|
Following a few best practices can help reduce risk to you and your customers. Please keep in mind that these are only a summary of common card brand best practices and regulations; however card acceptance, processing and chargeback procedures are subject to change. The card brands publish summaries of the regulations for businesses accepting payment cards. Some of these summaries may be accessed at www.visa.com and www.mastercard.com, while American Express and Discover regulations may be accessed at www.tsystransactionsummary.com/tsysonline.
Always check the card's security features: Authorize every transaction. All point-of-sale transactions require an authorization. If the card is declined, ask for another form of payment. Attempt to swipe every card. Always run cards through your point-of-sale terminal. If the card cannot be read, obtain a manual imprint of the card. Always use a manual imprinter if the card is key entered. When using a manual imprinter, check the draft for a clear impression. This will ensure that you have captured the embossed card account number. Complete the transaction by manually adding the date, description of merchandise/service, sales tax, total dollar amount, authorization number and signature. The customer must sign this imprinted sales draft. Your terminal may also prompt you to complete address verification by entering in the billing zip code of the cardholder. Obtain the customer's signature. Compare the name, account number and signature on the back of the card to those printed on the receipt. If the customer's card is unsigned, request another form of identification with a photo and signature. Request that the customer signs the card and then compare the signatures. If the customer refuses to sign, inform them you are unable to accept an unsigned card for payment and request another form of payment. Hold the card until the transaction is complete. This enables you to complete all of the security checks without having to ask the customer for the card back for a signature comparison or possible "call center" procedure. Publish your refund policy near the signature line of the transaction receipt. Return funds only to the credit card that made the purchase or issue in-store credit. Do not issue cash for purchases originally made with a credit card. Truncate card numbers on receipts. Be certain that only the last four digits of the card numbers are displayed on the cardholder's receipt. Also be sure the expiration date is not present on the cardholder's receipt. Settle batches daily. Transactions not settled in a timely manner can result in higher processing costs. Pay close attention to the following, they may indicate fraud: - Large purchases at opening or closing time
- Attempts to rush the sale or create a distraction
- Purchases of several items without checking size, color or price
- Purchases of large items without asking questions
- Purchases of big ticket items (easy resale items), then returning to purchase more
Authorize every sale on the order date. Authorizations are valid for a specific number of days: Visa - up to 7 days, MasterCard - up to 30 days. Merchandise must be shipped and sales must be deposited within these timeframes or the authorization will expire. If your shipping date exceeds these timeframes, obtain a new authorization code before shipping the merchandise. Record the card account number on the sales draft. Remember: A Visa card number begins with a "4" and has 13 or 16 digits. A MasterCard card number begins with a "5" and has 16 digits. Diners Cards starting with a "36" and having the MC brand mark on the back must be accepted by any merchant accepting MasterCard. These transactions will be processed as a MasterCard. Truncate account numbers on customer copies of sales drafts. Never send a sales draft via mail or email with the entire card number present. Transaction receipts should only display the last four digits of the card number. Ask for both a billing and shipping address. If the addresses are different, determine whether the differences seem reasonable Ask for the customer's phone number. The phone number enables you to call the customer for various reasons: to inform him or her that merchandise is back ordered, to request another form of payment if the authorization is declined, or to verify information if the caller seems unclear about address details. Use the Address Verification Service (AVS). AVS is a simple check that compares the address information provided by the customer during the order process to the statement billing address of the cardholder. If the customer cannot at least identify the zip code, the transaction should be further analyzed. While this is not a guarantee against chargebacks, it allows you to make more informed decisions before shipping. Contact TSYS Merchant Solutions Risk Department at 1-800-228-2443, extension 6767, for more information about using AVS. Verify the CVV2. The Card Verification Value is a 3-4 digit number and may also be referred to as CID or CVC2 depending on the card type. It is printed on the card and can be verified with the Issuer during authorization. Note: The CVV2 number should never be recorded or stored after the authorization is received. Do not deposit sales until the ship date. Visa and MasterCard regulations do not permit merchants to receive payment for sales until the goods or services are delivered to the customer. Obtain an authorization on the order date, but do not deposit the sale until the ship date. Visa transactions for custom-ordered merchandise may be deposited on or after the order date - if the merchant has informed the customer that he will be billed prior to shipping. Mail an order confirmation notice to the cardholder prior to shipping. This will not prevent chargebacks, but may reduce the number of inquiries and ticket requests. Request that your customer service number appear on the customer's credit card statement. Both Visa and MasterCard regulations permit mail and telephone order merchants to place their customer service telephone number where the merchant city would normally appear. This may help the customer recognize the charge when it appears on the statement and reduce the number of ticket requests and disputes. Contact your customer service representative to discuss this option. Examine the card expiration date. Always verify the card has not yet expired. An expired card could impact payment even if settled with a valid authorization. Settle batches daily. Transactions not settled in a timely manner can result in higher processing costs. Do not use an authorization code more than once. If part of an order is shipped and settled, the remaining amount should be reauthorized before it is billed to the cardholder. If a new authorization is not obtained for the remaining amount, it will result in higher processing costs. Pay close attention to the following, they may indicate fraud: - A hesitant caller
- A shaky voice or delayed responses to questions. This may indicate that the caller is not comfortable with the information he is providing
- Rush orders. These are a favorite weapon of "here today/gone tomorrow" schemes
- P.O. boxes and mail receiving services. These may indicate lack of a permanent address
- Above-average transaction orders or amounts. Businesses often know the amount of an average sale. Be wary of those transaction that greatly exceed the norm
- Purchases that can be easily converted to cash. Examples include electronics, jewelry and leather goods
- 1-800 return phone numbers. Be suspicious of toll-free telephone numbers when given as the day or evening phone number. Attempt to get a direct line instead
- Multiple orders in a short period of time. Many business systems show all orders placed to a certain account or unique customer number. Be especially aware of multiple orders.
- Fourth quarter sales. Fraud is always a consideration, but is particularly widespread around the holidays.
- Orders made up of "big ticket" items. These items have maximum resale value and therefore maximum profit potential
- Orders containing several of the same item. Criminals usually select the items with the most resale value. As these items are intended for resale, having more of them increases the criminals' profits
- Orders shipped "rush" or "overnight." Criminals want these items in their hands as soon as possible for the quickest possible resale, and are not concerned about the extra delivery charges
- Orders from Internet addresses offering free email services. For these services, there is no billing relationship and often no verification that a legitimate cardholder has opened the account
- Orders shipped to an international address. A significant number of fraudulent transactions are shipped to fictitious cardholders outside the U.S. Fraud tools, such as Visa Address Verification Service (AVS), cannot validate addresses outside the U.S.
- Orders shipped to a single address, but made on multiple cards. This may indicate multiple stolen cards.
- Multiple transactions on one card over a very short period of time. This could be an attempt to "run" a card until the account is closed.
- Multiple transactions on one card or similar cards with a single billing address, but multiple shipping addresses. This could represent organized activity, rather than one individual at work
- Multiple cards used from a single IP (Internet Protocol) address. More than one or two cards would indicate a fraud scheme to test the current status of their list of stolen card information. If the transaction is approved the thieves know the card number has not been closed or reported lost or stolen.
Use Verified by Visa and MC Secure Code for e-commerce transactions. Businesses that participate in these programs receive an electronic signature much like a signature received in a face-to-face environment. In this case it is a password set up between the cardholder and their issuing bank. This password is entered after the shopping cart is submitted for purchase. It validates the identity of the shopper and offers the merchant the opportunity to receive better chargeback protection and possibly qualify for reduced processing fees.
 |
