Inside the Black Hole

Chargebacks are the single biggest issue, ahead even of fraud, e-commerce merchants have to deal with on a daily basis. It is a great challenge, to be sure, not least because chargebacks can result from a number of causes, including customer disputes, processing errors, authorization issues, inaccurate transaction information and yes, fraud.

There is no single silver bullet that would solve your chargeback woes once and for all. Rather, you need to develop a multifaceted strategy to separately address each individual chargeback cause. Then you will have to train everyone involved in the processing of credit card payments in your organization on the implementation of this strategy. If you did a good job at that, your chargeback rate would drop dramatically. It is unlikely that you will ever be able to get rid of chargebacks altogether, not least because some causes are beyond your control, but you can certainly get them down to an acceptable level.

With that in mind, here are my 16 tips for avoiding e-commerce chargebacks:

1. Get a Positive AVS Match

Always do an Address Verification Service (AVS) check with the card issuer and make sure that you received a positive AVS match of the address and the ZIP code. Otherwise, do not proceed with the transaction.

2. Ship to the Billing Address

The AVS only confirms the validity of the billing address. If the shipping address is different, there is no way of telling whether or not it is legitimate.

3. Obtain a Delivery Confirmation

You need to obtain evidence that your shipment was delivered and received. A signed shipping receipt would do the trick.

4. Authenticate Your Customers

Use MasterCard SecureCode and Verified by Visa to authenticate the identity of participating cardholders. These two services protect you from certain types of chargebacks.

5. Get the Card Security Code

You absolutely must get the three-digit code on the back of Visa, MasterCard and Discover cards and the four-digit one on the front of American Express cards. It confirms that the cardholder is in physical possession of the card at the time of the transaction.

6. Process Refunds Quickly

If you have to make a refund, do it quickly. It won’t make the experience any more pleasant, but it will prevent a customer dispute, which is the prelude to chargebacks.

7. Provide Refund Details in Writing

Email your customer and tell her when the refund was issued and at what amount. Give her a cancellation number, if applicable, and any other information you think relevant.

8. Clearly Identify Yourself on Your Customer’s Statement

If your customer does not recognize the name of your business on her credit card statement, she will dispute the associated the transaction. Simple as that. Your processor can manage the way your name appears on credit card statements through the billing descriptor. Make sure it is set up correctly.

9. Post Your Phone Number on Your Website’s Home Page

It is essential that your customer service phone number is easy to locate. If there is an issue, you want your customer to contact you first, before she contacts her bank. Make it easy for her and make sure that someone answers quickly.

10. Obtain Acceptance of the Terms and Conditions of the Sale

Your customer must explicitly agree to the terms of the sale, before it is completed. Have her click on an “Agree” or “Accept” button, before taking her to the checkout.

11. Obtain an Explicit Permission for Participation in Recurring Plans

Only set up recurring payment plans after your customer has agreed to it. A signature would be best, but a checked box would also do.

12. Notify Customers Before Processing Recurring Payments

In recurring and installment plans you need to send billing notices prior to the processing of each payment. Always inform your customer of the date the payment will be processed and the amount.

13. Have a Customer-Friendly Cancellation Policy

If you provide subscription or membership-based services, make it easy for customers to cancel their participation. A “no-questions-asked” policy is strongly recommended.

14. Obtain an Authorization Approval for Each Recurring Payment

Even though you already have obtained an authorization approval for the first payment of the recurring or installment plan, you will have to do it again for each subsequent payment. Remember, credit card information can change and when it happens, you need to request that your customer updates her account.

15. Avoid Using Voice Authorizations

Voice authorizations bypass your processor’s system and cannot be used in chargeback re-presentments.

16. Do Not Settle a Transaction if the Authorization is More Than 7 Days Old

Sometimes you will have to wait before settling a transaction, most often when the shipping is delayed. If the original authorization is more than seven days old, request a new one, before settling the transaction.

There are other items that can be added to the list, but I believe that these are the most essential 16 tips for avoiding e-commerce chargebacks. If you believe that I have missed an important one, please share it in the comments below.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

There isn’t a simple way of preventing credit card fraud. It takes unremitting effort and an arsenal of assorted of tools to stay ahead of the bad guys. First, however, you need to learn the basics of credit card processing and understand the inherent fraud risks.

E-commerce and mail order (MO) and telephone order (TO) businesses are more vulnerable to fraudulent attacks than physical retailers. The information below will help you determine exactly where your organization’s soft spots are and what you need to reduce fraud risk.

When accepting credit cards for payment, request that your customers provide the following information and ensure it is valid:

1. Cardholder name, exactly the way the name appears on the card.
2. Card account number – 16 digits.
3. Card expiration date – four digits (MM / YY).
4. Card security code – three-digit number located in the signature panel on the back of Visa, MasterCard and Discover cards or a four-digit number located above the account number on the front of American Express cards. Security codes ensure that the card is in the possession of the cardholder at the time of purchase.
5. Card billing address along with the shipping address (when different).
6. Home, business or other telephone number where the cardholder can be reached.


For each transaction:

7. Request and validate the card security code. Submit the validation request with the electronic authorization request or when calling the voice authorization center.
8. Verify the customer’s billing address with the Address Verification System (AVS), either electronically or by phone.
9. Check your delivery service contract for who is responsible if the merchandise is not delivered.
10. Get a signature for each delivery. A signature from the cardholder will give proof that the he or she received the shipment.
11. Keep all delivery records.
12. All authorization declines are final. Do not force through any transactions for which you have received a declined response to your authorization request.
13. If the sale is on a credit card, do not refund in cash or by check or on another card. Refund sales on the same card account that the purchase was made on.
14. Include your “Doing Business As” (DBA) name and customer service number on the cardholder’s transaction statement.
15. Clearly communicate any and all delivery charges, restocking or other fees.
16. Clearly explain any return policies and offer documentation of this policy with each sale.
17. When working to resolve a chargeback, document all efforts to satisfy the customer.
18. Respond to all chargebacks, even the small ones.
19. For duplicate sales, or installment plans, unless otherwise stated, require an authorization for each sale.

Vulnerable businesses lacking adequate data security are one of the primary sources of illegally obtained credit card information that is later used in fraudulent transactions. You will need to develop an information security strategy for your business. At the very least, you will need a Secure Sockets Layer (SSL) Certificate, firewall, cryptography tool and anti-virus software. Compliance with the PCI Data Security Standard is now mandatory.

What data protection tools have worked for you? Do you have a 20^th step to preventing e-commerce fraud? Share your experience in the comments.

Accept card payments quickly and safely

Accept online payments via credit and debit cards and electronic checks at the lowest processing costs. You will get:

• Free merchant account and Authorize.Net gateway set-up.
• No monthly merchant account or gateway fees.

We write about e-commerce risk management and fraud prevention quite often on this blog, and for a good reason. Understanding the risks associated with the processing of credit card payments on your website and developing a solid strategy to limit your fraud exposure is what will ultimately determine your success, or the lack of it, in preventing fraudulent transactions. You may employ all of the latest fraud prevention tools, as well you should, but if you don’t understand what makes you vulnerable to attacks, you are unlikely to achieve great results.

At UniBul Merchant Services we tell our clients that their fraud prevention efforts are unlikely to succeed if they do not seriously commit themselves to the cause. This is crucial, because you have to match the persistence and resourcefulness of those intent on breaking through your defenses. Moreover, you have to be prepared to repel the attacks on a continuous basis. Think of it this way, this is not a one-time offensive, but rather a sustained siege.

With that in mind, I recommend that your risk management strategy includes the following components:

Create an Official Risk Management Post in Your Organization

You have to show everybody in your organization that you are serious about risk management and there is no better way of achieving this goal than giving someone the authority and budget to lead your fraud prevention efforts. Consider implementing the following procedures when creating a fraud prevention position or department:

• Make it a senior position. That way you clearly demonstrate that fraud prevention is your organization’s highest priority.
• Clearly define responsibilities within your organization for detecting and reviewing fraudulent transactions. Risk management should not be the domain of a single person or department within your organization. Everyone needs to be involved and to understand their responsibilities.
• Keep chargeback management separate, but promote cooperation with the risk management department. Larger organizations typically have separate departments to deal with chargebacks and fraud. This is the right approach, as the causes for each of these issues are often unrelated. However, cooperation is important, as one of the most common causes for chargebacks is fraud.

Monitor Risk Management Performance

You have to measure the effectiveness of your risk management strategy, in order to know if you are on the right track. In particular, your fraud prevention efforts will become more effective if you track areas like:

• Total fraud volumes as a percentage of your total sales. Set targets and stick to them. The goal should be for your fraud volumes to decrease over time.
• Fraud recoveries as a percentage of your total fraud. If your fraud prevention efforts are producing results, your fraud recovery rate should be gradually increasing.
• Speed of reviewing and making decisions about suspicious transactions. Your customers expect payments to be processed quickly, so you don’t have much time to investigate suspicious transaction characteristics. Yet, you have to evaluate the transaction risk the best you can, so your fraud prevention procedures must be streamlined enough to reconcile the two opposing needs. There are plenty of tools out there to help you automate the process.
• Number of complaints from customers regarding legitimate sales. This area is especially important, as you don’t want to antagonize legitimate customers. As your organization becomes more experienced in handling suspicious data, such complaints should decrease. Set targets and monitor their achievement. Whenever you receive such a complaint, address it immediately and explain to the affected customer that the inconvenience is caused by your efforts to protect his or her personal information and that you are doing your best to better identify fraud signals.

You are unlikely to ever completely eliminate fraud. However, if you develop a solid risk management strategy and work hard on improving it, your fraud rate will gradually decline, bringing down your chargeback rate in the process. Just remember that fraud prevention is a process and you will never be done with it. The moment you let up, you will quickly lose hard-won ground.

Accept card payments quickly and securely

Accept online payments via credit and debit cards and electronic checks at the lowest processing costs. You will get:

• Free merchant services and Authorize.Net gateway set-up.
• No monthly merchant account or gateway fees.

By now all regular visitors to this blog should have learned that accepting payments online, over the phone or in any other card-not-present setting is a much riskier affair than a face-to-face transaction. Admittedly, most of our readers are involved, in one way or another, in processing credit card payments, and already knew that from experience, even before we first wrote on the subject.

Still, it is worth reiterating exactly what the risks are, before we suggest ways to mitigate them. The two biggest issues, often interrelated, associated with processing card-not-present payments are fraud and chargebacks. The reason why fraud is more rampant online than in brick-and-mortar stores is that it is much more difficult to establish the legitimacy of the cardholder and the validity of the card when neither can be seen. Chargeback levels are higher for much the same reason, but also, because accepting card payments online or over the phone allows for more processing errors.

Yet, although at an obvious disadvantage, e-commerce and MO / TO merchants are not exactly at the mercy of the criminals. Plenty of tools are available to help you fight fraud and following best card acceptance practices will further minimize fraud and chargeback levels. In this post I will offer nine simple steps for processing card-not-present payments. If you follow them in each of your sales transactions, both your fraud and chargeback rates will decline significantly.

When a customer makes a payment at the checkout of your online store or over the phone to complete a transaction, your system needs to perform the following actions:

1. Collect the payment information. At a minimum, the following information needs to be submitted with each sales transaction:
   • The cardholder’s name, card account number and expiration date.
   • The cardholder’s full billing address and the shipping address (if applicable).
   • The payment date.
   • The total amount of the payment, including all applicable taxes and gratuities purchased on the card.
   • A mutually acceptable description of the products or services purchased by the cardholder.
2. If participating in Verified by Visa (VbV) or MasterCard SecureCode (you should), complete the respective authentication process and provide the authentication data in the authorization request. These services add an additional security layer to help protect merchants that accept cards over the internet.
3. Perform internal fraud screening. You need to develop a fraud screening system, or obtain one from a third-party vendor. This mechanism will, if certain predefined high-risk characteristics are found, suspend the processing of the transaction at issue. Such services will help you verify the validity of both the cardholder and the card.

   
   Additionally, transactions should be matched against velocity parameters, high-risk locations and internal negative files. Transactions that raise suspicions should be subjected to a further review.

4. For transactions that pass your internal scrutiny, obtain authorization from the card issuer. Authorization is the process of obtaining permission from the card issuing bank to accept the card for payment and should be obtained for all card-not-present transactions (see chart below).

   
   

   
   With your authorization request you should also perform the following verifications:

   • Address verification. The Address Verification Service (AVS) is a risk management tool that enables merchants accepting card payments in a non-face-to-face environment to verify the validity of the billing address provided by their customers by comparing it to the one on file with the card issuer.
   • Verification of the card security code. Card security codes are the 3-digit numbers on the back of Visa, MasterCard and Discover cards and the 4-digit codes on the front of American Express cards. They were introduced to help e-commerce and MO / TO merchants verify that their customers are in a physical possession of their cards at the time of the transaction. It is a feature that all major payment gateways support and your payment processing provider should make it available to you. You should never store card security codes.
5. Use the correct electronic descriptor. The electronic descriptor identifies the transaction type and helps processing banks to differentiate merchants based on the way payments are accepted. Indicate “Mail Order,” “Telephone Order,” “Internet Order,” or “Signature on File,” as applicable, into the appropriate field of the authorization and settlement messages.
6. Provide your customer with the expected delivery date. Tell your customer what the delivery method and expected delivery date will be. If a delivery is running late, immediately inform your customer of the new expected delivery.
7. Do not deposit transactions before the shipping date. For card-not-present transactions, the transaction date is the shipping date, not the order date ( see graph above). Transactions cannot be deposited until the products or services have been shipped. Also, you shouldn’t be late with your deposits. Transactions deposited more than 30 days after the transaction date may be charged back to you.
8. Make your organization’s return and credit policies available to consumers through clearly visible links on your website. Placing these links in your website’s footer or header will usually make them present on all pages, so that customers can easily review them.
9. Place your customer service number on all of your website pages. This is a crucial, though often neglected, requirement. Most customer questions can be answered and concerns alleviated with a simple phone call, before they deteriorate into disputes and chargebacks. You should also make available to your customers other communication methods, like email and chat, but not in place but in addition to phone support.

That’s it, nine simple steps to follow in each of your transactions. Actually, the last two are only applicable to e-commerce businesses, so MO / TO merchants only have seven to think of. Unfortunately, some fraud and chargeback causes will remain beyond your control, but applying the above suggestions will remedy the vast majority of them and you will be in a pretty good shape.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

After two years of sluggish sales, the U.S. e-commerce has again found its footing in 2010, according to a report from comScore, an internet marketing research company. Even though an uptick was expected, online sales figures were better than most analysts had predicted.

With unemployment at close to 10 percent for most of 2010 and the economy still wobbly, there were good reasons to be cautious. Yet, despite the gloomy macro picture, consumers have clearly managed to regain their confidence and open up their wallets.

E-Commerce Spending Up

comScore’s data show that online spending in 2010 rose by 9 percent from 2009, reaching $227.6 billion. Travel-related web spending was up by 6 percent to $85.2 billion, while retail sales volumes rose by 10 percent to $142.5 billion for the period.

Online spending rose throughout the year, reaching its peak during the holiday season, which registered a growth of 12 percent over 2009. Yet, it was March that saw the biggest year-over-year increase in online consumer spending.

The Holiday Online Shopping Season in Numbers

As always, the last two months of the year accounted for the heaviest sales volumes, with consumers spending $32.6 billion in total on the web. The total daily spending volume exceeded $900 million on eight occasions, all but one in December.

Cyber Monday, the first week day after Thanksgiving, was easily the busiest online shopping day of the year, with consumers spending $1.028 million, according to comScore. This is $74 million more than the second-busiest day – Monday, Dec. 13 ($954 million).

Another analytics company, Coremetrics, which tracks online consumer spending, has estimated that Cyber Monday 2010′s sales volumes were up 19.4 percent, compared to the same day in 2009, with the average ticket amount rising by 8.3 percent, from $180.03 to $194.89 for the period.

Black Friday, the day after Thanksgiving, also registered a substantial rise in online sales, which were up by 15.9 percent from 2009, according to Coremetrics. The average ticket rose by 12.1 percent, from $170.19 to $190.80 for the period.

Payment Processing Takeaway

While online retailers are the most obvious beneficiary of the huge growth in consumer e-commerce spending, specialized payment processors have benefited just as greatly.

PayPal, for example, said its processing volumes grew by close to 20 percent year-over-year on Cyber Monday 2010. The spike was even sharper on Black Friday, for which eBay’s subsidiary reported a 27 percent increase in its payment volumes.

Yet, as impressive as these numbers are, the biggest growth in online processing volumes in the coming years will come not from traditional desk- and laptop sales, but from mobile payments, which in many of their incarnations are in fact e-commerce transactions.

The process has already started. PayPal reported a 300 percent jump in its mobile payments volume in the month to December 15 2010, on a year-over-year basis. The figure for Black Friday was 310 percent. PayPal’s parent company registered similar trends. eBay’s mobile sales in the second Sunday of December – “Mobile Sunday” – rose by 127 percent in the U.S. from the previous year. Globally, the increase was 165 percent.

With global mobile payments volumes projected to reach $1.13 trillion in 2014, exceeding the 2009 level by a factor of 30, processors with m-payment capabilities are set to reap huge profits. In the U.S. the dynamics will be even more pronounced, with m-payments volumes rising from $4 billion in 2009 to $162 billion in 2014, a factor of 40.5, according to Aite Group.

Accept credit cards at one flat rate!

Accept credit cards on your website with our flat rate e-commerce merchant account with no fixed monthly fees! You will get:

• One rate for all types of MasterCard and Visa cards (including rewards, commercial, etc.).
• No mid-qualified and non-qualified fees.
• No merchant account application or set-up fees.

UniBul’s Twitter Lists are now on Mashable