TABLE OF CONTENTS
With the influx of advanced payment technology, card not present transactions have helped to increase the total revenue of businesses all over the world. But, as with all good things in life, there is a catch: The amount of fraud involving these transactions have also gone up. According to the US Payments Forum, card not present (CNP) transactions made up about 45% of all credit card fraud in 2014. So what are the best practices for handling these important, yet volatile, card not present transactions?
By following these 4 best practices, you can minimize the chances of fraud overwhelming your CNP transactions and avoid the hefty fees that come along with it. Think of them as credit card rules for merchants to follow during every CNP transaction.
1. Never save customer card information on unsecured platforms
When asking a customer for any of their credit card information, you’ll want to input it directly into your virtual terminal online. Don’t write any of these details down in an unsecured drive or on a piece of paper. In a business of any size, this leaves your customer card information up for grabs for people who know where to look.
In a similar vein, don’t ask customers to send their credit card information over email, text message, or live chat. Sending it over unsecured channels increases the risk of this information falling into the wrong hands.
But, do save proof of purchase information on every transaction
It is best practice to have information to reference a card not present purchase by in case something happens. For example, if someone is disputing a charge, you can provide the bank with proof that the purchase was made rightfully. By taking and storing credit card information responsibly, you will be one step closer to protecting your business from friendly fraud.
Examples of information that you can keep track of is:
- The date and time the order was placed
- What the customer purchased
- The total amount charged for the transaction
- The customer’s contact information
Sending confirmation receipts and tracking all packages sent are other great options for proactively keeping track of CNP transactions.
2. Provide your contact information… on everything
Your business should have a phone number or email address that customers can use for questions on every page of your site, on the receipts that you send, and the correspondence that you have. If this information is hidden, it will lead to cardholder disputes (aka chargebacks).
Supply your contact information on every page of your site
The home page and contact page (if you have one) are the two most common places to add an email and phone number to get ahold of you by. But that shouldn’t be the only place customers can find it. It needs to be integrated into every page on your site. The easiest way to do this is by adding it to the header or footer so that it always generates on your page templates. This is also the most likely places for customers to look for such information.
Add your email and phone number to all correspondence
All mail, email, and invoice correspondence should include contact information for your business. This means that no matter how the customer comes in contact with your brand, you display a way for them to voice their questions, comments, and concerns. Not only does this support your brand by mitigating risk, but it is also a way to get in front of new customers.
Check and recheck that your billing descriptor is up to date
Not only is this important on your site, but it is also imperative that you include it on the billing descriptor. This is one of the ways that customers will be able to identify you on their credit card statement. If a customer has a question for you or doesn’t recognize the charge on their statement, including your contact number and business name may be the only way to find you.
Check periodically that the information on your descriptor is up to date and displaying properly. Sometimes, information can be cut short by the payment processor handling your transactions which leads to incomplete names or phone numbers. So by checking your descriptors and running test transactions, you can ensure that it displays properly for your customers.
3. Always confirm a customer’s address with the AVS
Merchants use the Address Verification System (AVS) to verify the billing address of the customer. The address used for the purchase should match with the billing address that the credit card company has on file. If there is a mismatch between the two sets of information, the credit card company flags the transaction. This best practice is only used for card not present transactions, making it an essential for online and ecommerce businesses.
Asking for a customer’s billing address isn’t just helpful for security purposes; this information is also useful in case the transaction gets picked up for fraud or chargeback. You want to have as much information on the purchase as possible, as this only makes things easier for you.
4. Keep up with PCI compliance guidelines
PCI compliance guidelines set the standards that all businesses must follow to protect their customers’ data. It allows customers to place their trust in your company. This way they will know that their financial information is being stored safely and securely.
Luckily, if you’re working with a payment processing company that supports your transactions, chances are your software is already PCI compliant. Many companies in this space consider PCI guidelines to be the industry standard, and so will guarantee to use only compliant tools. They also offer resources to ensure that your business maintains these standards on the merchant side as well.
Implement These Practices In Your Business
Just knowing this information is the first step, but implementing it is the real test. Utilizing the best practices that are provided to you and doing your due diligence will really pay off when it comes to reducing fraud in card not present transactions. Taking the necessary measures to protect your business against chargeback disputes will ensure that your business can stay healthy. Do your research, take your time, and follow the guidelines.