Credit Card Processing Blog

We haven’t written anything about fraudulent chargebacks in a long time, even though this is an issue that we know full well is very difficult to deal with. What is particularly pernicious about it is that it plagues mostly businesses that are classified as high-risk anyway, making the status of their credit card processing accounts even more precarious than they already are.

I was reminded of the issue this past week when I had a phone conversation with a merchant providing escort services. (Full disclosure, this is a merchant category that we are unable to service at present). She told me that “one-time clients with no intention of ever booking a second time occasionally exploit the chargeback process,” by filing disputes for “item not received and so forth.” The worst part, however, was that her company’s “privacy policy and discrete billing” made it very difficult to fight these chargebacks. Now, this may be an extreme example, because the merchant is about as high risk as they get, but the principle fully applies to many lower-risk business types.

What Is a Fraudulent Chargeback?

So let’s define what a fraudulent chargeback is, before we move on to the possible ways for fighting them. As the example above suggests, a fraudulent chargeback results from a successful customer dispute of a legitimate transaction, one in which he or she knowingly and purposely participated and for which the customer is fully responsible.

In short, fraudulent chargebacks are initiated by consumers attempting to game the system designed to protect them from fraud and processing errors.

How to Fight Fraudulent Chargebacks?

There used to be a website, called BadCustomer.com, which enabled merchants to list customers filing fraudulent chargebacks in its database. The idea was that merchants could check a new transaction against the BadCustomer.com database and possibly decline orders placed by consumers listed in there. I liked the idea, but I now see that the website is no longer active. If anyone knows what happened to it, please let me know.

So what other tools do you have at your disposal for fighting fraudulent chargebacks? Well, as it usually is the case, it is mostly a matter of designing and implementing a set of best practices. Following is a short list of what you should be doing:

• Keep detailed records of your transactions. This one is critical. You will be getting disputes for totally legitimate transactions. There is no way around that. When you do, you need to be able to re-present the transaction, through your processor, with enough supporting information to leave no doubt of its authenticity. Now, as the example with the escort services merchant clearly indicates, some merchants feel that, in order to be able to attract customers, they need to make the billing process more “discrete,” meaning to collect less information. You should not be doing that. I would argue that, in the long run, you would be better off losing some customers who are not willing to go through the regular checkout process, rather than leaving yourself vulnerable to fraudulent chargebacks by compromising your billing process.
• Call your customer. You just may be able to shame your customer into retracting his dispute. It is worth a shot.
• Use collection efforts. No one likes collection agencies. Consumers dislike them for obvious reasons, while many businesses see them as a sure way to create a public relations disaster. Well, you will have to make a choice. Worse, you may not have a choice. Remember, Visa and MasterCard will suspend your agreement, if your chargeback ratio for any given month exceeds one percent of your total transaction count. However, your processing bank will suspend it way before that. If you decide to use a third-party collection agency, which is probably the better way to go, make sure it is a reputable one, as any customer complaints, resulting from third-party collection efforts, will eventually reflect on your business.

There are limits on how vigorously you can fight fraudulent chargebacks, but you just can’t afford to do nothing. The above suggestions should get you started and if there is something else that has worked particularly well for you, please share it with the rest of us.

Learn how to minimize chargebacks and fraud

Learn how to minimize chargebacks and reduce your processing costs. The Chargeback Management Kit contains a video and an e-book:

• E-Book – Chargeback Manual (40 pages).
• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).

Visa and MasterCard can initiate an audit of a merchant’s credit card processing account, whenever they have reasons to believe that the merchant may be a high-risk one or is processing invalid transactions. In particular, the following two reasons can be sufficient to trigger an audit:

• The processing bank may have reason to believe that the merchant is engaging in collusive or otherwise fraudulent or illegal activity.
• The processor determines that the merchant’s chargeback ratio or credits-to-sales ratio exceeds the standards set by Visa and MasterCard or its own standards, or both. We have discussed the Associations’ rules on excessive chargebacks in previous posts and encourage you to revisit them.

Processors will typically act quickly when they notice an activity that is outside of the established merchant pattern, because they are responsible for fraud-related chargebacks. For example, if a merchant submits a transaction at an amount substantially higher than the average transaction amount approved for the account, the processor will probably contact the merchant and want to find out why the amount is so high. Similar attention is paid to sales volumes. As completely legitimate merchants have learned to their surprise and annoyance, a rapid rise in their monthly sales invariably attracts their processor’s attention.

Moreover, even when fraud is absent or nor suspected, processing banks can have good reasons to be alert. The Associations assess processors penalty fees for merchants with high levels of chargebacks. For example, processors are required to report every merchant whose chargeback-to-transaction ratio (CTR) exceeds 50 basis points (0.50 percent) and pay a reporting fee of $50 for each report submitted. The fee rises steeply when the CTR exceeds 100 basis points (1 percent). To avoid paying these fees, processors will initiate a review long before the merchant comes even close to reaching either of these thresholds.

Whenever an audit is initiated by one of the Associations, it will contact the processor to explain the reasons why it believes the merchant may be in violation of the rules against processing invalid transactions and request information. Processors have 30 calendar days to return the requested information to the Association. Requested information typically includes the following items:

• A statement explaining whether, when, and how the processor became aware of fraudulent activity or chargeback or customer service issues, the steps it took to control the occurrence of fraud, and the circumstances surrounding the merchant’s termination.
• All internal documents about the opening and signing of the merchant including its application, merchant processing agreement, credit report, and certified site inspection report.
• All internal documents regarding the due diligence procedures followed before signing the merchant, including background checks of the company and its principals, as well as trade and bank references that the processor verified during the due diligence procedure.
• If an Independent Sales Organization (ISO) or a Member Service Provider (MSP) of the processing bank has facilitated the signing of the merchant, the ISO / MSP must include the due diligence documents. (In such cases the processor must distinguish between the due diligence conducted by its employees and its ISO’s / MSP’s employees.)
• Additionally, if an ISO / MSP assisted in the signing of the merchant, the processing bank must provide all due diligence documents regarding the representative that signed the merchant.
• Reports confirming an inquiry by the processor into the Member Alert to Control High-Risk Merchants (MATCH) system before signing the merchant and, if applicable, input of the merchant to the MATCH system database within five business days after its decision to close the merchant.
• Additionally, during the review period, the processor will be required to provide the following documentation:
  • Authorization logs for the merchant.
  • A monthly breakdown of chargeback and credits by count, amount, and issuer bank identification number (BIN) for the violation period.
  • A complete record of the merchant sales volume, including the number of transactions at the location, for the period for which the authorization logs are requested.

As you see, there is a lot of documentation that will be looked at and, if something is not done according to the applicable rules, it will most likely be found and the account will be terminated (if it has not been already) and the merchant will be added to the MATCH file. Moreover, during an audit, the merchant may be listed on the MATCH system under MATCH reason code 00 (Questionable Merchant).

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

Yesterday’s post reviewed how the Member Alert to Control High-Risk Merchants (MATCH) works and how it affects merchants and processors. This article will elaborate on the possible results from searches in the MATCH database. Firstly, though, it should be pointed out that all positive responses to a MATCH search are considered “possible matches” because the search system cannot guarantee an exact match with absolute certainty. This is the reason why you will see an oxymoronic-sounding “exact possible match” item in the list below.

A MATCH search can return one of the following types of possible matches:

• Retroactive possible matches. If the information in the original inquiry finds new possible matches of a merchant or inquiry record in the MATCH database added since the original inquiry was submitted and this information has not been previously been reported to the processing bank at least once within the past 120 days, the system returns a retroactive possible match response.
• Exact possible matches. An exact possible match exists when data in an inquiry matches data in any of the following data fields on the MATCH system letter-for-letter, number-for-number, or both.
  
  

  Field	+	Field	+	Field	=	Match
  Business Phone Number					=	√
  Business National Tax ID	+	Country			=	√
  Business State Tax ID	+	State			=	√
  Business Street Address	+	City	+	State	=	√
  Business Street Address	+	City	+	Country	=	√
  Principal Owner’s (PO) First Initial	+	Last Name			=	√
  PO First Name	+	Last Name			=	√
  PO Phone					=	√
  PO Social Security Number (if the country is USA)					=	√
  PO National ID (if the country is not USA)					=	√
  PO Street Address (lines 1 and 2)	+	PO City	+	PO State	=	√
  PO Street Address (lines 1 and 2)	+	PO City	+	PO Country	=	√
  PO Driver’s License (DL) Number	+	DL State			=	√
  PO Driver’s License Number	+	DL Country			=	√

  
  MATCH uses Street, City, and State if the merchant’s country is USA. Otherwise, Street, City, and Country are used.

• Phonetic possible matches. The MATCH system converts certain alphabetic data, such as Business Name and Principal Owner Last Name into a phonetic code, which generates matches on words that sound alike, such as “Easy” and “EZ.” The phonetic feature of the system also matches names that are not necessarily a phonetic match but might differ because of a typographical error, such as “Rogers” and “Rokers,” or a spelling variation, such as “Lee,” “Li,” and “Leigh.” MATCH evaluates the following data to determine a phonetic possible match:
  
  

  Field	+	Field	+	Field	=	Match
  Business Name					=	√
  Doing Business As (DBA) Name					=	√
  Business Street Address	+	City	+	State	=	√√
  Business Street Address	+	City	+	Country	=	√√
  Principal Owner’s (PO) First Initial	+	Last Name			=	√
  PO Street Address (lines 1 and 2)	+	PO City	+	PO State	=	√√
  PO Street Address (lines 1 and 2)	+	PO City	+	PO Country	=	√√

  
  MATCH uses Street, City, and State if the merchant’s country is USA. Otherwise, Street, City, and Country are used.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

Member Alert to Control High-Risk Merchants (MATCH) is a mandatory system for U.S. acquiring (processing) banks. It is a database that includes information reported by processing banks about merchants and their owners whose merchant accounts have been terminated for cause. The MATCH system is sometimes referred to as the Terminated Merchant File (TMF).

MATCH requirements for processors. All processing banks are required to use MATCH. In particular, processors are required to:

• Add information about a merchant that is terminated for cause. If either the processor or the merchant acts to terminate a merchant account (by giving notice of termination), then the processor must add the required information to MATCH within five calendar days of the earlier of:
  • The effective termination date or
  • The date it received the termination notice by the merchant.
• Inquire against the MATCH database. When a processor considers signing an agreement with a merchant, it must first check MATCH for information on whether the merchant was terminated by another processor.

MATCH system features. MATCH offers processing banks the following fraud detection features and options for assessing risk:

• Processors can add and search for information about up to five principal and associate business owners per merchant.
• Processors can designate regions and countries for database searches.
• MATCH uses multiple fields to determine possible matches.
• MATCH edits all data and notifies inquiring processors of errors as records are processed.
• MATCH supports retroactive alert processing of data residing on the database for up to 120 days.
• Processors determine whether they want to receive inquiry matches, and if so, the type of information the system returns.
• MATCH processes data submitted by processors once per day and provides daily detail response files.
• Processors can access MATCH data online in real time.

An inquiring processor can contact the listing processing bank directly to determine whether the merchant that is being reviewed is the same merchant previously reported to MATCH, terminated, or inquired about within the past 120 days.

MATCH database searches. MATCH searches the database for possible matches between the information provided in the inquiry and the following:

• Information reported and stored during the past five years.
• Other inquiries during the past 120 days.

MATCH searches for both possible exact matches and possible phonetic matches. All positive MATCH responses are considered “possible matches” because the search mechanisms cannot guarantee a true and exact match with absolute certainty. There are two types of possible matches, including a data match (for example, name to name, address to address) and a phonetic (sound-alike) match made using special software. It is up to the inquiring processor to determine whether a possible match is trustworthy.

MATCH searches return the first 100 responses, including all terminated merchant MATCH responses, regardless of the number of possible matches.

Merchant records remain on the MATCH system for five years. Each month, MATCH automatically purges any merchant information that has been in the database for five years.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

When designing a reservation policy for your car rental company, you need to take into account the high-risk characteristics of the credit card transactions you will be processing.

More specifically, you will need to take into consideration two transaction features:

• Future delivery of the service. Your customers will be reserving cars in advance, often weeks or months ahead of time. In the interim, their plans can change, in which case their reservations may need to be modified or canceled. You will have to be prepared to handle such situations and all cancellation and modification rules and fees must be clearly disclosed to your customers at the time the original booking is made. You should require that your customer accepts these rules by clicking on an “Accept” or “Agree” button under the disclosure statement, before the reservation is complete.
• Incidental and additional charges. Your customer may have forgotten to fill up the gas tank, or the rental period may have been extended. In such cases and if the final transaction amount exceeds the originally authorized amount by 15 percent or more, you must request an incremental authorization approval for the additional amount, before submitting the transaction for settlement. On the other hand, if the originally authorized amount exceeds the final transaction amount, you will have to submit an authorization reversal for the difference.

When designing your website and the information submission form that your customers will need to fill out during the reservation process, consider the following suggestions:

• Require website membership to book car reservations. By requiring that your customers become members of your website, you can collect additional information that can help you assess risk. When setting up member profiles:
  • Verify the provided information before storing it.
  • Implement strong security measures such as secure data storage and limited employee access to protect sensitive information.
• Collect and store reasons for renting cars. During the reservation process on your website, ask customers to provide the reason for renting a car, such as business travel, leisure travel, car repair, or weekend excursion. Store this information in the customer’s history, as well as in the booking record. Rental reasons can help you in the risk assessment process. For example, a rental due to car repair is typically less risky than one due to leisure travel.
• Collect, verify and store customer email addresses. During the reservation booking process, ask customers to provide an email address. These email addresses should be verified before being stored because an invalid email address may be a risk indicator. Send the reservation’s confirmation number (see below) to the provided email address.
• Issue a confirmation number for each reservation. Issuing a confirmation number assures customers that their reservation has been successfully processed. Make sure that your reservation system can support inquiries from customers who may contact you to confirm their bookings, so that your customer service representative can quickly pull up the information by entering the confirmation number.
• Require a waiting period of at least four hours between reservation and pick-up for new customers. You will need this extra time to verify the validity of the cardholder and his or her card before the service begins. This is especially important for new customers with no track record with your company.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).