E-commerce is an ever-changing beast. Consumers are interacting and engaging with brands through multiple and ever-growing touch points. And because of that, they are also purchasing from eCommerce sites over multiple channels. And new and unique ways to engage with customers are being developed at record pace. But the one thing that stays consistent across channels is that the transaction is always a CNP, or card-not-present transaction.
As I'm sure you’re already aware, a CNP transaction is when a merchant accepts payments online without the physical payment card present. There is no person standing in front of an associate presenting their card and signing for their purchase. There are many types of CNP transactions, including online, of course, but also mobile commerce, mail order, or by telephone.
Unfortunately, this type of behind-the-scenes transaction opens the door to a higher risk of eCommerce fraud and chargebacks. And when you attract fraud or have a higher number of chargebacks, it can mean you need a high risk merchant account.
Sophisticated fraudsters can hack into sites and steal sensitive cardholder payment data. They can also buy 1000s of stolen card numbers on the dark web. The best way to fight fraud is by creating a proactive risk management strategy.
But it’s also important to implement policies and procedures for every sale that improve customer service and, ultimately, reduce chargebacks.
Any business accepting card payments should implement and follow Best Practices for making the sale, accepting cardholder data, and transacting the purchase. In this article, we’ll discuss tips for managing eCommerce fraud and Best Practices for accepting payments online safely.
5 Best Practices for accepting eCommerce payments
PCI Compliance FirstI cannot impress upon merchants enough how important PCI compliance is. Online merchants must follow the PCI Data Security Standards set for accepting payments. And they must be sure to conduct ongoing monitoring by completing their annual PCI Compliance requirements.
The Payment card Industry created this protocol to help merchants store, manage, and protect cardholder data during transactions. Do not store cardholder data on your own web servers. Most Merchant Service Providers are already Level 1 PCI DSS compliant, the strictest level of compliance. Your PCI Compliant Payment Gateway gathers, tokenizes and encrypts, and stores all sensitive data for you. This relieves the merchant of much of the burden of PCI Compliance right off the bat.
Beyond that, completing your annual PCI Compliance Self Assessment Questionnaire will help identify weak points in your own security.
Employ and Utilize Advance Security MeasuresRequire AVS and CVV on every transaction. Address Verification Service matches the billing address given during the transaction with the one on file with the card issuing bank. Card Verification Value is the 3-digit number on the back of most credit cards. American Express, however, has a 4-digit number on the front of the card, just above the card number.
This is one of the first lines of defense against stolen cards. Fraudsters will often steal card numbers and expiration dates, but they may not get the address or the CVV code from the card. This information will also come in handy when fighting chargebacks.
Online merchants may want to consider using enhanced anti-fraud programs such as Verified by Visa or Mastercard’s Identity Check. With these programs, enrolled cardholders must enter a private code to complete a transaction. This reduces successful fraud attempts because fraudsters would not have access to this code.
Employing these as an additional authentication step can also serve to reduce chargebacks. It is much harder for the customer to claim they didn't make a purchase when they had to enter their code to complete the purchase.
Consider requiring additional contact and verification information from customers. If you offer an option to create an account, request both the customer’s phone number and email address. Even if a customer checks out as a guest, this information can help you verify a valid purchase or support a chargeback filing.
Rules-based Fraud Detection
Set rules-based fraud detection parameters and manually check any transactions that trigger a red flag. This will help detect common “red-flags” for potentially fraudulent online purchases.
Some common red flags include:Shipping address doesn't match billing address
Unusually large purchase order
Shipping to a foreign country
Multiple separate orders to the same shipping address
This is just a few of the common ways to detect potential fraud. It's also important to remember that any one of these red flags does not automatically denote fraud. A flag just gives the merchant the power to review a transaction before it becomes a problem.
Manage chargebacks and protect yourself from “friendly fraud”.Chargebacks are the result of a customer disputing a charge on their credit card statement. Real fraud and “friendly” fraud both result in increased chargebacks for the merchant.
For merchants, chargebacks are time-consuming and costly. Too high of a chargeback ratio can jeopardize your merchant account. If a merchant’s chargeback ratio exceeds the limit set by the card brand, it could result in substantial fines and even merchant account closure.
According to the LexisNexis 2020 True Cost of Fraud Study, it costs merchants $3.36 in revenue for every $1 lost to fraud. The study also shows that fraud continues to increase at a steady rate, as do the costs associated with it. Reducing chargebacks must be a top priority for online merchants. Fortunately, there are a few Best Practices that merchants can implement to help lower their incidence of chargeback filings.
One of the first lines of defence is to craft and post clear Business Policies. This will include policies for billing and shipping, refunds and returns, and privacy policies. Having these posted clearly for customers will support you and your credit card processor fight and win chargeback filings and representments.
Keep consistent and ongoing communication throughout the sale and fulfillment process. Sending order confirmation, shipping updates, and tracking information helps to solidify the sale with the customer. It also gives you increased purchase proof in the event of a wrongful chargeback. Make sure to include your well-crafted Policies in each correspondence, either in the content or through a link to the web page.
Make it easy for customers to contact you. Prominently display your contact information on your website, on email and order confirmation correspondence, and on shipping materials. When it seems too difficult to contact the business about a dispute, consumers turn to their cardholder protections. Rather than jump through hoops, it is much easier to call their card brand and file a chargeback.
When refunding a customer, process the refund as promptly as possible. Once the refund has processed or a membership is cancelled, promptly send a notification in writing to the customer. Be sure to include the transaction date and a reference number for the refund.
Make sure your business name and billing descriptor are consistent. One of the main reasons good customers file a chargeback is because they don't recognize the store descriptor on their statement. E-commerce merchants want to check that their business name and phone number are clearly printed on the cardholder’s statement. Merchants should verify this with their processor. But they can also check it by running a test transaction and looking at their own statements.
Chargeback prevention alerts are another line of defence against friendly fraud. Prevention alerts notify the merchant of a chargeback filing immediately. This gives the merchant time to resolve the dispute with the customer before it becomes a chargeback. Not only does this help reduce your chargebacks, it also gives merchants the opportunity to provide superior customer service.
Partner with a trusted Merchant Service Provider
Working with an experienced Merchant Service Provider (MSP) is the first rule for accepting payments online. An experienced MSP understands the risks of CNP transactions. They will be able to better advise you on the best ways to protect your unique business model.
You may not think of your business or product as needing a high risk merchant account. But the risks of CNP transactions and propensity for online fraud create a risky situation for all eCommerce businesses.
At Bankcard International Group, we specialize in high risk industries. Our team of ETA Certified Payments Professionals is highly educated and highly experienced with the solutions for today’s complex payments environment. And we have a wide selection of risk management tools, from minimal to the most advanced.
At B.I.G., you won’t find cookie cutter, one-size-fits-all-solutions. Our primary focus is to find the best solution for your individual business needs. And then continue to support those needs as they change and your business grows.
If you're looking for a trustworthy and experienced Merchant Service Provider, call us. We have the solutions you need, the service you deserve, and the transparent rates you expect. Welcome to the B.I.G. family!