I'm not sure if PCI allows you to store an MD5 of the card number, but that is one route you could consider. Storing a one-way encryption of the card. Maybe only temporarily for a few days or a week.
I don't even know if my processor charges for declines. The merchant statement is confusing.
If you have a return (decline) and you are already returning a "card declined" set a cookie on the browser to 403 your site for 24 hours... You can check your own cookies!
well brokaddr first of all I would get with the company that does my processing and get a better deal. That amount is horrible and I would call another processor get a quote and then either move or get me a better deal. If your paying that much for a decline I am scared to ask what your being charged to process the orders.
If I see a person has tried the same card 2 times I call them and see if I can help. There really is no other way unless as above for a short period of time.
I'm with bwnbwn on this one, start looking around for a better processor, I can't imagine being charged for declines, is there anyone else here being charged for declines?
We allow declined charges to come into our order system as "pending" - this way we can contact the customer directly and save as many sales as possible. We wait until the next day to re-try the charge; if it does not go through, they are contacted. If they call and it STILL does not go through, we require alternate cc info.
This is a payment processor issue and it is not right. You should be looking for alternatives.
You can do all kinds of coding and validation before sending the data to the processor (IP blacklists etc) but you shouldn't need to for this matter. Because it could be a bot behind. Ask the gateway about it if they don't have a solution get someone else.
|We allow declined charges to come into our order system as "pending" |
That's actually a really good idea, and would save the customer a lot of grief, for things as simple as a billing-address typo, or CVV typo.
New processor - I'd say - I have never paid for declines - that doesnt' seem right.
I think we all pay for declines it is a part of doing business on the net. I pay for all processing be if a decline or approval, but I don't pay .35 I pay .18 per decline/approval. Then I think 1.9% processing fee.
I get charged 30 cents for each AVS attempt, whether the transaction is approved or not. So yeah, I get charged for declines. Normally I don't get people trying over and over unless it is someone clearly engaging in fraud and trying a series of cards. I can ban their ip address in authorize.net's fraud suite so it doesn't happen again, and in fact, since I have set that up and blocked the ips of certain countries, it hasn't happened. But most of the time, the person gets declined once or twice or occasionally, like yesterday, three times. I don't contact the person, because I would not like to be contacted if it were me. Usually they come back with a different card. I do think it's a cost of doing business. It's a fee I deduct under fees on my taxes.
|I get charged for declines |
I still think it's payment processor dependent. With PP for example if a transaction fails to go through nothing happens.
But... I don't know about AVS because that goes to the bank of the consumer, a different service but that happens after all cc details are validated by the processor. So that might be the loophole, not sure if the OP was talking about this case.
It will be too late by the time you see it and block the IP.
enigma1, are you using standard PayPal or Website Payments Pro? WPP has a $0.30 fee for each authorization/decline.
As I understand, it's a norm in the credit card industry to charge for this.
For now, I scripted a database to copy the last 4 digits of the declined card along with the buyers first & last name (to try and circumvent the possibility of 2 unrelated cards clashing); on each purchase attempt, a query is executed to check for a previous decline. If one is found, it shoots them to an error page; blocking any information sent to the gateway.
It's resulted in more customers contacting me to arrange alternative methods - prior to this, I'd NEVER hear back from a declined card.
Those of you who aren't charged for declines, what processor are you using? I imagine with myself being located outside of the United States, my options are far more limited in finding one that doesn't nickel and dime me to death.
this thread has had me shuffling through papers I hadn't seen in years. turns out that our gateway (authorize.net) does charge us .10 for charges, refunds, voids and declines. I was thinking only about the merchant account and gave no thought to the gateway, but they do charge and we do pay for declines.
|I scripted a database to copy the last 4 digits of the declined card along with the buyers first & last name... |
How do you handle declines where the name and card number were correct, but the CVV was simply typed in wrong? ... or the ZIP code was typed in wrong?
You can stash the last-4 digits, but not the CVV.
|are you using standard PayPal or Website Payments Pro? WPP has a $0.30 fee for each authorization/decline. |
We are talking about your store having a cc form that is submitted to the payment processor. There is no issue about the other methods because the customers enters his info in the processor's site
The fee you are talking about is when you receive money ie the transaction goes through (regardless of if there is a red flag but there is validation; money are moved from one account to another) plus the percentage. Not when you do not receive anything right? Unless you have another service.
To give you an example, if you enter a cc 4111111111111111 in your site with some random address/name and let it be processed by the processor do you pay a transaction fee?
Lets be sure we are on the same page because you maybe paying due to the authorization filters that flag a transaction bad. What filters you have active from your processor's cpanel?
I believe you pay the transaction fee because the processors contacts the bank, the bank validates and returns back ok, puts the funds on hold and then the processor based on what filters you setup shows the transaction. So I think you have a valid transaction through and you pay the charge regardless if you setup some filter to decline it.
jwolthuis - The CVV is not taken into account at all (nor is it stored). Once they've gotten 1 decline from that card - it's blocked. If they know what they did wrong and try to use it again - blocked.
Before implementing this script I've been having the declines sent to my inbox (a breakdown of their name, IP, timestamp); I've NEVER had a single order placed from someone who kept hammering the same card. They try 3-10 times (most do it 3 tries) before simply moving on. So I never felt the need to consider the CVV as a possibility for the decline. In my experience: once a decline, always a decline.
enigma1 - I have absolutely no filters set up on the gateway. All of the filtering occurs within my website through custom coding. I'm sure the gateway has their own filters in place that I do indeed get screwed on.
For example: I know Paypal has some un-editable filters that trigger declines one would otherwise accept - I've seen people mention it in this very forum. I suspect it has to do with the stringent AVS requirements.
I am charged for any order attempt. Be that a decline or a voided order. The $0.30 is also deducted for a successful payment (along with a % of the final sale).
Anytime a customer fills the CC, hits submit - I pay $0.30 no matter what.
brokaddr, something isn't right, you may want to check on the PP developers forum and ask the specific question. From similar things reported here is a document that includes a discussion see the last couple of posts. About item-3
|There really isn't a way of verifying the AVS or CVV2 without doing an auth and being charged a fee for that auth |
|Are there other fraud tools we could use instead so that if it fails, we won't be charged the transaction fee? |
If you are using fraud filters and you have it set up reject based on the AVS and CSC responses, if it is getting rejected then you will not be charged for transaction.
It may help you to setup the filters if necessary and perhaps avoid the transaction charges for declines. You can also ask them about it directly. From what I read it seems you have an option not to be charged for the declines.
Good post, enigma1.
The very last post in the pdf I find interesting:
|There would be a temporary hold placed on the funds, as the card is not being declined |
by the card issuing bank. They are actually approving it and placing the funds on hold,
and sending the response back to PayPal. PayPal then looks at the response and your
filters settings, and rejects it if that is what you have it set up to do. It will keep it from being
captured, but does not remove the hold placed on the card by the bank since they approved
it. The transaction that is rejected though because of your settings, will not be a transaction
you are charged for.
I have spoken to PayPal's merchant support and they told me:
An additional $0.30 is added to your monthly billing when one of the following occurs on a pending authorization:
· Live auth transaction has NOT been successfully captured
· Live auth transaction attempt was unsuccessful/declined
· Declined sales transaction
· All successful authorizations NOT captured within 29 days
Seems to be a significant mix-up of information.
I have also asked for AVS requirement to be removed (the source of all problems, as far as I am concerned), they told me my account does not qualify for AVS being disabled.
Block the customer's IP address?
I haven't found any payment gateways that support the new Visa $0.00 authorization transaction for AVS/CV2 verification.