| 11:49 pm on May 19, 2002 (gmt 0)|
I'd like to do a quick survey of chargebacks so that I can continue building my list of chargeback prevention measures as posted at [webmasterworld.com...] and identify weaknesses in the precautions listed there. The list will benefit all retailers, not just me.
If you have had chargebacks, what was the reason given for the chargeback? Did you take the precautions I gave in my list? Did you verify the cardholder's address? Did you send the goods to the cardholders address? Did delivery of goods require a signature?
If you didn't take those precautions, why not? (ie, your card processor may not support AVS). Could the chargebacks have been prevented if you HAD taken those precautions?
I want people to be brutally honest with their answers - if you have followed all those precautions, then the chances of chargebacks occurring are slim. Sure, they'll still happen, but not very often.
If chargebacks still occurred despite taking those precautions, then what reason was given? If you satisfy the card issuer that the transaction was genuine and that the cardholder has received the goods they ordered, then the card issuer may cancel the chargeback. Did you provide the card issuer with all the information you had to prove the transaction was genuine and that the cardholder had received the goods?
If you provided goods, did you get them back? If you followed the precautions then you should have sent them to the cardholder and the goods should be recoverable.
What other reasons (not covered in the list) have been given for chargebacks occurring? What other precautions do you think you could have taken to prevent chargebacks?
What about provision of services? Without any delivery requiring signatures, there is a greater risk of chargebacks. Have you had a chargeback for provision of a service? If so, what reason was given and what did you do when challenged by the card issuer? What other precautions could be taken to prevent chargebacks for service provision?
Any other thoughts / comments / suggestions etc?
| 2:49 pm on May 21, 2002 (gmt 0)|
We started to get a ridiculous number of chargebacks on one site. Your advice of "NEVER sell intangibles unless you have no other choice." is extremely valuable, but we are faced with a dilemma. the route of the dilemma is that we do not LOSE money by someone giving us a fraudulent card and the visa companies actually MAKE money on the chargebacks... so nobody has an incentive to develop a proper check. We do the transaction through Netbanx and if the card is approved, give the buyer a password. If a card owner then criticises the transaction (be it their card or not) then hey - that's our money back guarantee coming into play and all we really lost is a password.
Now - strangely - people in Indonesia (surprise surprise) are putting what seems to be random card numbers through our site. They are BUYING THE SAME PASSWORD!? So all they are doing is using the system to validate that cards are not yet cancelled I guess.
Now - even though on balance we don't lose money, it is very embarrassing for our name to be plastered all over some poor innocent's credit card statement, so we thought we would do something about it. Here is what we tried:
1) asked Netbanx to check the card number with the address they give ... which apparently CANNOT BE DONE IN THE UK! (CRAZy - absolutely crazy!) Data protection acrt stinks to high heaven.
2) We decided to collect the IP numbers of buyers, but nobody wants this data, which could stop what appears to be organised white collar crime. We offered it to: The UK Police, Barclaycard, Netbanx and eventually tried an email in the FBI (but got no reply).
What else can we do?
Since the credit companies, on average, do not lose on this, they are not doing what they should be doing, which is to campaign for cards to be able to be checked against addresses online.
It looks as if we are going to have to install a system to detect all transactions coming from Indonesia, via the IP and reject them at source. Now, the cost of implementing THAT when we are currently not losing money seems a crazy solution.
Brutally honest enough?
| 9:49 pm on May 21, 2002 (gmt 0)|
>>1) asked Netbanx to check the card number with the
>>address they give ... which apparently CANNOT BE DONE IN
>>THE UK! (CRAZy - absolutely crazy!)
AVS is most certainly used in the UK !!! Either Netbanx or you have got it wrong ....
You can block access to your server by IP, maybe also by IP range - I don't do this myself so can't tell you how, but if you ask in one of the other forums here (Server Side Scripting? Linux / Unix? Website Technologies?) someone is bound to know.
| 9:57 pm on May 21, 2002 (gmt 0)|
block by ip range:
in .htaccess file include line
Deny From xxx.xxx.xx.xx
an example of denying a particular range:
Deny From 194.82.103*
| 6:58 am on May 22, 2002 (gmt 0)|
thanks for that James
| 7:57 am on May 22, 2002 (gmt 0)|
Blocking ceratin IP ranges will certainly help. Now... if AOL did not keep changing IP numbers on users every 60 seconds I might also get accurate log files too :)
Thanks for the tip James. I will also check out AVR.
| 9:05 am on May 22, 2002 (gmt 0)|
Netbanx told me that they are unable to compare credit card numbers with the number on the credit card, because this would involve them keeping or having access to a database that stores general information about individuals without their prior consent. This is what is against the data protection act.
Netbanx have said that they are implementing AVS, but are not exactly optimistic that this will happen in the near future. Which doesn't exactly help people experiencing lots of chargebacks, does it?
| 9:38 am on May 22, 2002 (gmt 0)|
Netbanx do not need to store the addresses.
WorldPay currently support AVS by contacting the bank (automatically) and WorldPay simply give you the banks response in one of three ways: matched, not matched or not checked.
Not checked means either the card issuer does not support AVS or that their server was unable to be contacted at the time of purchase.
Every person who has a card has given permission for these card companies to store your personal data. The Data Protection Act is not a problem when done this way.
| 1:05 pm on May 22, 2002 (gmt 0)|
>>WorldPay simply give you the banks response in one of
>>three ways: matched, not matched or not checked.
there are also "not supported" (bank or card doesn't support AVS) and "partially matched"
another benefit is pre-authorisation - customer places the order but no money is taken from the customer and no transaction charges are incurred until the retailer manually completes the transaction by clicking a button. this gives retailers 5 days to check if the order is genuine or not - if not, simply ignore it and it will be cancelled after 5 days.