By Bill Hoidas
Matrix Payment Systems
With the ever-growing problem of identity theft, fraud is of increasing concern to merchants, especially those in the MO/TO and e-commerce categories. Some merchants take an unreasonable approach and say they want a 100 percent guarantee that if they do next-day or same-day delivery with customers they don't know, they'll never have a chargeback. To that, I reply the dream factory is located in their nearest casino.
Nowadays, it's relatively easy for thieves to make credit cards and enter data they steal via skimming. Machines to make physical credit cards can be obtained for as little as $865. MO/TO and e-commerce merchants are prime targets for these identity thieves.
So how are merchants supposed to know if a new client's credit card is legitimate? I suggest they take the following steps:
If a cardholder doesn't have ready access to a fax machine, one company has devised a way to get signature and ID images. RightSignature LLC (https://rightsignature.com) provides the technology to enable customers to create digital signatures online.
The merchant should always ask the purchaser for a phone number and call the number provided to confirm the order. In 90 percent of cases, the fraudster will provide a phony or disconnected number.
The merchant should also call the issuing bank's phone number on the back of the card image. In fraud cases, the phone number usually doesn't correspond to the name of the issuing bank on the front of the card.
It's a good idea to request an email address. It can tell a lot about the purchaser. Ideally, the email address will be similar to the cardholder's name. For example:
In addition, the merchant should do an Internet search on the email address. Often, fraud related to that address will show up in the results. And the merchant should do a search on the purchaser's name, address and ZIP code for indications of fraud. Information will usually be available and provide the customer's professional associations and other clues.
For looking up a person by name to see if the information he or she provided is accurate, use Spokeo.com. This service is free, but for $3.95 per month you can get more detailed reports. Or use PeopleSmart.com. For looking up the location of sender's IP Address, use www.ip-address.org.
If the customer comes to pick up merchandise, the merchant should give it only to the cardholder and require a driver's license or other valid form of identification. If the merchant has already run the card as a MO/TO, he or she should require the customer to swipe the card used on a manual imprinter and sign the slip. A signed card receipt is as good as or better than a terminal-swiped receipt.
To get issuing-bank information for U.S. and foreign cards, use these contact numbers:
Many merchants call an authorization phone number if they get a decline or nonmatch from the address verification system. No authorization "genie" will answer the phone. Calling will not change a decline or AVS nonmatch.
The U.S. Department of Justice recently reported seizing 36 websites or domain names that allegedly dealt in stolen credit card numbers. The federal action was part of an international effort.
Stolen card information can be purchased on these types of sites for as little as $3.50 per number.
Merchants sometimes take the view that issuing banks should know which cards have been stolen and warn merchants. But how could banks possibly know until cardholders report unauthorized charges on their accounts?
Merchants also claim that banks should reimburse merchants when stolen credit cards are used. This is a double-edged sword. Banks aren't always the good guys. But if they reimbursed for losses, many merchants wouldn't bother to screen out fraudulent orders.
In the last six months, some of my merchants have answered chargebacks with full documentation, only to have the issuing bank frivolously kick back the chargeback as a "pre-arbitration" for a decision.
Often, it's a clear example of allowing a chargeback to continue, although even a child could see that the cardholder is just trying to rip off the merchant.
I feel that legal pressure should be put on card issuers to rectify this. I suggest my merchants contact an attorney when this occurs, and I can recommend to readers an attorney with expertise in this matter.
Merchants should be aware of the facts regarding chargeback replies that come from card issuers.
Meanwhile, merchants should reply to all chargebacks in as much detail as possible. Recently, one of my merchants told me he had answered a chargeback in detail. The copy he sent me of his reply showed otherwise. Following is my guidance to him and to all merchants on the best way to reply to chargebacks.
In an era of frivolous bounce-backs on chargeback replies from issuing banks, ISOs need to document things well and in a professional manner. Don't just circle items and write remarks. Print out supporting documentation and include each item on a separate document.
Put your remarks in a cover letter, not just written here and there on the supporting printouts. While documenting everything, highlight pertinent points in the chargeback documents. Make your replies look as professional as possible.
The merchant's website should list the exact products and the price the customer pays, including all charges and fees such as shipping and tax. There should be a click-to-agree icon before customers can enter orders. If the merchant receives a chargeback, he needs to include in his reply a screenshot of any click-to-agree pages.
Finally, merchants should be reminded that they are business people. They have to make the final decision as to:
Bill Hoidas is a Director for Matrix Payment Systems, a leading ISO specializing in larger MO/TO, e-commerce and retail accounts. Bill has been in the industry for seven years and can be reached at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next