At UniBul Merchant Services the great majority of our clients are e-commerce and mail order or telephone order (MO / TO) merchants. We get to speak to people from many businesses and non-profits that accept payments in a non-face-to-face setting which, incidentally, is how we get many of the ideas for our blog posts.
A recent conversation with the owner of a medium-sized provider of SAT preparatory courses reminded me that I needed to write a refresher course on credit card acceptance over the phone. It has been a while since we have written anything on this topic and there are a few new things that need to be added to what we’ve already said.
How to Process MO / TO Credit Card Payments
Your primary objective when accepting payments over the phone or in the mail must be to verify the cardholder’s identity and the validity of the card. To that end, you will need to implement the following procedures into your payment processing cycle:
- At a minimum, you should always collect the following information from your customer:
- The entire card account number.
- The cardholder’s name, as shown on the card.
- The card expiration date, as shown on the card.
- The cardholder’s billing address.
- The card security code (CVV2, CVC 2 or CID, depending on the brand).
- Ask if the card has a start date and if so, record it.
- Ask for a contact phone number. Ideally, you would want to obtain a land line phone number, which you can much more easily verify through directory services.
- Ask for the name of the card issuer.
- If you are taking an order over the phone, make a note of:
- The date and time of the conversation.
- The details of the discussion.
These details can come in handy during a follow-up conversation, but also in case of a dispute later.
- If you are taking an order by mail or fax:
- Always ask for a signature on the order form. Notate the field as mandatory.
- Save a copy of the order.
- Get proof of delivery.
Your processor may also request that additional details are obtained. Contact them and ask what their requirements are. There is usually a good reason for that.
- Use the Address Verification Service (AVS) for all of your transactions. Verifying whether the billing address provided by your customer matches the one on file with the issuer is an important indicator that should be part of your fraud prevention process. It is a simple and inexpensive service and there is absolutely no reason not to use it.
- Implement a fraud screening process, which would, if certain pre-defined high-risk characteristics are discovered, suspend the processing of the transactions at issue and set them aside for a more detailed review. Whether proprietary or provided by a third-party, your fraud screening mechanism should use the following elements as trigger points for the suspension of a transaction:
- Match with information in your internal negative file.
- Exceeding your internal velocity limits and controls.
- An AVS mismatch.
- A security code mismatch.
- International shipping address.
- International IP address.
- Shipping address that is different from the billing one.
- High-risk shipping address, such as P.O. boxes, prisons, hospitals and addresses with known fraudulent activity.
When developing your own internal policies for processing credit card transactions (yes, you do need to do that!), you should adjust the above procedures to address your particular circumstances. Then you will need to provide adequate training to all of your employees.
Image credit: Cocard.info.