When accepting transactions online merchants must take additional steps to ensure the validity of the card being presented.
The rapid growth of Internet generated transactions has provided businesses with an invaluable tool for attracting customers. With accepting transactions in this non-face-to-face environment, merchants must take additional steps to ensure the validity of the customer and the card being presented as well as the follow through with the total transaction. Listed below are guidelines for accepting Internet transactions to reduce exposure to fraudulent activity as well as other disputes from genuine customers.
- Ask for both a card type (Visa, MasterCard, American Express, etc.) and the card number. Ensure that the card type matches the beginning digit(s) of the card number as listed below. Invoke an error message for all mismatches and do not proceed with the transaction.
- Require the customer to manually enter the valid / expiration date(s) of the card. Do not provide a default date(s). This will ensure the customer enters the information and does not allow the default date(s) to stand, which will most likely differ from the actual valid / expiration date(s).
- Include an Address Verification Service (AVS) request with all authorization requests. AVS will identify if the billing address given by the customer matches the billing address on file with the Issuing bank. This is currently available within the United States only.
Although a transaction may be completed without a positive AVS response, a negative match may indicate that the customer is not the authorized owner of the card number being used. Also, use caution when sending merchandise to a shipping address that differs from the billing address, regardless of whether or not the billing address received a positive AVS response. AVS response codes
- Utilize a payment gateway that offers fraud prevention screening. Fraud prevention screening will check the customer's information against a database of information known for past fraudulent activity. Reject any transaction that does not pass this process.
- Require the customer to provide the three-digit validation code appearing as the last three digits on the signature panel of the card. This will require the customer to have the card in his/her possession to provide a valid code. In the near future, this three-digit code will be required for the authorization process to cross-check the validity of the information embossed on the card.
- Secure payment information in a manner that will prevent fraud by staff and external individuals:
- Send an email order confirmation to the customer including detailed information regarding the transaction such as:
- Set parameters to review high-risk transactions prior to the authorization request based on type of merchandise, dollar limits, amount of separate transactions, and any past spending patterns from individual customers.
- Avoid duplicate transaction processing by both staff and the customer:
- Establish a detailed return/cancellation policy displayed on the website. Require the customer to click to accept the terms prior to completing the transaction.
- Upon receipt of cancellation and/or returned merchandise from a customer, issue credit promptly. Confirm the processing of the credit with the customer to avoid a potential chargeback. Please keep in mind that MasterCard and Visa do not recognize return/cancellation policies generated from an Internet transaction as being valid against cardholder disputes as they are not physically signed by the customer.