for example, you discover that orders with overnight shipping result in fraud more often than orders for expensive items, your transaction review process should be adjusted to account for the difference. But don’t stop there, as what holds true this month may well change the next and so should your fraud review process.

Accept credit cards at one flat rate!

Accept credit cards with our flat rate e-commerce merchant account with no fixed monthly fees! You will get:

• One rate for all types of MasterCard and Visa cards (including rewards, commercial, etc.).
• No mid-qualified and non-qualified fees.
• No merchant account application or set-up fees.

Most of our clients accept credit card payments in a card-not-present environment and are just about evenly split between e-commerce and MO / TO (mail order and telephone order) businesses. One consequence is that we constantly get to speak to merchants about payment gateways and virtual terminals. In the process we have learned exactly what it is that merchants typically need help with or do not understand about these services.

So in this post I will offer another take on payment gateways, based on our current understanding of what it is that merchants need to know on the subject.

What Is Payment Gateway?

Payment gateway is an e-commerce application that provides transaction authorization and clearing services to web-based merchants. It integrates with the e-commerce website’s shopping cart and activates once a visitor places an order. The gateway then encrypts the transaction information and transmits it between the website and the merchant’s acquiring bank.

The payment gateway is the e-commerce equivalent of the point-of-sale (POS) credit card terminal used in brick-and-mortar retail outlets. Both serve as a means of communication between merchants and acquiring banks.

Payment Gateway’s Role in the E-Commerce Transaction process

Let’s take a look at precisely where a payment gateway fits into the e-commerce transaction process. Here is what happens to the transaction information from the moment a visitor hits “Place Order” at the checkout of an e-commerce website to the receiving of confirmation (for Visa and MasterCard transactions):

1. The visitor provides her card account information for payment.
2. The information is SSL-encrypted and sent to the merchant’s web server.
3. The payment gateway now collects the data and, SSL-encrypts it and transmits it to the acquiring bank’s server.
4. The acquirer then transmits the data to Visa or MasterCard (the Card Associations).
5. The Associations transmits the data to the card issuer.
6. The issuer either approves or declines authorization for the transaction and sends its response back to the acquirer.
7. The acquirer then sends the issuer’s response to the payment gateway.
8. The payment gateway transmits the response to the e-commerce website where it is displayed to the cardholder.

If the issuer’s response is an approval, the transaction is completed. If it is a decline, procedures vary, but the customer should be asked for an alternative form of payment. For Discover and American Express transactions the process is much simpler, as the issuer and the acquirer are one and the same. So in transactions involving cards of one of these companies, stages 4 through 6 from the above list would be combined into one.

What Payment Gateway Should You Use?

There are many payment gateways available on the market. When choosing one for your website, you will of course want it to be reliable, secure and fast. All major gateways will give you that. Some of them will offer fancy proprietary fraud prevention services, which are worth considering as well. But because I know that pricing is most of the time your primary consideration, let me offer you a few pointers.

When looking at payment gateway pricing, you must take it in the context of the overall merchant account pricing, as proposed to you. Some processors may offer you a very attractive discount rate, but somewhat less favorable gateway pricing or vice versa or something in between. Whatever the case, you will have to do the math for the pricing package as a whole.

Keep in mind that some processors may void gateway authorization fees, which are charged in addition to the discount. Authorization fees are typically at around 10 cents per transaction, so if you process thousands of transactions per month, we are talking about hundreds of dollars in additional fees. If that is the case, the monthly gateway fee, which is typically in the range $10 – $20, will be of much less importance for you. However, if your monthly transaction count was lower, say a few dozen, your priorities would be reversed and the monthly fee’s importance would rise at the expense of the authorization fee’s.

It is important that you invest the time and do your due diligence before your website and merchant account go life. Later on, if you discover that you have made a wrong choice, you may not be able to get out of your merchant account contract without paying a heavy penalty fee.

Get a personalized credit card rate for each of your transactions!

Get the lowest possible credit card processing rate for each individual transaction! Our interchange-plus pricing model gives you:

• Processing rates calculated separately for each transaction to ensure that not a single one of them is overcharged.
• No more mid-qualified and non-qualified fees.
• No fixed monthly fees.

Providing high-quality and easily accessible customer support is a must for any business that wants to be around for the long term, regardless of the industry. Big retailers like Walmart and Target have figured it out long ago which is why they place their customer service stations right next to each store’s entrance.

If you manage an e-commerce business, your website should be designed to provide your customers with after-the-sale support that is just as accessible and helpful as the big retailers’ help desks.

Your goal should be just the same as the physical retailers’: to create a solid base of satisfied customers who will return to your website every time they need to purchase the type of product you sell and will recommend it to their friends. You will only achieve this objective if your customer service measures up to your customers’ expectations. In this post I will show you how to do this.

How to Provide Great E-Commerce Customer Service

Your customer service policy should incorporate the following best practices:

1. Provide a customer service phone number. A phone conversation is the best substitute to a face-to-face interaction and you must make it available to both customers and visitors to your website. Make sure that the following requirements are met:
   • Display your customer service number on each page of your website. Most visitors and customers will land directly on an internal page, rather than your home page. Make it easy for them to locate your phone number by displaying it prominently in your website’s header.
   • Adequately staff your customer service department. A prominently displayed customer service phone number will do you no good if there is no one to pick up the incoming calls. Make sure that you have enough people to do that.
2. Provide a customer service email. Some customers will prefer using email to contact you, so you will have to accommodate them. Consider implementing the following best practices:
   • Display your customer service email on each page of your website. The same considerations apply as with the phone number.
   • Provide a separate customer service email address. In other words, make an email address available specifically for customer service inquiries (e.g. support@example.com).
3. Set a response time for email inquiries. Customers need to know how soon they should expect their issue to be addressed. Implement the following procedures:
   • Acknowledge email inquiries with auto-respond emails. In addition to acknowledging receipt of the inquiry with auto-responders, inform your customers how soon they should expect a complete response.
   • Stick to the stated time frame. You will need to staff your customer service department sufficiently, so that all emails are responded to within the promised time frame.
4. Set inquiry response goals and monitor performance. You need to set goals for how quickly email inquiries are addressed and be able to monitor your customer service department’s performance. The following procedures will help you achieve that:
   • Set a goal for responding to all inquiries. For example, set a goal of 1 business day. Similarly, you may set shorter time frames for addressing, say 75 percent or 90 percent of the inquiries.
   • Monitor performance on a weekly and monthly basis. Monitoring on a regular basis is the only way to find out whether your response rate meets the stated goal. If not, you will have to make adjustments and typically that means increasing the number of your customer service staff.

If you incorporate the above best practices into your e-commerce customer service procedures, you will help create a loyal customer base, which incidentally is the best marketing strategy there is. Another welcome side effect will be the reduced numbers of customer disputes and chargebacks. If you have a fifth item to be added to the list, please share it in the comments below.

Accept credit cards at one flat rate!

Accept credit cards with our flat rate e-commerce merchant account with no fixed monthly fees! You will get:

• One rate for all types of MasterCard and Visa cards (including rewards, commercial, etc.).
• No mid-qualified and non-qualified fees.
• No merchant account application or set-up fees.