The Green Sheet Online Edition

September 10, 2012 • Issue 12:09:01

How to help merchants counter fraudulent orders

By Bill Hoidas
Matrix Payment Systems

With the ever-growing problem of identity theft, fraud is of increasing concern to merchants, especially those in the MO/TO and e-commerce categories. Some merchants take an unreasonable approach and say they want a 100 percent guarantee that if they do next-day or same-day delivery with customers they don't know, they'll never have a chargeback. To that, I reply the dream factory is located in their nearest casino.

Nowadays, it's relatively easy for thieves to make credit cards and enter data they steal via skimming. Machines to make physical credit cards can be obtained for as little as $865. MO/TO and e-commerce merchants are prime targets for these identity thieves.

So how are merchants supposed to know if a new client's credit card is legitimate? I suggest they take the following steps:

• Determine whether the cardholder's street address, ZIP code and cardholder verification value match the information given by the purchaser.

• If the information matches - and only if it is a physical delivery - require the cardholder's signature with delivery.

• Have cardholders sign credit card authorization forms, provide copies of their driver's licenses, as well as the front and back of credit cards.

If a cardholder doesn't have ready access to a fax machine, one company has devised a way to get signature and ID images. RightSignature LLC (https://rightsignature.com) provides the technology to enable customers to create digital signatures online.

Use every available means to ferret out fraud

The merchant should always ask the purchaser for a phone number and call the number provided to confirm the order. In 90 percent of cases, the fraudster will provide a phony or disconnected number.

The merchant should also call the issuing bank's phone number on the back of the card image. In fraud cases, the phone number usually doesn't correspond to the name of the issuing bank on the front of the card.

It's a good idea to request an email address. It can tell a lot about the purchaser. Ideally, the email address will be similar to the cardholder's name. For example:

• John Smith's email is jsmith@gmail.com. This is good.
• John Smith's email is enerygyman@comcast.net. This could be bad.
• John Smith's email is istealstuff@yahoo.com. Red flag!

In addition, the merchant should do an Internet search on the email address. Often, fraud related to that address will show up in the results. And the merchant should do a search on the purchaser's name, address and ZIP code for indications of fraud. Information will usually be available and provide the customer's professional associations and other clues.

For looking up a person by name to see if the information he or she provided is accurate, use Spokeo.com. This service is free, but for $3.95 per month you can get more detailed reports. Or use PeopleSmart.com. For looking up the location of sender's IP Address, use www.ip-address.org.

Take it even further

If the customer comes to pick up merchandise, the merchant should give it only to the cardholder and require a driver's license or other valid form of identification. If the merchant has already run the card as a MO/TO, he or she should require the customer to swipe the card used on a manual imprinter and sign the slip. A signed card receipt is as good as or better than a terminal-swiped receipt.

To get issuing-bank information for U.S. and foreign cards, use these contact numbers:

• Visa Inc.'s Merchant Verification Service: 800-847-2750, an automated line. Option 1, address verification: enter the numeric portion of the street address, ZIP code and card number. It will tell you if they match. Option 2, issuing bank phone numbers: Enter the card number, and it will provide you the 800 number for the issuing bank. Call and verify the name on the account.

• Visa's International Address Verification: 800-228-1122.

• MasterCard Worldwide Assistance: 800-622-7747 (to obtain issuing bank phone number). It provides a phone number for the bank identification number range. For English, press 1. Then, for merchants press 2.

• Discover Financial Services' Address Verification: 800-347-7988, an automated line. You will need your merchant number. It verifies only a card member's address.

• American Express Co. Address Verification: 800-528-2121. Choose option 3 to verify name and address.

• International Credit Card Verification, International Telex Verification. To use this, call Visa's normal card authorization phone number and hold for an agent. Don't press any selection for a destination. Just wait. I waited nearly three minutes. Once on the line, agents will request cardholder information and the address you have. They will also ask for your merchant number. If the issuing bank is not immediately available, a telex operator will make contact or will take down all appropriate information and contact the merchant after the issuing bank has responded.

Many merchants call an authorization phone number if they get a decline or nonmatch from the address verification system. No authorization "genie" will answer the phone. Calling will not change a decline or AVS nonmatch.

The U.S. Department of Justice recently reported seizing 36 websites or domain names that allegedly dealt in stolen credit card numbers. The federal action was part of an international effort.

Stolen card information can be purchased on these types of sites for as little as $3.50 per number.

Merchants sometimes take the view that issuing banks should know which cards have been stolen and warn merchants. But how could banks possibly know until cardholders report unauthorized charges on their accounts?

Merchants also claim that banks should reimburse merchants when stolen credit cards are used. This is a double-edged sword. Banks aren't always the good guys. But if they reimbursed for losses, many merchants wouldn't bother to screen out fraudulent orders.

Fight the kickback trend

In the last six months, some of my merchants have answered chargebacks with full documentation, only to have the issuing bank frivolously kick back the chargeback as a "pre-arbitration" for a decision.

Often, it's a clear example of allowing a chargeback to continue, although even a child could see that the cardholder is just trying to rip off the merchant.

I feel that legal pressure should be put on card issuers to rectify this. I suggest my merchants contact an attorney when this occurs, and I can recommend to readers an attorney with expertise in this matter.

Merchants should be aware of the facts regarding chargeback replies that come from card issuers.

• Chargebacks sent back for pre-arbitration go back to the issuing bank for a decision.
• Only chargebacks sent for "arbitration" are decided by MasterCard or Visa for final rulings.
• Merchants can go to the card brands' websites and file complaints if they disagree with final arbitration rulings, but they are not allowed to ask for reviews unless the amount is over $5,000. And they usually have to put up 25 percent of the amount pending review. Fees are incurred at all stages.

Meanwhile, merchants should reply to all chargebacks in as much detail as possible. Recently, one of my merchants told me he had answered a chargeback in detail. The copy he sent me of his reply showed otherwise. Following is my guidance to him and to all merchants on the best way to reply to chargebacks.

In an era of frivolous bounce-backs on chargeback replies from issuing banks, ISOs need to document things well and in a professional manner. Don't just circle items and write remarks. Print out supporting documentation and include each item on a separate document.

Put your remarks in a cover letter, not just written here and there on the supporting printouts. While documenting everything, highlight pertinent points in the chargeback documents. Make your replies look as professional as possible.

Build a strong fortress against chargebacks

The merchant's website should list the exact products and the price the customer pays, including all charges and fees such as shipping and tax. There should be a click-to-agree icon before customers can enter orders. If the merchant receives a chargeback, he needs to include in his reply a screenshot of any click-to-agree pages.

Finally, merchants should be reminded that they are business people. They have to make the final decision as to:

• How much risk to take.
• How worthwhile it is to spend their time fighting chargebacks, especially the small ones, just to prove a point.
• Whether they will view smaller chargebacks as a cost of doing business, similar to shrinkage in retail.

Bill Hoidas is a Director for Matrix Payment Systems, a leading ISO specializing in larger MO/TO, e-commerce and retail accounts. Bill has been in the industry for seven years and can be reached at bhoidas@gmail.com.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next