Fraud Prevention

Fraud Prevention

InterchangePlus Solutions is committed to helping you control and prevent fraud. With the growth of eCommerce and the rise of identity theft, fraud prevention has never been as critical. It is not just eCommerce and mail order transactions that require extra diligence. Face to face transactions are also subject to continuing fraud attempts.

Scam artists are savvier than ever and understand the latest security features that MasterCard and Visa are creating to control this problem. Merchants must be alert and take extra precautions wherever possible, because they are financially responsible for fraudulent transactions, including those approved by the bank that issues the consumer’s credit card.

On this page and the accompanying downloadable documents, we provide the best practices information you need to help prevent fraud from occurring in your business.

A. Visa/MasterCard Terminal Response Codes

B. Chargeback Process

  1. Introduction to the Chargeback Process
  2. Summary of Chargeback Process
  3. Summary of Retrieval Process

C. Preventing Chargebacks

  1. Card-Present Transactions
  2. Card-Not-Present Transactions

D. 12 potential signs of Card Not Present Fraud

E. Visa-MasterCard Card Not Present fraud prevention tools

Additional Fraud Management and eCommerce Resources 
Download these documents to learn about the verified by Visa program to combat eCommerce fraud:
Visa eCommerce Merchants’ Guide to Risk Management (eCommerce)
Visa Card-Not-Present
Help Prevent Fraud with MasterCard Card Security Features
Important Information about Unsigned Credit Cards

 

A. Visa/MasterCard Terminal Response Codes

Response Action
Approved Ask the customer to sign the sales receipt.
Declined Return the card to customer and ask for another MasterCard or Visa card.
Call or Call Center Call your voice authorization center and tell the operator that you have a “Call” or “Call Center” response. Follow the operator instructions. 
Note:
 In most cases, a “Call” or “Call Center” message just means the card issuer needs some additional information before the transaction can be approved.
Pick Up Keep the card if you can do so peacefully.
No Match Swipe the card and re-key the last four digits. If “no match” response appears again, keep the card if you can do so peacefully. Request a Code 10 authorization.

^ back to top

 

B. Chargeback Process

1. Introduction to the Chargeback Process
As a general rule, cardholders have the right to dispute any transaction processed on a Visa, MasterCard or Discover. These disputes are called chargebacks, and are governed by a series of rules set forth by these Payment Brands. In the chargeback process, the burden of proof lies with the merchant. The merchant will be given the opportunity to provide supporting documentation to prove the legitimacy of the transaction. If the merchant is successful, the transaction is credited back to his account. If the merchant is unsuccessful, or does not respond in a timely fashion, they will be financial responsible for returning funds to the cardholder who filed the dispute.

^ back to top

2. Summary of Chargeback Process
When a chargeback is initiated, the Issuer gives the cardholder provisional credit. In turn, the Issuer sends a request to the merchant’s Acquiring Bank. The Issuing Bank is often required to submit the documents that support the customer’s dispute. To facilitate the handling of the dispute, we use an “auto-resolve” database that automatically places the chargeback in a pending status, waiting for the Issuing Bank documents to arrive. The system will auto-resolve the case in the event the bank documents do not arrive and will send the chargeback back to the Issuer. When the bank documents are received, the system may place the case in a queue for a chargeback operator to process, or automatically debit the merchant and generate the chargeback letter.

The chargeback letter gives the merchant about 8-10 days to respond. No second warning is sent in absence of a response. At times, the request comes in at a later time. It is IMPORTANT that the merchant always checks the “Respond by” date on top of the communication letter to insure that the response is sent on time. A case number is assigned to each disputed item. The merchant must attach the correct case number to each page of the rebuttal paperwork.

Cardholders may dispute a charge for various reasons (i.e. “Non-Authorization”, “Merchandise not received”), and often attach a letter of explanation to the output package. Merchant’s rebuttal must address each one of the customer’s complaints. A rebuttal letter containing the merchant’s point of view should always accompany the paperwork. As a default, we send the letters to the business address indicated by the merchant. Once the rebuttal paperwork is received by the chargeback department, the case is reviewed and, if applicable, it is reversed back to the Issuer. A credit to the merchant for the transaction amount will be granted in that instance. In the event the documents do not provide a valid reason to reverse the dispute, the Chargeback Department will try to contact the merchant for more information.

^ back to top

3. Summary of Retrieval Process
Often the first step in the chargeback process is a request made by the Issuing Bank for thetransaction information document (TID), or receipt. This request is called retrieval. The Acquirer is obligated to fulfill this request by providing a copy of the transaction receipt. Alternatively the merchant should respond to the Issuer explaining the reason he cannot honor the request. A retrieval request can simply be a request for the information, or could indicate that the Issuer will initiate a chargeback in the near future.

Upon notification of the retrieval request, a letter is automatically generated to the merchant. This letter states that the merchant has a certain number of days (usually 10 days) to respond by providing the indicated sales draft. On the 11th day, a second and last letter is generated, and sent to the merchant. The sales draft must be submitted to the Issuer on the 28th day from the moment the request has been initiated.

case number is assigned to each request. The merchant must include the correct case number on top of the TID. Once the merchant has responded to the retrieval, a chargeback analyst will review the received documentation. In the event the sales draft is illegible, wrong, or has missing items, the analyst will notify the merchant via phone or fax, when available. If the merchant does not respond within the given timeframe, no notification will be sent to the merchant. A Good Faith Collection letter will be submitted to the Issuing Bank when:

The transaction has a POS entry of 90 (swiped), and the signed sales slip is available;
For mail order/telephone order (MOTO) transactions, the merchant matches the AVS (Address Verification), and provides signed proof of delivery.
No partial credit is granted to the customer in the event of a retrieval request. As a result, the merchant will not be debited for the transaction amount, unless the request turns into a chargeback due to non-response.

^ back to top

 

C. Preventing Chargebacks

Most chargeback situations arise at the point of transaction—at the time the transaction is completed—and most can be prevented with a little training.

Consider these tips to avoid potential chargebacks:
These tips are intended only as an example and should not be interpreted as a comprehensive list.


1. Card-Present Transactions

Do not complete a transaction if the authorization request was declined. Do not repeat the authorization request after receiving a decline.

If you receive a “Call” message in response to an authorization request, call your authorization center. Be prepared to answer questions. The operator may ask to speak with the cardholder. If approved, write the authorization code on the sales receipt. If declined, ask the cardholder for another credit card.

Make an imprint for all card-present transactions. If you have a point-of-sale terminal with a magnetic-stripe reader, swipe the card through the reader for every face-to-face transaction. If the terminal isn’t working or a card’s magnetic stripe cannot be read, key-enter the account information and make an imprint of the embossed information onto the sales receipt using a manual imprinter. Even if the transaction is authorized and the cardholder signs the receipt, if the receipt does not have an imprint of the embossed account number and expiration date, the transaction may be charged back to you for “no imprint” if the cardholder later denies participating in the transaction.

Obtain cardholder signature. The cardholder’s signature on card-present transactions is required. Failure to obtain the cardholder’s signature could result in a chargeback for “no signature” if the cardholder denies authorizing or participating in the transaction. Always compare the signature on the sales slip and the signature on the back of the card. If the card does not carry any signature, ask the customer to show you a picture ID, and have him sign the card at the time of purchase.

Make only one imprint of the card for each transaction. Making more than one imprint can lead to duplicate deposits and increase the chance of a chargeback. If you need to redo a sales receipt because of an error, write “VOID” across the incorrect sales receipt, inform the cardholder, and tear up the incorrect sales receipt in view of the customer.

Ensure that transactions are entered into point-of-sale terminals only once—and deposited only once. Entering the same transaction into a terminal more than once, or depositing both the merchant copy and the bank copy of the sales receipt with your acquirer, or depositing the same transaction with more than one merchant bank all can result in “duplicate transaction” chargebacks.

Ensure that incorrect sale receipts are voided and that transactions are processed only once.

If your establishment has policies regarding merchandise returns, refunds, or service cancellation, disclose these policies to the cardholder at the time of the transaction. Your policy should be pre-printed on your sales receipts within ¼ inch of cardholder’s signature; if not, write or stamp your refund/return policy information on the sales receipt near the customer signature line before the customer signs (be sure the policy shows clearly on all copies of the sales receipt). Failure to disclose such policies at the time of the transaction will be to your disadvantage should the customer return the merchandise.

Deposit sales receipts with your merchant bank as quickly as possible, preferably within one to five days of the transaction date — do not hold on to them. Failure to deposit in a timely manner can result in chargebacks for “late presentment.”

Deposit credit receipts with your acquirer as quickly as possible, preferably the same day as the credit transaction is generated. Failure to process credits in a timely manner can result in chargebacks for “credit not issued.”

Keep customers informed on the status of their transactions.

If the merchandise or service to be provided to the cardholder will be delayed, advise the cardholder in writing of the delay and the new expected delivery or service date.

If the merchandise ordered by the cardholder is out of stock and delivery will be delayed or this item is no longer available, advise the cardholder in writing and offer the cardholder the option of purchasing a similar item or canceling the transaction. Do not substitute another item unless the customer agrees to accept it. By giving the customer notice and the option to cancel, you may help avoid a customer dispute regarding the merchandise and a possible chargeback.

Ship merchandise before depositing transaction. Don’t deposit transactions with your merchant bank until you have shipped the related merchandise. If customers see a transaction on their monthly credit card statement before they receive the merchandise, it could lead to a preventable chargeback.

When refunding a customer, always credit the same card that was used for the corresponding sale.

Respond to all sales draft requests. Should you receive a request for copy of sales draft, respond immediately. Failure to send in copy will result in a chargeback with no representment rights.

Change printer ribbon frequently-illegible sales drafts can also initiate chargebacks.

^ back to top


2. Card-Not-Present Transactions:

Do not complete a transaction if the authorization request was declined. Do not repeat the authorization request after receiving a decline.

If a customer requests cancellation of a recurring transaction which is billed periodically (monthly, quarterly, annually), always respond to the request and cancel the transaction immediately or as specified by the customer. As a customer service courtesy, advise the customer in writing that the service, subscription, or membership has been cancelled and state the effective date of the cancellation. Failure to respond to customer cancellation requests almost always leads to chargebacks.

If the merchandise or the service to be provided to the cardholder will be delayed, advise the cardholder in writing (e-mail for eCommerce merchants) of the delay and the new expected delivery or service date. Also, if the item is out of stock or no longer available, offer the cardholder the option of purchasing a similar item or cancelling the transaction. Do not substitute another item unless the customer agrees to accept it. By giving the customer notice and the option to cancel, you may help avoid a possible chargeback.

Ship merchandise before depositing transaction. Don’t deposit transactions with your merchant bank until you are about to or have shipped the related merchandise. If customers see a transaction on their monthly credit card statement before they receive the merchandise, it could lead to a preventable chargeback.

When refunding a customer, always credit the same card that was used for the corresponding sale. Do not offer a check or other form of payment in place of a refund.

Use the Address Verification tool (AVS) and require a perfect match on cardholder’s billing address. Partial AVS match will not stand in a “non authorization” chargeback scenario. If you need assistance in setting the AVS properly on your Gateway, contact your payment Gateway Provider or the Loss Prevention department of your credit card processor for assistance.

Make sure the billing and the shipping address are the same. If not, make sure you verify the shipping address. You can search through the Yellow/White pages, ask for a copy of a utility bill, or a copy of a Driver’s License to validate the shipping address. You can also ask the customer to call the Issuer and add the new address to the billing information.

Obtain and verify the Card Code (CVV2/CVC2). This is the 3-4 digit number on the back of your card (on the front for American Express). This information can be captured only if your shopping cart and your Gateway are set up for it. Please, contact your webmaster and/or Gateway Provider for details.

Cancellation/Return Policy needs to be acknowledged by cardholder. Policy needs to be acknowledged by the customer. For mail order/telephone order (MOTO) merchants, policy must be acknowledged with a signature on the order form, contract, or invoice. For eCommerce merchants, policy can be incorporated in the online Terms and Conditions of the sale, and require the cardholder to click on an “I agree” button before completing the order.

Generate an RMA number for submitted cancellations

Obtain signed proof of delivery. Tracking numbers without a signature are not considered valid proof of delivery.

Verify the Internet Protocol (IP) address. Even though the IP verification is not a 100% guarantee, adding this feature will help you detect fraud. Your Gateway Provider and/or other software vendor should be able to help you get started with this validation process. There is a variety of IP validation software that can be downloaded at no cost.

^ back to top

 

D. 12 Potential Signs of Card-Not-Present Fraud

Keep your eyes open for the following fraud indicators. When more than one is true during a card-not-present transaction, fraud might be involved. Follow up, just in case.

First-time shopper: Criminals are always looking for new victims.

Larger-than-normal orders: Because stolen cards or account numbers have a limited life span, fraudsters need to maximize the size of their purchase.

Orders that include several of the same items: Having multiples of the same item increases a criminal’s profits.

Orders made up of “big-ticket” items: These items have maximum resale value and therefore maximum profit potential.

“Rush” or “overnight” shipping: Crooks want these fraudulently obtained items as soon as possible for the quickest possible resale, and aren’t concerned about extra delivery charges.

Shipping to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of the U.S. Visa/MC address verification (AVS) can’t validate non-US, except in Canada and the United Kingdom or few other banks who participate in the US AVS program.

Transactions with similar card account numbers: Particularly useful if the account numbers used have been generated using software available on the internet.

Shipping to a single address, but transactions placed on multiple cards: Could involve an account number generated using special software, or even a batch of stolen cards.

Multiple transactions on one card over a very short period of time: Could be an attempt to “run a card” until the account is closed.

Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses: Could represent organized activity, rather than one individual at work.

In online transactions, multiple cards used from a single IP (Internet Protocol) address:More than one or two cards could definitely indicate a fraud scheme.

Orders from internet addresses that make use of free e-mail services: These e-mail services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account.

^ back to top

 

E. Card-Not-Present Fraud Prevention Tools

Appropriate preventive action can help reduce fraudulent transactions and potential customer disputes. Make use of these Visa tools and controls to verify the legitimacy of the Visa cardholder and the card in every card-not-present transaction.

Address Verification Service (AVS)
Allows card-not-present merchants to check a cardholder’s billing address with the card Issuer. The merchant includes an AVS request as part of the authorization and receives a result code indicating whether the address given by the cardholder matches the address on file with the Issuer.

Card Code Verification (CVV2-CVC2)
This is a three-digit number imprinted on the signature panel of Visa-MasterCard cards to help card-not-present merchants verify that the customer has a legitimate card in hand at the time of the order. The merchant asks the customer for the card code and then sends it to the card Issuer as part of the authorization request. The card Issuer checks the card code to determine its validity, then sends a result back to the merchant along with the authorization.

Verified by Visa (VbV) 
Enables eCommerce merchants validate a cardholder’s ownership of an account in real-time during an online Visa card transaction. When the cardholder clicks “buy” at the checkout of a participating merchant, the merchant server recognizes the registered Visa card and the “Verified by Visa” screen automatically appears on the cardholder’s desktop. The cardholder enters a password to verify his or her identity and the Visa card. The Issuer then confirms the cardholder’s identity.

MasterCard SecureCode
MasterCard enables eCommerce merchants to actually validate that a MasterCard cardholder is authorized to use the card and qualify the transaction for a guaranteed payment that protects against cardholder unauthorized chargebacks.

MasterCard SecureCode runs on your website and interacts with both the customer and their card Issuer. When your customer is checking out, a simple pop-up box appears asking them to enter a private code that has been registered with their bank.

Their bank then validates that code and provides you with a means of achieving a fully guaranteed transaction. For more information, visit http://www.mastercard.com/us/personal/en/cardholderservices/securecode/index.html

Click Here For Information About PCI Compliance