Card not present transactions have always been more susceptible to fraud when compared to face to face transactions. Signatures are not captured at the time of sale and most transactions will be finalized without a signature. In certain ecommerce settings where products are shipped, it is possible for the merchant to request a signature from the customer; however this is a rare occurrence happening mainly on larger orders. When a signature is not received for a transaction it puts the risk on the merchant. If that transaction is ever charged back there is a high chance the merchant will lose the chargeback when disputed.
There are two types of card not present fraud that merchants will experience.
* Card Theft
* Friendly Fraud
A theft occurs when a cardholder’s information has been stolen and another person is trying to use this information to make purchases of products and services. The second kind of fraud is friendly fraud. Though the name implies a harmless occurence, its still very costly to merchants. Friendly fraud consists of the actual cardholder making purchases in a non-face to face setting and charging back the sale after the service or product has been delivered.
Actual fraud is an ongoing battle for every person or organization that; has, uses or accepts credit and debit cards. Banks and payment processors have developed tools and systems for merchants to utilize in order to combat card not present fraud. These programs include; Account Verification Service (AVS), Card Security Verification, Verified by Visa, MasterCard SecureCode System and PCI Compliance.
- Account Verification Service (AVS) – This is the process of verifying the cardholder’s billing address. The address entered by the customer will be checked against the billing address the credit card company has on file. The transaction will decline if the addresses do not match. Face to face merchants are also using this system for verification, normally on larger purchases by having the customer enter their billing zip code at the time of purchase.
- Card Security Verification – This system checks the security value of the card. This is a 3 or 4 digit numeric code that is on the front or back of the card (depending on the card brand). This verifies that the customer has a valid card in their possession at the time of the sale.
- Verified by Visa & MasterCard SecureCode System – These two card brands allow their cardholders to authenticate themselves to their card issuers by using a personal password that is created when a customer enters into this program. This service protects merchants from receiving “unauthorized transaction” chargebacks.
- PCI Compliance – All merchants accepting card payments are required to be compliant with the PCI DSS also known as the Payment Card Security Data Security Standard. It is important to check with your credit card processor to make sure you are “PCI Compliant” to maximize your protection from fraud.
Fighting friendly fraud is more commonsense oriented. There are a number of different tactics that merchants are able to use to minimize their exposure to friendly fraud.
- Always verify the customer’s information. On smaller orders it will be a hassle to verify this information but on larger orders it is recommended to call back the customer’s given number and check the address. This can be easily done by using Google and your phone.
- Be wary of large or odd orders. Do you normally get orders for 10 units or orders totaling thousands of dollars? Offer a discount to be paid a different way. Customers not worried about paying high shipping costs or not asking for discount on multiple units is usually another red flag. In all of my years in the ecommerce product business, I was never scammed for one or two inexpensive units; it is usually a couple expensive items shipped very quickly.
- Negative File – Keep a file of every chargeback you have received that actually was fraud. If the chargeback was your fault it should not go in this file. Regularly review this with others in your business that charge cards and refer to it often if an order appears to be fraudulent.