October 22, 2012
by David Goodale
How to fight fraud and reduce chargebacks
What is a chargeback?
Before we get into talking about fighting fraud and reducing chargebacks, it's important to first explain what a chargeback is. Most merchants who accept credit card payments are probably already well aware of what a chargeback is and how it can affect their business. But for those who don't know, a chargeback is essentially the reversal of a credit card transaction which is forced by the customer's credit card-issuing bank. Chargebacks are typically initiated by the credit card holder by calling their card-issuing bank to dispute one or more transactions. This can happen for a number of different reasons which will be discussed in detail later on.
Why are chargebacks bad?
Chargebacks are bad for various reasons. Most importantly, they are bad because the funds you collected for the transaction being charged back are taken from your account and given back to the customer. On top of that, the transaction fee that you initially paid to process the transaction is kept by your processor. To make matters even worse, you will be billed a "chargeback fee" for each chargeback that you receive on your account, usually in the range of $20 - $30. And to add insult to injury, in most cases any product that you may have provided is unlikely to be returned.
Visa and MasterCard have guidelines for the acceptable number of chargebacks a merchant can receive. If an account is not properly monitored and chargebacks get out of control the penalties become increasingly worse. If excessive chargebacks occur the card brands have the ability to pass fines onto the credit card processor. If this happens you can be certain that these fines will be passed onto you the merchant. Finally, if the chargeback rate percentage is extremely high your account may be cancelled and your business may be put on the MATCH list, which will make it all but impossible to get a merchant account for your business at any processor. At this point it should be obvious that chargebacks are something to be avoided. As a general rule merchants should have less than 1% of sales result in chargebacks. However, this is relevant to your industry risk, trading volumes and product type. While each processor has its own appetite for risk, typically if your chargeback percentage rises above 2% or 3%, your processor may terminate your merchant account entirely.
On the credit score side of the business, chargebacks don't directly impact your personal credit score. However, if your owe your processor money due to excessive chargebacks and don't pay what is owed, they may eventually refer your account to collections and that will have a negative impact on your credit score.
To sum it up, chargebacks can be very costly for a merchant. You may lose the funds collected from the transaction, incur chargeback fees from your processor, lose merchandise, and potentially even lose your merchant account. Fortuantely, chargebacks can for the most part be avoided with well rounded business practices that we will explore further below.
Why do customers dispute transactions?
One of the main reasons disputes (and ultimately chargebacks) occur is poor customer service. If a customer purchased a product from you and for some reason decides they want a refund, they are likely to call or email you to return the product and get a refund. If you tell them that they cannot return it, they may get upset and dispute the transaction with their credit card issuer. Another example is if they try to get in touch with you to request a refund but cannot reach you through your customer service contact methods - this can also easily lead to a dispute and eventually a chargeback.
Fraudulent use of a credit card is another reason chargebacks occur. Unfortunately, it is not altogether uncommon for credit card numbers to be stolen and used to purchase products and services online. Although most assume that the person whose credit card number was stolen and used to make online purchases is the victim, in actuality the merchants are the real victims. Why? Because the card issuers will protect cardholders by charging back the cost of any products or services that were purchased without the cardholder's authorization.
When credit cards are used fraudulently in this manner, typically the cardholder does not realize the fraud has occurred until days or weeks after the transactions took place, when their monthly credit card statement is received. The customer will notice one or (usually) more suspicious transactions on their credit card statement and will call their card-issuing bank to report them. The bank will dispute all of the unauthorized transactions with the merchants that processed them. As a merchant, if you cannot prove that you delivered the product or service to the card holder then you will likely lose the dispute and the chargeback will be processed.
There is another type of fraud known as "friendly fraud." This is where the actual cardholder has authorized the transaction, but, after receiving the goods or services, tries to get his or her money back by calling the credit card issuer to claim that the transactions were not authorized, or that the products were never received. Just like in the other fraud scenario described above, if you as a merchant cannot prove that the cardholder received the goods or services, then you will likely lose the dispute and end up paying for the chargeback.
How can you detect fraudulent transactions?
Visa has a list of tips published on their website to help merchants identify potentially fraudulent transactions and reduce the risk of becoming a fraud target. According to the list, there are 12 fraud indicators that you should keep your eyes open for. If more than one of the following indicators are present, fraud may be involved:
1. First-time shopper: Criminals are always looking for new merchants to steal from.
2. Larger-than-normal orders: Because stolen cards or account numbers have a limited life span, criminals need to maximize the size of their purchase.
3. Orders that include several varieties of the same item: Having multiples of the same item increases a criminal's profits.
4. Orders made up of "big-ticket" items: These items have maximum profit potential.
5. "Rush" or "overnight" shipping: Criminals want their fraudulently obtained items as soon as possible for the quickest possible resale, and aren't concerned about extra delivery charges.
6. Shipping to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of Canada/U.S.
7. Transactions made with similar account numbers: May indicate the account numbers used have been generated using software available on the Internet.
8. Shipping to a single address, but transactions placed on multiple cards: Could involve an account number generated using special software, or even a batch of stolen cards.
9. Multiple transactions on one card over a very short period of time: Could be an attempt to "run a card" until the account is closed.
10. Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses: Could represent organized activity, rather than one individual at work.
11. In online transactions, multiple cards used from a single IP address: More than one or two cards could indicate a fraud scheme.
12. Orders from Internet addresses that make use of free e-mail services: These e-mail services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account.
These are good indicators of fraud with the exception of number 12. Free email addresses from sites such as Gmail, Hotmail, Yahoo, Live, etc. are extremely common, as many people don't want to be tied to the email address supplied by their ISP. For that reason, merchants shouldn't worry about a transaction where the customer uses a "free" email address.
Another common fraud indicator to add to the list is when the customer has input all of their information in capital letters and / or has omitted information, such as a last name on the order form. This often coincides with a shopper IP address that does not match the country where the credit card was issued.
What are some tools Visa and MasterCard provide merchants with to prevent fraud?
1. Card Expiry: One common tool that issuers use to prevent fraud is the card expiration date. When credit cards are issued they typically have an expiry date of about 3 years. In order to approve a transaction the customer must provide both a valid credit card number and the valid expiry date associated with that number. If the dates do not match then the card issuer will not authorize the transaction.
2. Address Verification Service (AVS): Address Verification Service is used to confirm whether or not the address information provided by the customer matches the billing address on file for the cardholder.
As a merchant, you would ask the customer to provide the billing address as it appears on their credit card billing statement. This information is passed along to the cardholder's issuing bank with the authorization request and a result is passed back to let you know if there is a match, partial match, or no match. Obviously if there is no match this may indicate that the customer is not the actual cardholder and the transaction may be fraudulent. However, a no match could also occur if the customer has recently moved and has not updated their new address with their card issuer yet.
3. 3-Digit Code: Sometimes known as Card Verification Value (CVV or CVV2), this three-digit security number is printed on the back of all Visa and MasterCard credit cards to the right side of the signature panel. This code provides a coded check of the information that is embossed on the card.
The code itself is not embossed on the card, so card imprints will not reveal the CVV code - which means it is not possible for lost or stolen imprints to have this information on it. Additionally, Payment Card Industry compliance mandates that the CVV information collected from customers during checkout cannot be stored. Therefore in the event a website is ever compromised and credit card numbers / expiry dates are stolen, the CVV information will not be present.
Since websites are not allowed to store the CVV code, and imprinters cannot physically copy it, this makes the CVV code match an important way to help ensure that the customer making a purchase on your website or over the phone is the actual cardholder. If the customer can provide a valid card number and expiry date, but not a valid CVV code, this signals that they may not physically have the card in their possession and it could potentially be a fraudulent transaction.
4. Verified by Visa and MasterCard SecureCode: Both of these services are essentially the same, but for marketing purposes Visa and MasterCard have each created their own brand names for it. These services verify a customer's authenticity by redirecting the customer to their financial institution's website where they must input their own personal password to authenticate themselves online. Once this password is input correctly, the customer proceeds back to the merchant's website to complete the checkout process. It is very similar to how a cardholder would set up a PIN code on their debit card with their financial institution and then use that PIN code to authenticate debit transactions at a store.
Once a customer is authenticated by Verified by Visa or MasterCard SecureCode, the merchant is protected from fraud-related chargebacks. This means the cardholder cannot later dispute a transaction with their issuing bank by saying that they never authorized the transaction.
What are some tools payment processors provide merchants to help prevent fraud and chargebacks?
1. Blacklists and Whitelists: A blacklist is a list of items that are not allowed by a payment processor. For example, if you have had a customer from a specific IP address who has conducted suspicious activity on your website, you can add their IP address to your blacklist which blocks them from completing a credit card transaction. You can also blacklist entire countries using 2-letter country codes or specific customers by email address.
A whitelist works similar to a blacklist but instead of listing country codes or IP addresses that you don't allow, you instead block everything and then list the exceptions that you do allow. If your business is limited to Canada, you can add Canada to your whitelist and all other countries will be blocked automatically.
2. Maximum Limits: You can set limits to the maximum sale amount, or pre-authorization amount allowed. This can stop fraudsters from making unusually large purchases with stolen credit cards.
3. Velocity Checks: Velocity checks are based on timing. These checks can be configured to block anyone who attempts to process a transaction with the same credit card or from the same IP address a certain number of times within a certain amount of time - for example, more than 3 times within 120 seconds. This helps to prevent fraud from customers who are running through a list of credit card numbers until they find one that works. If someone is trying to do this, after 3 attempts (or any number that you specify) they will be blocked.
4. Trading Name: The trading name that appears on your customer's processing statement must be something that your customer will immediately recognize. Additionally, many processors try to add your business' contact phone number in the trading name that appears on your customer's credit card statement if there is room. This is done to give cardholders an opportunity to call your business to resolve any issues with the transaction rather than directly calling their card-issuing bank to dispute the transaction. Good customer service is important here because if a customer makes the effort to call your company but does not get a satisfactory response, they are then likely to progress to a chargeback with their card issuer.
Other tips to prevent chargebacks:
1. Provide a quality product or service: A large number of chargebacks are prompted by inferior products or service. If a customer feels that they did not receive the product or service that they expected, they are more likely to attempt to get a refund. If they are not able to get in touch with the merchant, or if the merchant refuses to provide a refund, a chargeback may occur. Take note: if your policy is not to provide refunds, it is important that the customer is made aware of this prior to completing the transaction.
2. Focus on good customer service: This goes hand in hand with tip number 1 - you must have great customer service in order to make the customer happy and prevent any unnecessary disputes. Your customer service contact information should be easily accessible on your website, and you should provide contact information in your order confirmation email to the customer as well. If a customer has a complaint and they are able to easily get in touch with the merchant to get the issue resolved, the chance of a chargeback occurring is reduced significantly.
3. Don't charge the customer until the product has shipped: If an item is backordered, you should hold off on charging the customer until you have the item in stock and ready to ship. If you charge a customer immediately but force them to wait weeks to receive the order, a chargeback may occur. These chargebacks are easily prevented by simply waiting until the product is ready to ship before billing the customer, and keeping the customer informed of the order's status.
4. If in doubt, call the customer! This is probably the most obvious thing to do, the single best bit of advice in this article for fighting fraud, and for some reason the most overlooked. If you get an order and you are uncertain whether it's legitimate then call the cardholder and talk to them about the order. Tell them that for your security, as well as their own, that you are calling to validate that it is an authorized transaction. Most fraudsters will not give out a working, legitimate phone number. If the hair on the back of your neck stands up at all (as discussed in point 5 below) as a result of that conversation do not ship the order.
5. Trust your gut: No automated anti-fraud system is likely to be as effective as human intuition. If for some reason you have doubts regarding an order then you should do whatever it takes to alleviate those doubts or do not ship the order. In some cases that may mean asking a customer to pay by cheque or wire transfer, or even risk losing the order. However, sometimes it's better to lose an order than thousands of dollars in merchandise. Most people who work with and screen online orders are able to quickly refine their inner radar to help spot suspicious orders.
How to defend yourself and win chargebacks:
Sometimes chargebacks happen - despite your best efforts to prevent them using all the tips discussed above. In these cases, you can follow the advice below to help you win chargeback disputes.
Respond quickly: When your processor contacts you to request information about a transaction dispute, it is very important that you respond quickly. As the merchant you have only a short window of time to submit any evidence you have to support your side of the story. If you don't respond in a timely manner, the cardholder will automatically win the dispute by default.
Ensure refund policies are clearly displayed: You should always have a clearly posted refund policy on your website that customers can reference. If your refund policy appears prominently on your website, customers will be expected to know what they are getting into before they make a purchase. A good refund or return policy can not only help you get sales, but also help the customer get the support they need if and when they need it. As stated above, if you have a policy such as "no refunds", it is imperative that the customer knows about it prior to checkout. If the customer is unaware of this policy and then tries to get a refund, it can easily end up in a chargeback situation for the merchant.
If you receive a chargeback because the customer wanted a refund and you did not provide it (because of a no refund policy), use a printed copy of your refund / return policy as evidence when fighting back against chargebacks. If the customer claims they were not aware of the policy you can demonstrate that it is clearly marked on the website.
Ship only to verified billing addresses: Ship only to the verified billing address and use a shipping carrier that verifies delivery. Fraudsters will often try to ship goods purchased illegitimately to an address that is different from the address registered to the cardholder. This is so they don't have to go to the cardholder's house to pickup the package when it get delivered. Having a policy of shipping items only to the registered address of the card helps ensure that the registered cardholder will receive the goods, even if they did not order them. It is more likely in this scenario that the goods can be returned to you as a merchant.
A shipping carrier that verifies delivery allows you to use the delivery verification as supporting evidence in the event of a chargeback. If you receive a chargeback from a customer who claims that they never received the product, you can simply provide your processor with documentation of the transaction record showing the Address Verification Service result and receipt of shipment to the verified address.
In the reverse scenario - where the customer claims that they returned the product to you and has initiated a chargeback because you never refunded them - you can simply tell your processor that you never received the returned product and ask the customer to provide proof of return shipment and delivery verification. In this case, the customer has already admitted that they received the product initially, and it is now up to them to prove that they returned it.
Winning an already-refunded chargeback
When you follow the fraud prevention tips laid out in this article, you will often be able to spot a fraudulent transaction before providing the product or service. In these cases, the best thing to do is refund the customer and cancel the order. However, because cardholders can essentially chargeback any transaction for any reason, in some instances cardholders will try to chargeback a fraudulent transaction even after you have already refunded them. In such cases, all you need to do is provide evidence that you spotted the transaction was suspicious and refunded it immediately. If you can provide evidence that you refunded the transaction then you should easily win the chargeback.
You should now have a solid understanding of what chargebacks are, how they work, and have been provided with the necessary knowledge to create a fraud prevention strategy. In the event that you do receive a chargeback, knowledge is power, and you are likely better armed now to defend yourself in chargeback disputes.
According to a report from Cybersource Inc. earlier this year, the number of online fraudulent transactions dropped from 0.9% to 0.6% from 2010 to 2011. However, the average fraudulent transaction price increased, and this caused the total dollar amount of fraudulent transactions to actually increase by 1% to $3.4 billion dollars in 2011. While the number of fraudulent transactions appears to be on the decline, unfortunately the overall cost of online fraud is on the rise.
Following the above tips, coupled with good customer service and recordkeeping, will help to protect your business from chargebacks and ultimately increase your bottom line.
If you haven't reviewed your processing costs in a while take a moment to view our rates.
If you have comments and would like to contact the author you may do so by completing the form below.