Entries tagged with “chargebacks”.


“When good people…cease their vigilance and struggle, then evil men prevail.” - Pearl S. Buck

When I was learning to ride a motorcycle my instructor gave me one piece of advice that always stayed with me.  He said “keep your head on a swivel.”  In other words, while I had to make sure that I was doing everything I should be doing, I also had to make sure that I was constantly looking out for what other people may be doing.  That way I could correct my course, or at least take some action to ensure that what the other people were doing wouldn’t put me in danger.  While this is certainly good advice for riding motorcycles, it is also good advice for data security.  It may seem like a stretch, but bear with me.

In securing our customers’ payment data, we have a guideline (actually a set of fairly stringent requirements) in the form of the Payment Card Industry Data Security Standards (PCI DSS).  To learn more about these standards visit this site.  Following these guidelines ensures that we are doing what we “should” in terms of protecting the data.  But that doesn’t mean that others won’t be taking action to put you (and your data) in danger – in the form of data compromise.  That means that you have to stay vigilant for what others might be doing – “keep your head on a swivel” –  to ensure that you are addressing newly identified risks and vulnerabilities that may not be addressed by the guidelines.

Recent trends indicate that small merchants are increasingly becoming targets of data thieves.  In a recent interview, Vantiv Vice President David Mattei stated, “…now we’re seeing an increase in the number of breaches in which smaller numbers of cards are compromised. Small, independent merchants are being targeted because of the ease with which fraudsters can compromise those payment systems.” That means that as small merchants, even if we are PCI DSS compliant, we must remain vigilant against potential attack.  One way to foil the fraudsters in this case is with the use of a P2P Encryption and tokenization solution. In this instance, the data is removed from the merchant system and replaced with “tokens,” or abstract representations of the cardholder data.  While merchants can still use the data to run reports, issue refunds or fight chargebacks, data thieves would find the tokens to be worthless.

The lesson in all of this is that we must remain on guard against new threats, even if we are doing everything “by the book.”  Leveraging secure technologies like tokenization can help ease the burden of compliance and render you and your customers more secure in the long run.

Sometimes it is the small things that make a difference.  I had a conversation with a friend last week about the pros and cons of using a payment aggregator for processing, as opposed to a traditional merchant account.  While we had a pretty lengthy discussion ranging over a variety of topics, there was one detail that stuck in my colleague’s mind.  I had asked how her merchant name shows up on receipts.  She hadn’t thought about that before and said she was going to go back and check it out.  Sure enough, she said, the merchant name showed up as something that even she would have found difficult to recognize as her business.  Why does that matter?  One word – chargebacks.

Often when customers don’t recognize the name on their statement, they will call their issuing bank and chargeback the purchase. If your merchant name is not immediately recognizable to customers on their statements, you run the risk of getting hit with unnecessary chargebacks.  Not only does this result in one-time charges and fees to the merchant, but repeated chargebacks can result in increased fees and may even cause processors, whether traditional processors or aggregators, to suspend the merchant’s ability to process payments.

This is a fairly easy thing to check, and to fix.  If you are unable to change your merchant name, and there are some legitimate reasons why that might be the case, then make sure your customers know what to look for on their statements.  This can be done either as a message on the receipt or on your website.  If you have a storefront, you may place a sign next to the register.  Anything that might reduce the likelihood of confusion on your customers’ part can help you reduce the likelihood of chargebacks.

Another year has flown by and the busy season at ProPay is about to begin. We want our merchants to have a successful and stress free holiday season. This is the perfect time to make sure our merchants are up to date on the latest fraud schemes. A fraudulent buyer, chargeback or theft of data can put a damper on your end of year sales.  Here are just a few of the most prevalent fraud trends today.

Spam— Unsolicited email, possibly fraudulent from a company that you didn’t authorize to send you messages.

Phishing/Spoofing— Phishers will impersonate a legitimate company by sending fake emails or creating fake Web sites in order to acquire your personal information—like PINs, credit card or bank account numbers.

Spyware— Software that records your personal information without you realizing it. Several anti-spyware software programs are available to combat spyware.

E Commerce Fraud- Before you buy anything online, ask yourself if the site is legitimate. Look seal from trusted companies that have certified the site as safe and secure. If the deal sounds too good to be true, it probably is.

Get-out-of-debt fraud— Many online debt elimination resources are fraudulent. Be wary. Investigate them thoroughly. If they aren’t a legitimate 501(c)(3) nonprofit organization, then it’s likely that they’re trying to take advantage of your debt-related vulnerability.

International schemes— Don’t respond to emails that suggest you have won or inherited money from someone in a foreign country—Nigeria and Eastern European countries are where many of these emails originate. And any scheme that asks you to give advance money for a larger sum in return is too good to be true, and will always be fraudulent.

Evil twin— A fake Wi-Fi network set up near to and often using a similar name as a real public Wi-Fi network, like those in libraries, parks, and coffee shops. If you unknowingly join the evil twin network, the criminal behind it will have access to all of the information on your computer.

Take a few moments to review this list and to research other fraud trends that could impact you and your business. The small investment of time will be worth it in the long run. Here’s to a successful holiday season and a strong push to the finish line in 2011.

As you read and familiarize yourself with the payment card industries risk and fraud best practices there are several ideas and theories that certainly can and do help mitigate risk.  Although, one such practice often seems overlooked, card transaction declines.  Card transaction declines can be very insightful and help prevent chargebacks and losses.  This practice, like many others, just takes a little bit of time and understanding to develop.

Decline reason codes are a first line of defense against fraudsters using stolen cards.  “Hold-Call” or “Pick up Card” decline codes are obviously very direct and paint a clear picture for a merchant.  Merchants who understand these messages and can tie them to more than just one specific transaction will have discovered a great tool in helping eliminate disputes.   The ability to tie these decline codes to a customer, IP address, physical location, or the like will be able to not only avoid the initial fraudulent order, but will be able to prevent the fulfillment of orders to the seemingly endless supply of other stolen cards a fraudster may be using.

Unfortunately not all declined card transactions are as clear as the codes described above.  In those instances rates and velocities can be very useful.  Decline rates can vary greatly from merchant to merchant, but certainly should not be overlooked.  Excessive card declines from a specific IP address, physical location, city, state, or even for a specific item you are selling should all be red flagged.  This will allow you to take a closer look at certain transactions and customers, giving you a greater opportunity to more thoroughly review those higher risk instances.

Accepting credit and debit cards is an excellent way to grow your business and increase customer satisfaction. However, it can increase the possibility of fraud or disputed transactions. Cardholders can dispute a transaction up to 120 days after making the purchase. Such a dispute is called a chargeback.

ProPay has outlined 3 simple ways to protect you from chargebacks:

 

1. Communicate with your customers what will appear on their credit-card statements.

Sometimes customers don’t recognize a charge on their statements and dispute the transaction with their issuing bank.  When a chargeback occurs those funds are removed from your account and a fee is charged. Let your customers know in advance exactly what will appear on their statements. Your phone number will also appear with the transaction giving the customer the ability to contact you if they have questions. It is also a good idea to encourage your customers to communicate their card purchases to their spouses or significant others to avoid confusion.

2. Gather detailed documentation on every sale.

If one of your customers issues a chargeback, they conditionally have the transaction amount returned to them. However, if you have detailed documentation of your sale, you can issue a rebuttal to get your have the funds returned to you.  The better your documentation, the better your chances of winning your rebuttal. Detailed documentation should include a receipt signed by the cardholder. Order forms, invoices, and bills of sale are also effective.

3. Verify your customer’s address, especially if you’re shipping, or don’t have an established relationship.

Sometimes your sales are not face-to-face, and your customer asks to have products shipped to them. Without a way to get a signature or to view the actual card you may not be completely comfortable with a particular customer or transaction. A good way to protect yourself is to verify your customer’s address.

When you process a card transaction, you will enter your customer’s billing address. The results of the address verification will appear after the transaction is submitted. The transaction will still be completed but if you are uncomfortable with the results, you may immediately void the transaction, contact your customer to get the correct address, and re-submit the transaction. A list of these codes, known as the Address Verification Service or AVS, can be found on our website at www.propay.com