Forum Moderators: buckworks
If you have had chargebacks, what was the reason given for the chargeback? Did you take the precautions I gave in my list? Did you verify the cardholder's address? Did you send the goods to the cardholders address? Did delivery of goods require a signature?
If you didn't take those precautions, why not? (ie, your card processor may not support AVS). Could the chargebacks have been prevented if you HAD taken those precautions?
I want people to be brutally honest with their answers - if you have followed all those precautions, then the chances of chargebacks occurring are slim. Sure, they'll still happen, but not very often.
If chargebacks still occurred despite taking those precautions, then what reason was given? If you satisfy the card issuer that the transaction was genuine and that the cardholder has received the goods they ordered, then the card issuer may cancel the chargeback. Did you provide the card issuer with all the information you had to prove the transaction was genuine and that the cardholder had received the goods?
If you provided goods, did you get them back? If you followed the precautions then you should have sent them to the cardholder and the goods should be recoverable.
What other reasons (not covered in the list) have been given for chargebacks occurring? What other precautions do you think you could have taken to prevent chargebacks?
What about provision of services? Without any delivery requiring signatures, there is a greater risk of chargebacks. Have you had a chargeback for provision of a service? If so, what reason was given and what did you do when challenged by the card issuer? What other precautions could be taken to prevent chargebacks for service provision?
Any other thoughts / comments / suggestions etc?
Now - strangely - people in Indonesia (surprise surprise) are putting what seems to be random card numbers through our site. They are BUYING THE SAME PASSWORD!? So all they are doing is using the system to validate that cards are not yet cancelled I guess.
Now - even though on balance we don't lose money, it is very embarrassing for our name to be plastered all over some poor innocent's credit card statement, so we thought we would do something about it. Here is what we tried:
1) asked Netbanx to check the card number with the address they give ... which apparently CANNOT BE DONE IN THE UK! (CRAZy - absolutely crazy!) Data protection acrt stinks to high heaven.
2) We decided to collect the IP numbers of buyers, but nobody wants this data, which could stop what appears to be organised white collar crime. We offered it to: The UK Police, Barclaycard, Netbanx and eventually tried an email in the FBI (but got no reply).
What else can we do?
Since the credit companies, on average, do not lose on this, they are not doing what they should be doing, which is to campaign for cards to be able to be checked against addresses online.
It looks as if we are going to have to install a system to detect all transactions coming from Indonesia, via the IP and reject them at source. Now, the cost of implementing THAT when we are currently not losing money seems a crazy solution.
Brutally honest enough?
AVS is most certainly used in the UK !!! Either Netbanx or you have got it wrong ....
You can block access to your server by IP, maybe also by IP range - I don't do this myself so can't tell you how, but if you ask in one of the other forums here (Server Side Scripting? Linux / Unix? Website Technologies?) someone is bound to know.
in .htaccess file include line
Deny From xxx.xxx.xx.xx
an example of denying a particular range:
Deny From 194.82.103*
Thanks for the tip James. I will also check out AVR.
Netbanx have said that they are implementing AVS, but are not exactly optimistic that this will happen in the near future. Which doesn't exactly help people experiencing lots of chargebacks, does it?
WorldPay currently support AVS by contacting the bank (automatically) and WorldPay simply give you the banks response in one of three ways: matched, not matched or not checked.
Not checked means either the card issuer does not support AVS or that their server was unable to be contacted at the time of purchase.
Every person who has a card has given permission for these card companies to store your personal data. The Data Protection Act is not a problem when done this way.
there are also "not supported" (bank or card doesn't support AVS) and "partially matched"
another benefit is pre-authorisation - customer places the order but no money is taken from the customer and no transaction charges are incurred until the retailer manually completes the transaction by clicking a button. this gives retailers 5 days to check if the order is genuine or not - if not, simply ignore it and it will be cancelled after 5 days.
