Since the introduction of the credit card chip (EMV), fraudsters have turned their attention to card-not-present fraud, which has seen a dramatic increase.
One study by Juniper Research found that retailers are in for $130 billion in losses from 2018-2023. In the US alone, merchant losses from card-not-present fraud is about $5 billion a year, and total losses to credit card fraud at close to $30 billion. Canada is about $800 million.
An important distinction is to separate ‘friendly fraud’ from actual or ‘criminal fraud,’ such as identity theft. This is where real customers, who did an actual purchase, are trying to get a refund by requesting a chargeback with the card issuer.
How do you protect your business against chargebacks from card-not-present fraud? The first step is to know the rules and guidelines that each card issuer has. Once you know these, you should implement guidelines for your staff to follow.
This does require a bit of research, which is why we will do a quick rundown of the key merchant guidelines on the topic from the top three credit card issuers here:
Visa’s Card Acceptance Guidelines for Visa Merchants explains that when doing card-absent transactions, such as telephone and mail order, the merchant “must verify to the greatest extent possible the cardholder’s identity.”
As a minimum, you should collect:
- Card number
- Customer name
- Customer address
- Expiration date
With most card terminals you cannot enter customer name and address, which makes these card-not-present transactions less safe. Visa recommends that “If available, use fraud prevention tools such as Card Verification Value 2 (CVV2), Address Verification Service (AVS)”
The American Express Merchant Operating Guide says that it has the “right to Chargeback for any Card Not Present Charge that the Cardmember denies making or authorizing.”
However, Amex also says that it will not Chargeback for such Charges based solely upon a Cardmember claim if: you have verified the shipping address to goods were shipped to, and provided a signed proof of delivery.
You may not always be able to verify the shipping address or get a proof of delivery, which is why that Amex recommends getting not just card number and expiration date, but also:
- Customer name
- Billing address
- Shipping address
Mastercard has a very complicated document of Transaction Processing Rules. But in code 4837 Fraud, which involves card absent transactions, such as ecommerce, mail or telephone orders, the code says that written confirmation or cardholder signature is the best line of defense.
If you cannot get these, then written correspondence between you and the cardholder that show the cardholder participated in the transaction is needed. Also signed proof of delivery, email addresses to prove digital download delivery, proof the cardholder sought additional services, or evidence the disputed goods or services were used.
When it comes to authorization of the identity of the cardholder, Mastercard says that you need a positive Address Verification Service (AVS) match, and proof that you shipped the goods to the AVS-approved address.
The documents and rules are long and complicated, but with card-not-present transactions, it is very clear that the more you can verify the identity of the customer, the more secure the transaction will be.
This is what is our payments system at PaySecuri is designed to do. By using both Card Verification Value 2 (CVV2), Address Verification Service (AVS) as fraud prevention tools.