If you operate a retail or e-commerce business, accepting all major credit cards and electronic checks is a required method of customer payment. However, when deciding to accept electronic payments, business owners must also consider the potential cost of fraud. Studies have shown that traditional and online merchants have lost billions in fraudulent transactions. Today, technology provides proven methods to identify and prevent fraudulent transactions.
Fraud can take many forms. It goes without saying that fraud is bad for business. If you process a fraudulent customer order by the time you discover your credit card was stolen, you’ve already shipped the product. Fraudulent orders usually result in a chargeback from the customer’s credit card to your business. Unfortunately, by that time you already delivered and lost your product, you lost the income from the sale and to top it off; you will receive a chargeback fee from your credit card processor. I’m sure we can agree that there is a great need to identify and stop a fraudulent order before your product is delivered. Fortunately for the merchant, there are many steps and processes that can be implemented to reduce and eliminate credit card fraud.
10 WAYS TO REDUCE CUSTOMER CREDIT CARD FRAUD
one. Address Verification Service (AVS) – is a simple and easy process to implement to decrease your chances of accepting a stolen credit card. When you process a credit card transaction; be sure to capture the cardholder’s billing address and zip code. Manual non-swipe transactions (Internet and MOTO) will require you to enter cardholder information. However, card present (swipe) transactions will not. Once you capture the cardholder’s billing address and zip code, you’re ready to process the sale. Your POS system will verify AVS with the card-issuing bank. You may receive a street address match only, a zip code match only, or a street address and zip code match. If you do not receive a match from AVS, you should consider declining the transaction. Approximately 80% of fraudulent transactions in the US are AVS discrepancies. Note that most AVS systems are configurable, so be sure to check your AVS settings. The implementation of AVS can have a great impact in reducing credit card fraud.
two. Card verification (CVV/CVV2) – is similar to AVS. CVV is the 3-digit code on the back of a credit card (4 digits for American Express). Like AVS, CVV is entered at the point of sale. The cardholder’s CVV code is verified by the card-issuing bank when the credit card sale is processed. If you don’t receive a CVV match, you should consider declining the transaction. Online merchants must make CVV a required field.
3. Use a threshold management service – Threshold management allows the merchant to set parameters for the transactions they will accept. For example, transactions can be filtered based on amount of money charged per transaction, number of transactions charged, transaction frequency, average user ticket, etc. Transactions that are flagged as a possible fraudulent transaction will require further review by the merchant. Threshold Management services are usually available as an additional service.
Four. Browse orders for free email accounts – Scammers and thieves like to hide. One of the easiest ways to hide a thief’s identity is to use a free email account. Most fraudulent transactions use a free email service. Merchants should not decline all transactions from a free email service. However, you may want to provide those orders with more scrutiny.
5. Browse orders with a different shipping address than the billing address – The thief with the stolen credit card may have the owner’s billing address and zip code. If so, he will receive a matching AVS and CVV on his order. However, to receive your product they will request that the order be sent to a different address. Merchants should review all orders with a different shipping and billing address. If the shipping address is a foreign country, please pay even more attention to the order.
6. Screen International Orders / Foreign Credit Cards – If your business model requires you to ship to foreign countries, you must obtain an international business account. Since non-domestic orders have a higher fraud rate than domestic orders, having an international merchant account will provide you with a higher level of protection. Additionally, an international merchant account will allow you to settle in the local currency. If you need a domestic and international business account, you must use a load balancing payment gateway. Load Balancing provides the merchant with the ability to use multiple merchant accounts on a single payment gateway account.
7. Understand that an authorization code does not mean that the credit card is not stolen – An authorization code is provided when the transaction has been approved. However, an authorization code simply means that the credit card is valid and has the credit available to process the transaction. Ultimately, as the business owner, it is up to you to decide whether to accept or reject the transaction.
8. Use a fraud protection service in advance – Advanced fraud protection services allow the merchant to block transactions by IP address, country of origin and other fraud filters. Advanced fraud protection services are often available as an additional service.
9. Use a PCI-compliant data storage service – Merchants that have a requirement to store customer credit card data must use a PCI Compliant Data Storage Service. A PCI-compliant data storage service allows merchants to transmit and store customer payment information in a PCI Level 1 certified data facility. Once the customer record has been securely transmitted and stored, the merchant can initiate transactions remotely without having to directly access credit card or electronic check information. This process takes place without the merchant storing the customer’s payment information in their local database or payment application.
10 Review and implement PCI policies (Payment Card Industry Standards) – Merchants can review PCI standards online at pcisecuritystandards.org. If you’re using a PCI-compliant POS solution and don’t store payment data, you’re in good shape. However, merchants should contact their merchant account provider for more information.
Fraud prevention is a necessary activity for traditional and online merchants. Exposing your business to fraudulent transactions and high chargeback rates is bad for business and could cause you to lose your merchant account. Leading real-time payment gateway services provide advanced fraud protection tools. However, many fraud prevention techniques can be implemented at no additional cost.
Main real-time payment gateway services
1. Planetauthorize (US domestic and international)
2. Authorize.Net (United States national)
3. PlugnPay (United States domestic)
4. Skipjack (United States National)
5. Electronic processing network (United States domestic)