Best Practices for Card-Not-Present Transactions

Authorize every sale on the order date. Authorizations are valid for a specific number of days: Visa – up to 7 days, MasterCard – up to 30 days. Merchandise must be shipped and sales must be deposited within these timeframes or the authorization will expire. If your shipping date exceeds these timeframes, obtain a new authorization code before shipping the merchandise.

Record the card account number on the sales draft. Remember: A Visa card number begins with a “4″ and has 13 or 16 digits. A MasterCard card number begins with a “5″ and has 16 digits. Diners Cards starting with a “36″ and having the MC brand mark on the back must be accepted by any merchant accepting MasterCard. These transactions will be processed as a MasterCard.

Truncate account numbers on customer copies of sales drafts. Never send a sales draft via mail or email with the entire card number present. Transaction receipts should only display the last four digits of the card number.

Ask for both a billing and shipping address. If the addresses are different, determine whether the differences seem reasonable

Ask for the customer’s phone number. The phone number enables you to call the customer for various reasons: to inform him or her that merchandise is back ordered, to request another form of payment if the authorization is declined, or to verify information if the caller seems unclear about address details.

Use the Address Verification Service (AVS). AVS is a simple check that compares the address information provided by the customer during the order process to the statement billing address of the cardholder. If the customer cannot at least identify the zip code, the transaction should be further analyzed. While this is not a guarantee against chargebacks, it allows you to make more informed decisions before shipping. Contact TSYS Merchant Solutions Risk Department at 1-800-228-2443, extension 6767, for more information about using AVS.

Verify the CVV2. The Card Verification Value is a 3-4 digit number and may also be referred to as CID or CVC2 depending on the card type. It is printed on the card and can be verified with the Issuer during authorization. Note: The CVV2 number should never be recorded or stored after the authorization is received.

Do not deposit sales until the ship date. Visa and MasterCard regulations do not permit merchants to receive payment for sales until the goods or services are delivered to the customer. Obtain an authorization on the order date, but do not deposit the sale until the ship date.

Visa transactions for custom-ordered merchandise may be deposited on or after the order date – if the merchant has informed the customer that he will be billed prior to shipping.

Mail an order confirmation notice to the cardholder prior to shipping. This will not prevent chargebacks, but may reduce the number of inquiries and ticket requests.

Request that your customer service number appear on the customer’s credit card statement. Both Visa and MasterCard regulations permit mail and telephone order merchants to place their customer service telephone number where the merchant city would normally appear. This may help the customer recognize the charge when it appears on the statement and reduce the number of ticket requests and disputes. Contact your customer service representative to discuss this option.

Examine the card expiration date. Always verify the card has not yet expired. An expired card could impact payment even if settled with a valid authorization.

Settle batches daily. Transactions not settled in a timely manner can result in higher processing costs.

Do not use an authorization code more than once. If part of an order is shipped and settled, the remaining amount should be reauthorized before it is billed to the cardholder. If a new authorization is not obtained for the remaining amount, it will result in higher processing costs.

Pay close attention to the following, they may indicate fraud:

• A hesitant caller
• A shaky voice or delayed responses to questions. This may indicate that the caller is not comfortable with the information he is providing
• Rush orders. These are a favorite weapon of “here today/gone tomorrow” schemes
• P.O. boxes and mail receiving services. These may indicate lack of a permanent address
• Above-average transaction orders or amounts. Businesses often know the amount of an average sale. Be wary of those transaction that greatly exceed the norm
• Purchases that can be easily converted to cash. Examples include electronics, jewelry and leather goods
• 1-800 return phone numbers. Be suspicious of toll-free telephone numbers when given as the day or evening phone number. Attempt to get a direct line instead
• Multiple orders in a short period of time. Many business systems show all orders placed to a certain account or unique customer number. Be especially aware of multiple orders.
• Fourth quarter sales. Fraud is always a consideration, but is particularly widespread around the holidays.
• Orders made up of “big ticket” items. These items have maximum resale value and therefore maximum profit potential
• Orders containing several of the same item. Criminals usually select the items with the most resale value. As these items are intended for resale, having more of them increases the criminals’ profits
• Orders shipped “rush” or “overnight.” Criminals want these items in their hands as soon as possible for the quickest possible resale, and are not concerned about the extra delivery charges
• Orders from Internet addresses offering free email services. For these services, there is no billing relationship and often no verification that a legitimate cardholder has opened the account
• Orders shipped to an international address. A significant number of fraudulent transactions are shipped to fictitious cardholders outside the U.S. Fraud tools, such as Visa Address Verification Service (AVS), cannot validate addresses outside the U.S.
• Orders shipped to a single address, but made on multiple cards. This may indicate multiple stolen cards.
• Multiple transactions on one card over a very short period of time. This could be an attempt to “run” a card until the account is closed.
• Multiple transactions on one card or similar cards with a single billing address, but multiple shipping addresses. This could represent organized activity, rather than one individual at work
• Multiple cards used from a single IP (Internet Protocol) address. More than one or two cards would indicate a fraud scheme to test the current status of their list of stolen card information. If the transaction is approved the thieves know the card number has not been closed or reported lost or stolen.

Sourced from: TYSYS Merchant Solutions

Comments are closed.