Forum Moderators: buckworks
I used to work as a customer service agent for a major credit card company and we frequently handled inbound calls from merchants requesting name/address/phone number verification so I understand the procedures backing a verbal verification of this billing information.
So where I am now...
I want to take CC information from customers at the time of order, place the information into a database. Manually call for name/address/phone number verification to their credit card company.
Once I've done that what do I do? Would I be better off (or allowed even as the case may be) to use a standard credit card terminal. Should I send the transaction to a payment gateway (manually from my own backend).
Also I'd want to do a CVV verification also as I submit the order, depending on which method I used above...would I be able to do that?
Once I've completed the verification, and received authorization for the transaction (via either the terminal or payment gateway) I would delete the CC info from my database. Still, I'm storing it for some time, so I would have to seek out one of the levels of PCI compliance =(?
Assuming I do a verbal verification, cvv used with transaction, and primary signature required only shipping (also only ship to a billing address on file with the credit card company or an alternate shipping address also on file with the credit card company) I should be pretty safe from charge backs. From my experience at a bank (granted with was a mastercard issuer not amex) any merchant with that much validation would be untouchable.
Lastly...I've seen most sites make it so your browser does not save the CVV information in the form field for re-entry next time you come back. How do I do that?
If you want to be super safe, only ship to the billing address and make sure everything is signature required.
That doesn't even work as I once encountered a CC fraud where the person had moved 6 months earlier and Visa still accepted the previous billing address as valid.
There really is no 100% sure way but comman sense and a double check of the person's idenity is about all you can do to keep your purchases safe.
It is pretty easy to double check the address as a good address then speak to the customer and get their business number.
You can verify they do work there this is their real name. This really does give you solid proof of idenity.
If they are Self employed get their business name and information to verify the business existance. With big ticket items the customer will understand the importance of the check and understand, if they throw a fit it could be a flag they are a bad deal and all the more to dig deeper to verify them.
These simple steps go a long way. I really wish I had done this with the 5k loss but I was new at this and go burned by thinking a certified check was always good....Wrong thing to think....Two calls and I would have not shipped the item.
all the customer has to do is sign a different name than the card has and you lose the chargeback. How do you prevent that...
I sign for other people's parcels all the time when I'm at clients' sites - and most of the time I could sign "Charlie Chaplin" on the paperwork or terminal and the driver wouldn't either notice OR care.
"So, your parcel was delivered by UPS to 123 Any Street, Anytown, but it was signed for by a Mr Charlie Chaplin"
How will you defend yourself against *that* chargeback?
You can't and it is being done I had it happen to us. Child ordered the product mom said she didn't have permission to use her card I lost.
There will always be a way you will get ripped especially on bigger ticket items.
According to Visa's standards for PCI compliance, a merchant must host with a compliant hosting company. The only employees who should see customers' credit card information are people who MUST see this information in order to do their job. This means standard employees should not see this information.
The best route to go is to authorize a card at the point of sale and then charge it at shipping. The less you can see credit card information, the more you are protected against hackers. A good step to protect yourself against fraud is to 1.) get a good secure gateway, 2.)run an IP address to see where an order was placed and 3.) call if billing and shipping information does not match.
In a CNP transaction you have chargeback protection provided you can prove you shipped to the billing address of the customer (AVS Y or X). Our highest ticket item is $2995.00 and we ship on average 3 of this item each month. The majority of these orders are placed directly online, process thru a gateway and we've yet to have a problem because we only ship to confirmed addresses.
Do we lose business by not shipping to alternate addreses? Yes we do however we prefer not to ship an order rather then hold the risk of a chargeback and being out the merchandise AND the payment as well as the chargeback fee. I might add that the card issuer also has a liability when they approve a charge And provide AVS confirmation for the address submitted.
You can not rely on billing address verifications obtained by phone from a card issuer for CNP transactions. The first question that will be asked in a chargeback is whether you shipped to the verified billing address (AVS Y or X) returned on the charge receipt. Claiming that you called to verify will not hold up unless you get the card issuer rep to mail or fax you a document confirming the address. This is especially true on charges that return AVS code Z and we learned this lesson the hard way about 3 years ago (girlfriend used boyfriends card) so we learned by that mistake.
Our merchant acct is thru Nova and the manner in which we ship is based on their instructions which coincide with V and MC rules for CNP transactions. In 11 years we've had 1 chargeback. We do not ship signature required as it is not necessary provided we prove shipment was addressed to the confirmed address. We've had claims of shipments not received (altho shown as delivered by UPS - left at front door, etc) and in every case the shipping insurance kicked in and we reshipped. There are times we use signature required if requested so as to prevent a shipment being left at the door.
I'm sure there are instances where all the blocks don't fall in the right order but if you do it right you minimize your risk. No doubt there are people out there that go out of their way to try to get over on you.
.
Rgds
Damon
We get customer complaints such as "so and so will ship to my work address why won't you". Our answer is so and so has their policies and so do we. The other day a bank "vp" complained because we cancelled his order due to avs unconfirmed address (plus the fact the card was in someone elses name). You would think a bank vp would be better informed. It's amusing when they threaten to take their business elsewhere and we reply "go ahead". Always seems like 1% of the customers cause 100% of the problems.
.
[edited by: lorax at 12:02 am (utc) on Sep. 7, 2007]
[edit reason] no URLs please [/edit]
