Chargebacks are something that almost all merchants who accept credit cards will have to deal with at one time or another. In our experience, there is often a lot of bad information about how the chargeback system works and what parties are involved in the chargeback process. We want to briefly overview how the chargeback system works and how this can affect merchants who receive a chargeback from a customer.

Chargebacks can be a costly surprise for the unsuspecting business owner and even more so for merchants in certain higher risk industries, where chargebacks are often a constant burden. Some consumers even know how to use the chargeback system so well, they commit a type of fraud called friendly fraud using the chargeback system.

What is a chargeback?

To begin, a chargeback is essentially a dispute made by a customer or the bank that issued the credit card to the customer. This dispute could be for a number of reasons but essentially they are disputing the validity of a transaction with their card card and a merchant who accepted it. The terms may vary by the type of card and how a transactions is processed, but the ability to request a chargeback is a fundamental protection that comes with all credit and debit cards. Once a chargeback is initiated, it is important for merchants to quickly respond to the chargeback claim, as they will lose the money they had previously received for the transaction if they do not respond.

The chargeback process

A chargeback is initiated when a card holder or their bank feel that a transaction was not valid, for the amount, service, quality of goods that a merchant sold, or a number of other reasons. One of the most common types of chargebacks is simply if a card holder’s credit card number is stolen and used by a thief. Some other common reasons for chargebacks are : defective goods or goods are not as described, non-authorized sale, key data points missing from point of sale system, delay in batching transaction, duplicate transaction or credit not issued and non-delivery of sale item. Unfortunately many of these chargebacks reason codes such as defective or goods not as described can be very subjective and the issuing bank tends to rule heavily in favor of their customer. Also, issuing banks will sometimes initiate a chargeback if the transaction is outside of the normal behavior pattern of the customer, and we’ve seen these types of chargebacks actually happen 3 to 4 months later. If you receive one of these issuing bank chargebacks, it’s a good idea to check with your processor because we have found that in rare cases you’re better off not responding. But, this is only in rare situations so make sure your processor has given you this advice otherwise, you’re guaranteed to lose the chargeback.

When a chargeback is requested, the card issuer files a chargeback request with the merchant’s processor. That processor immediately withdraws the funds for the transaction from the merchant. These are held in a reserve account pending the outcome of the chargeback investigation.

The merchant is then notified by their processor that they have received a chargeback and asked to provide proof that the transaction accepted by the merchant was legitimate. The merchant has 14 days to respond to this request or the issuer will automatically rule against them. Proof for a retail merchant is often a signed receipt and evidence that the card was swiped through a terminal or POS system. Now with the advent of EMV terminals we are seeing more and more chargebacks initiated by card issuers for non-EMV terminals. For Online and other non-retail merchants, proof is often showing tracking numbers and a delivery signature, but in any case it is much more difficult to prove the legitimacy of a transaction where the customer’s card was not electronically captured. Even if a merchant has a signed receipt or invoice, this is not proof of delivery for a non-swipe environment such as a phone or Internet order.

The processor then sends whatever information received from the merchant to the card issuer.

The card issuer then makes a decision on the validity of the transaction, and either returns the collected money back to the merchant, or releases it to the cardholder, depending on which side they rule in favor of.

If the issuer rules in the favor of the cardholder, the merchant may still has an opportunity for arbitration over the validity of the transaction, but there is significant, and irrecoverable, cost to the merchant if they wish to go to arbitration. The cost is $500 to take the case to arbitration and most processors won’t take the case to arbitration unless the merchant has paid the $500 and they feel the merchant has a very good chance of success. The arbitration process then takes another 45 days to complete.

Important points

• Chargebacks can generally be made for 120 – 180 days after a transaction is considered settled. This is important because in the event of custom, recurring, or prepaid products or services, the liability for a chargeback is often considered beginning on the date the transaction and service is considered complete, which may not be the initial date of the sale itself, but the date of the final payment. If the transaction is for a future deliverables the time frame for a chargeback can go up to 540 days.
• Here is a brief description of chargeback time limits:
  • In cases that involve delayed delivery or performance of goods and services, the period is 120 days from the date the goods and services were supposed to be provided.
  • In cases that involve interrupted services that were immediately available, then the 120 days begins when the services cease and the chargeback cannot exceed 540 days from when the services started.
• If you do receive a chargeback, make sure not to refund the transaction! The money from the original transaction is already going to be reversed from your account. Refunding after a chargeback has been initiated can result in losing the recaptured chargeback funds money and not being able to recover the refund you just made. If a chargeback is in process, let the process play out even if the customer is requesting a refund directly.
• It’s important to understand that the card issuer is the one making the decision on whether a transaction was valid or not. The processor acts as an intermediately between the card issuer and the merchant, but they do not have any say in how the issuer rules. They will however help the merchant if there is specific technical information requested by the issuer, such as proof that a transaction was swiped, as well as offering customer support through the chargeback process.
• It may not be obvious as to the processor’s entire role in the payment process, but because of the risk of chargebacks, processors are actually acting as a guarantee and lender to a merchant accepting credit card transactions. The processor is completely labile for the cost of a chargeback if the merchant is unable to repay it. So in essence, a processor is issuing a loan to a merchant, every time they accept a card from a customer. It is only after a period of months when the risk of a chargeback goes to zero, that the money actually guaranteed to the merchant.
• Merchants who receive excessive chargebacks can be terminated by card associations, and in some cases are prohibited from accepting cards again in the future, both personally and the business that received the chargebacks. Card associations will levy hefty fines for merchant who continually exceed allowable chargeback levels. Most processors have their own limits but MasterCard will start fining a merchant if they have chargebacks and refunds over 2% or a total of 150 chargebacks in one month period.

Friendly Chargebacks

A type of fraud that has become increasingly common over the past 10 or so years is called friendly fruad. Friendly fraud is where a legitimate customer requests a chargeback to avoid paying for a good or service while at the same time having no plan on returning the product back to the merchant. Because of certain chargeback protections that favor the consumer, this is still something that many businesses experience. In the case of frindly fraud, if a merchant loses the chargeback, they can use the legal system. either by filing a police report, or can use the small claims or regular court system in effort to try and recover either the payment or the goods that were provided. This can be costly in itself, so it’s a good idea to be 100% sure that friendly fraud has occurred and the cost of goods is worth the time and effort to try and recover.

Retrieval Requests

Before initiating certain chargebacks, the issuer may require a copy of the electronic data or copy of the draft associated with a transaction to substantiate a chargeback. If proper documentation is not given to the issuer, the retrieval request will then move into a chargeback status, and depending on the reasoning behind the retrieval request, the merchant may not be able to win if they didn’t reply to the initial request. Treat retrieval requests like chargebacks if you ever receive one.

LINK TO TIPS ON FIGHTING CHARGEBACKS

http://www.nasdaq.com/article/8-steps-to-fighting-chargeback-fraud-cm478603

http://www.merchantequip.com/information-center/articles/prevent-chargebacks-10-tips/

We’re going to start publishing a series of videos on how to accomplish routine functions on credit card terminals, payment gateways, and other processing equipment. The first video in our series is simple but often requested: How to update the date and time on Verifone VX520 Credit Card Terminals. Additionally, this should work on most other VX model credit card terminals by Verifone.

We’ve been receiving a substantial number of enquiries to add PIN debit to existing merchant accounts. We wanted to clear up what is looking to be a new misconception about different types of cards and acceptance methods.

PIN debit is not EMV!

To briefly summarize, being able to accept PIN debit transactions has absolutely nothing to do with accepting EMV transactions.

We are unsure how this concept is getting traction, but suspect it has something to do with EMV being referred to as Chip and PIN in non-US countries. It also may be due to an older pricing scenario where PIN debit was cheaper to accept than debit run as a credit transaction.

Disregarding the cost of obtaining and encrypting a PINpad, which typically runs from about $100 – $500 depending on the equipment, PIN debit and signature debit were regulated by congress several years ago and now carry the same cost to accept, no matter how the debit card is processed. Additionally, when congress regulated the debit industry, they also allowed debit networks, such as Star or Pulse, and others, to charge monthly fees for processing a transaction over their network. What this means is that unbeknown to a merchant, they may end up with a monthly fee for accepting a PIN debit transaction if it is processed over one of these networks, which the merchant has zero control over. In short, it is likely more expensive to accept PIN debit now than prior to the congressional regulation. PIN debit still does carry the benefit of substantially reduced risk of receiving a chargeback, but most retail merchants rarely see chargebacks on debit transactions, so for most this benefit will be negligible.

If you want to accept PIN debit transactions, by all means accept them. Just know that accepting PIN debit is not going to satisfy any requirement relating to EMV migration and there’s a very good chance that PIN debit will cost slightly more in the form of monthly fees from debit networks.

Previously we talked about a few of the lesser known fraud types that many small businesses encounter.

Part 2 of our series on fraud, covers some tips to help identify and prevent the damages from fraud. Many forms of fraud can be prevented by proactive policies and often with common sense. While some schemes are so well planned that even seasoned professionals have a hard time identifying it, many types of fraud follow recognizable trends and can often be prevented. Here are some tips to help identify, prevent, and mitigate fraud.

General (applies to all business types)

• Create a payment acceptance guide / poster for all employees and keep it readily available. This should be a short, easy to read, list of how payments should be accepted. Anything that is outside of these guidelines should be considered against company policy without approval from a knowlegeable supervisor. Keep this as short and concise as possible, it should be something an employee can review in 20 seconds or less. Most fraud will require an employee to deviate from the normal method of accepting a transaction, and this is meant to immediately prevent the lowest hanging types of fraud.
• Talk to your employees about fraud and encourage them to notify you or a supervisor of anything suspicious or simply out of the ordinary with regard to accepting payments. This will keep everyone on the same page, and can help you and your employees develop better practices and a higher understanding of potential threats.
• Do not ever accept an authorization number from a customer or their bank. Only accept authorization numbers generated when you process a transaction or if you manually call into your credit card processor’s authorization line.
• Don’t allow issuing cash refunds on any credit or debit transaction that was processed as a credit card, and do not allow issuing a refund to any card other than the one used to make a payment. Basically, unless the customer entered a PIN number on a PINpad, only credit back to the original card used to make a purchase.
• Be especially vigilant of customers requesting refunds, credits, or abnormal transactions involving prepaid gift cards. Prepaid gift cards work differently from normal credit and debit cards and some issuers have been known to have large security and functional holes in their authorization and funding systems.

Card Present

• If available at your processor, use a terminal that supports EMV, chipped, cards. EMV eliminates fraud occurring from cards that have been electronically stolen and copied to another card. Businesses with unattended card readers such as gas stations will see the greatest benefit from EMV.
• Make sure a supervisor is required for any returns or credits to a credit or debit card. A very large portion of fraud is committed by employees and customers in the form of issuing credits. The money issued during a credit can be difficult to impossible to account for without vigilant bookkeeping practices. Credits should always be strictly controlled.
• When the card is present, always check the back of the credit card for a signature, before asking for ID. If no signature is present ask the card holder to sign the back of the card, then ask for their ID and see if the name and signatures match.
• Although card brands do not permit requiring an ID as condition of accepting a payment, you can still always ask for one to verify the purchaser is the person standing in front of you and whose name is on the card.
• Be especially vigilant of cards that appear to be damaged, potentially altered, or cards where the beginning numbers don’t match the type of card being offered (Generally beginning with 4 for Visa, 5 for MasterCard, 3 for American Express, and 6 for Discover). After printing a receipt, you can also verify the printed card numbers on the receipt match the numbers on the actual card. When thieves make copies of stolen cards, they often encode them onto cards with a completely different number or an entirely different type of card than the one the numbers were stolen from.
• Be critical of situations where a customer’s payment isn’t typical, such as trying to pay with a series of cards that keep declining, refusing to show an ID, refusing to sign their card, etc.

Card Not Present

• Requesting the CVV code helps ensure that the buyer has physically has the card in hand, or at least had it in their hand at one point. Electronically copied cards will not have the CVV number. While not a guaranteed method, it’s a good step to help protect your business.
• Always use the Addresses Verification System (AVS). AVS verifies that the billing information matches what the card issuer has on file by matching both the street number and the zip code. However, AVS does not work with most international cards, so this may not be as useful to merchants who have a large percentage of customers paying with non-US issued cards.
• Any shipments to the customer should be shipped to the billing address when possible, and shipments with a high dollar value should require a human signature with the carrier. While this can sometimes cause convenience problems, it is the best way to protect your business and guarantee that at least a human was there to receive your shipment.
• Only use shipping services, such as UPS or Fedex, that allow you to cancel or reroute an item after it has been picked up. The only thing worse than taking a loss on fraud, is identifying a transaction as fraudulent and not being able to prevent the package from being delivered after it has been shipped.
• Orders requesting expedited or overnight delivery should be scrutinized more than orders requesting ground or other economy shipping. It is common for customers to want their items quickly, but thieves also want to get products in their hands as quickly as possible, and will almost always pay for the fastest possible shipping method no matter the cost. Anecdotally, in more than 15 years of operating ecommerce sites, we’ve never seen a confirmed fraudulent order shipped anything less than 2nd day air, the vast majority are shipping the fastest and most costly method possible, which is typically Next Day AM or equivalent.
• Searching the shipping address of an order in a search engine can often reveal if the order is being shipped to a forwarding address, an empty or for-sale property, or sometimes even just a vacant lot. All of these situations are a major red flag for potential fraud, and should require further review before fulfilling an order.
• Be especially cautious of orders where the buyer changes the shipping address after ordering. This is a common method used to circumvent AVS and other address based screening methods of identifying fraud.
• Online or phone orders where the buyer is indiscriminate about the cost of shipping or cost of the products being ordered should be considered highly probable for fraud.
• Additionally, any customer asking for a catalog and price list when you have everything on a website should be considered suspect as well. Unsolicited requests for prices, product lists, and what payment methods a business accepts, are often nothing more than electronically generated emails from scammers scraping emails off ecommerce sites.

Additionally, take a look at our 30 second fraud checklist for ecommerce merchants.

The information above is to give you a better idea of what you can do to help protect your business from fraud. Training yourself and your staff can go a long way to protecting your business, especially if you continue to keep that training up to date as your business moves forward. New technologies may help businesses limit their risk in some ways while opening the door to other possible threats, so it important that you keep up with, and understand, the relevant practices of fraudsters. Make sure you implement standard operating procedures within your organization so that you have a baseline to judge potential threats against. Fraudsters are not in the business of getting caught, so if they see a business operating in a manner that is not conducive to their success they will often move to another target.

Previously we talked about a few of the lesser known fraud types that many small businesses encounter.

Part 2 of our series on fraud, covers some tips to help identify and prevent the damages from fraud. Many forms of fraud can be prevented by proactive policies and often with common sense. While some schemes are so well planned that even seasoned professionals have a hard time identifying it, many types of fraud follow recognizable trends and can often be prevented. Here are some tips to help identify, prevent, and mitigate fraud.

General (applies to all business types)

• Create a payment acceptance guide / poster for all employees and keep it readily available. This should be a short, easy to read, list of how payments should be accepted. Anything that is outside of these guidelines should be considered against company policy without approval from a knowlegeable supervisor. Keep this as short and concise as possible, it should be something an employee can review in 20 seconds or less. Most fraud will require an employee to deviate from the normal method of accepting a transaction, and this is meant to immediately prevent the lowest hanging types of fraud.
• Talk to your employees about fraud and encourage them to notify you or a supervisor of anything suspicious or simply out of the ordinary with regard to accepting payments. This will keep everyone on the same page, and can help you and your employees develop better practices and a higher understanding of potential threats.
• Do not ever accept an authorization number from a customer or their bank. Only accept authorization numbers generated when you process a transaction or if you manually call into your credit card processor’s authorization line.
• Don’t allow issuing cash refunds on any credit or debit transaction that was processed as a credit card, and do not allow issuing a refund to any card other than the one used to make a payment. Basically, unless the customer entered a PIN number on a PINpad, only credit back to the original card used to make a purchase.
• Be especially vigilant of customers requesting refunds, credits, or abnormal transactions involving prepaid gift cards. Prepaid gift cards work differently from normal credit and debit cards and some issuers have been known to have large security and functional holes in their authorization and funding systems.

Card Present

• If available at your processor, use a terminal that supports EMV, chipped, cards. EMV eliminates fraud occurring from cards that have been electronically stolen and copied to another card. Businesses with unattended card readers such as gas stations will see the greatest benefit from EMV.
• Make sure a supervisor is required for any returns or credits to a credit or debit card. A very large portion of fraud is committed by employees and customers in the form of issuing credits. The money issued during a credit can be difficult to impossible to account for without vigilant bookkeeping practices. Credits should always be strictly controlled.
• When the card is present, always check the back of the credit card for a signature, before asking for ID. If no signature is present ask the card holder to sign the back of the card, then ask for their ID and see if the name and signatures match.
• Although card brands do not permit requiring an ID as condition of accepting a payment, you can still always ask for one to verify the purchaser is the person standing in front of you and whose name is on the card.
• Be especially vigilant of cards that appear to be damaged, potentially altered, or cards where the beginning numbers don’t match the type of card being offered (Generally beginning with 4 for Visa, 5 for MasterCard, 3 for American Express, and 6 for Discover). After printing a receipt, you can also verify the printed card numbers on the receipt match the numbers on the actual card. When thieves make copies of stolen cards, they often encode them onto cards with a completely different number or an entirely different type of card than the one the numbers were stolen from.
• Be critical of situations where a customer’s payment isn’t typical, such as trying to pay with a series of cards that keep declining, refusing to show an ID, refusing to sign their card, etc.

Card Not Present

• Requesting the CVV code helps ensure that the buyer has physically has the card in hand, or at least had it in their hand at one point. Electronically copied cards will not have the CVV number. While not a guaranteed method, it’s a good step to help protect your business.
• Always use the Addresses Verification System (AVS). AVS verifies that the billing information matches what the card issuer has on file by matching both the street number and the zip code. However, AVS does not work with most international cards, so this may not be as useful to merchants who have a large percentage of customers paying with non-US issued cards.
• Any shipments to the customer should be shipped to the billing address when possible, and shipments with a high dollar value should require a human signature with the carrier. While this can sometimes cause convenience problems, it is the best way to protect your business and guarantee that at least a human was there to receive your shipment.
• Only use shipping services, such as UPS or Fedex, that allow you to cancel or reroute an item after it has been picked up. The only thing worse than taking a loss on fraud, is identifying a transaction as fraudulent and not being able to prevent the package from being delivered after it has been shipped.
• Orders requesting expedited or overnight delivery should be scrutinized more than orders requesting ground or other economy shipping. It is common for customers to want their items quickly, but thieves also want to get products in their hands as quickly as possible, and will almost always pay for the fastest possible shipping method no matter the cost. Anecdotally, in more than 15 years of operating ecommerce sites, we’ve never seen a confirmed fraudulent order shipped anything less than 2nd day air, the vast majority are shipping the fastest and most costly method possible, which is typically Next Day AM or equivalent.
• Searching the shipping address of an order in a search engine can often reveal if the order is being shipped to a forwarding address, an empty or for-sale property, or sometimes even just a vacant lot. All of these situations are a major red flag for potential fraud, and should require further review before fulfilling an order.
• Be especially cautious of orders where the buyer changes the shipping address after ordering. This is a common method used to circumvent AVS and other address based screening methods of identifying fraud.
• Online or phone orders where the buyer is indiscriminate about the cost of shipping or cost of the products being ordered should be considered highly probably for fraud.
• Additionally, any customer asking for a catalog and price list when you have everything on a website should be considered suspect as well. Unsolicited requests for prices, product lists, and what payment methods a business accepts, are often nothing more than electronically generated emails from scammers scraping emails off ecommerce sites.

The information above is to give you a better idea of what you can do to help protect your business from fraud. Training yourself and your staff can go a long way to protecting your business, especially if you continue to keep that training up to date as your business moves forward. New technologies may help businesses limit their risk in some ways while opening the door to other possible threats, so it important that you keep up with, and understand, the relevant practices of fraudsters. Make sure you implement standard operating procedures within your organization so that you have a baseline to judge potential threats against. Fraudsters are not in the business of getting caught, so if they see a business operating in a manner that is not conducive to their success they will often move to another target.

This is the first of a 2 part series on common but under-reported and often unknown types of fraud that many merchants experience. Part 1 will consist of specific example scenarios and types of fraud that merchants experience often without knowing it. Part 2 will consist of ways to prevent, minimize, and identify types of fraud that may be occurring.

Credit card fraud gets talked about a lot, but most of the time the focus moves to card holder protection or a large data breach.  We hear little about the credit card scams that fraudster’s use against the small business owner because it’s hard to sensationalize one business who had a little bit of fraud. In this article we are going to go over some common approaches fraudsters use to go after business and ways your company can protect itself.

Pre-authorized transactions

If I hear about a card holder telling a merchant that they called their bank and got prior approval for a large transaction it immediately sets off my internal fraud alarm. For many people, this statement makes sense, we have all had one of our cards turned down for a completely legitimate transaction, so why wouldn’t a card holder call their issuer if they know they are about to process an abnormally large transaction. Also as a small business owner, a large sale can be a great thing and so it’s easy to get enticed by the sale and want to comply with the customer to make sure it happens.

Whatever you do, don’t take an authorization code from anyone other than your processor.  EVER!!!

I can’t stress this enough, EVER!  You need to control how the authorization code is obtained. Normally your point of sale (POS) transparently takes care of this for you during the transaction process, and rarely, you may need to contact your processor’s voice authorization system for approval. In both of these scenarios there is an electronic trail from your merchant account, through your processor, to the card issuer and back again.  An authorization code will not be valid unless there is a trail connecting your sale to the authorization code.  I also want to highlight that if you call the number on the back of the credit card they should not ever issue approval codes to you. The only authorization code you should ever trust is one obtained through your credit card terminal or POS system or if you call into “your” processor and obtain one over the phone.

So what do you do when presented with this scenario?

Taking any form of payment at this point is a likely business risk. I strongly advise you only accept cash from that customer if anything at all. You can simply tell the customer that your store policy states all authorizations have to come electronically from the terminal/POS (this should be your policy anyway). If you do decide to accept a credit card for the transaction and process it in a normal manner, there is still a measurable chance that the customer is still trying to defraud you. Know that there will be a substantially increased chance of receiving a chargeback. At the very least, make absolutely sure that the customer is the person who’s name is on the card and make sure to swipe the card through your terminal, get a signed receipt, and make sure it matches the signature on their card if there is a legible one. This is such a red flag for a deliberate fraud attempt, it would usually be appropriate to simply turn you customer out the door. The chances are better than not they are attempting to defraud you.

I need to return this

How often do you have a customer who wants to do a return for a refund?  If the original purchase was made on a credit or debit card, without using a PIN number, then you should only refund to the card that was used to make the purchase.  I hear from merchants quite regularly about someone coming to do a return but want cash instead of a credit to their card.  Many times the customer says they just don’t have the card on them, or that it was a gift and if it gets refund to the card, then the cardholder will know their gift was returned. The unfortunate truth is sometimes you get this request its coming from a fraudster.

It’s a simple scam, the merchant takes back the product, gives the customer their cash refund, and the customer then calls their card issuer and disputes the charge saying the business refused to give them a refund. Of course the business will receive the chargeback notice, and respond that they gave a full cash refund, but there won’t be any electronic proof for that refund. The card issuer is basically forced to side with the card holder and the merchant will usually lose. It will then be on the merchant to take legal action against the fraudster. To make matters worse, the merchant’s loss is essentially twice the sale amount. They lose the chargeback, and they lose the money they gave for the refund.

This scenario only applies to credit based transactions.  When you run a PIN debit transaction things are a little different.  Some processors will allow you to do a debit return, however you are going to have to swipe the original card, and the customer will need to re-enter their PIN number to complete the transaction.  Alternately as long as the card has a Visa, MasterCard, Discover, or Amex logo you can do you a normal credit return, without needing the card or the cardholder present.  If the card does not have a major card brand logo on it, you only remaining option is a cash refund.  Keep in mind that card holders can still dispute a PIN debit transaction, however it’s much more difficult.

To hedge your risk, you can offer an in-store credit to the customer. This allows the business to retain the money from the original purchase so if there is a dispute you are not losing a return and chargeback.  If the card holder has not used their in-store credit you can revoke it or any remaining portion.  Unfortunately if they used all of their remaining credit you will have lost the chargeback and a product, however your hard cost on that product will hopefully be less than having issued them a refund and paying for a chargeback.

A really large order

Let’s say you have a small hardware store, and you have a customer walk in and say I need 5,000 chainsaws. Your first thought might be something along the lines of “Cha Ching!”, and sometimes the idea of such a large sale clouds your vision as you have a quick dream of the vacation you will finally take when all that money comes in. Well come back down to earth and get your guard up as this should be the Chernobyl of red flags.
You need to start asking yourself some questions like the following, and try to look at them as an unbiased third party.  Here are just a few quick examples.

• Why does this guy need 5,000 chainsaws?  This is an abnormal purchase for just about anyone.
• In your experience does anything feel off about this customer?  Let your gut feel be your guide.
• Do they seem to care about price?  When people buy in bulk they expect the price to drop, if they don’t, something probably is not right.  If they don’t even ask about price, or are willing to pay a premium, it’s even more of a red flag.
• Why is he/she wanting to buy them from me?  This can be a hard question to not show your bias.
• Are there more oblivious, easier, cheaper, etc. ways for this customer to obtain what they want?   This is more of an extension of the previous question.
• Can my business survive if this sales turns out to be fraud?  Make sure you don’t take on more risk than your business can handle.
• Are they asking for the quickest shipping method possible?
• Are they shipping to a forwarding or foreign address?
• If I were going to legitimately purchase 5,000 chainsaws as a consumer, is this the way I would do it?

Admittedly this example sounds to be on the ridiculous side of things, but this actually happened to a small hardware store. Things that sounds too good to be true usually are. These questions will help keep a realistic view of the situation, and will give ideas as to what questions you want the customer to answer.  If you are not comfortable with the situation you should probably not continue with the sale, or if you do, make sure you only accept cash or equivalent method that protects you from later disputes. I have seen businesses that refused to take this advice, and accepted credit card payment even after being specifically told by their processor not to. Sometimes the loss to the business is so bad, they had to close their doors after their transactions charged back.

Stay tuned for the next edition where we further discuss how to identify, prevent, and minimize the losses from certain types of retail fraud.

Credit Card Fraud, Now Serving Small Business

This is the first of a 2 part series on common but under-reported and often unknown types of fraud that many merchants experience. Part 1 will consist of specific example scenarios and types of fraud that merchants experience often without knowing it. Part 2 will consist of ways to prevent, minimize, and identify types of fraud that may be occurring.

Credit card fraud gets talked about a lot, but most of the time the focus moves to card holder protection or a large data breach.  We hear little about the credit card scams that fraudster’s use against the small business owner because it’s hard to sensationalize one business who had a little bit of fraud. In this article we are going to go over some common approaches fraudsters use to go after business and ways your company can protect itself.

Pre-authorized transactions

If I hear about a card holder telling a merchant that they called their bank and got prior approval for a large transaction it immediately sets off my internal fraud alarm. For many people, this statement makes sense, we have all had one of our cards turned down for a completely legitimate transaction, so why wouldn’t a card holder call their issuer if they know they are about to process an abnormally large transaction. Also as a small business owner, a large sale can be a great thing and so it’s easy to get enticed by the sale and want to comply with the customer to make sure it happens.

Whatever you do, don’t take an authorization code from anyone other than your processor.  EVER!!!

I can’t stress this enough, EVER!  You need to control how the authorization code is obtained. Normally your point of sale (POS) transparently takes care of this for you during the transaction process, and rarely, you may need to contact your processor’s voice authorization system for approval. In both of these scenarios there is an electronic trail from your merchant account, through your processor, to the card issuer and back again.  An authorization code will not be valid unless there is a trail connecting your sale to the authorization code.  I also want to highlight that if you call the number on the back of the credit card they should not ever issue approval codes to you. The only authorization code you should ever trust is one obtained through your credit card terminal or POS system or if you call into “your” processor and obtain one over the phone.

So what do you do when presented with this scenario?

Taking any form of payment at this point is a likely business risk. I strongly advise you only accept cash from that customer if anything at all. You can simply tell the customer that your store policy states all authorizations have to come electronically from the terminal/POS (this should be your policy anyway). If you do decide to accept a credit card for the transaction and process it in a normal manner, there is still a measurable chance that the customer is still trying to defraud you. Know that there will be a substantially increased chance of receiving a chargeback. At the very least, make absolutely sure that the customer is the person who’s name is on the card and make sure to swipe the card through your terminal, get a signed receipt, and make sure it matches the signature on their card if there is a legible one. This is such a red flag for a deliberate fraud attempt, it would usually be appropriate to simply turn you customer out the door. The chances are better than not they are attempting to defraud you.

I need to return this

How often do you have a customer who wants to do a return for a refund?  If the original purchase was made on a credit or debit card, without using a PIN number, then you should only refund to the card that was used to make the purchase.  I hear from merchants quite regularly about someone coming to do a return but want cash instead of a credit to their card.  Many times the customer says they just don’t have the card on them, or that it was a gift and if it gets refund to the card, then the cardholder will know their gift was returned. The unfortunate truth is sometimes you get this request its coming from a fraudster.

It’s a simple scam, the merchant takes back the product, gives the customer their cash refund, and the customer then calls their card issuer and disputes the charge saying the business refused to give them a refund. Of course the business will receive the chargeback notice, and respond that they gave a full cash refund, but there won’t be any electronic proof for that refund. The card issuer is basically forced to side with the card holder and the merchant will usually lose. It will then be on the merchant to take legal action against the fraudster. To make matters worse, the merchant’s loss is essentially twice the sale amount. They lose the chargeback, and they lose the money they gave for the refund.

This scenario only applies to credit based transactions.  When you run a PIN debit transaction things are a little different.  Some processors will allow you to do a debit return, however you are going to have to swipe the original card, and the customer will need to re-enter their PIN number to complete the transaction.  Alternately as long as the card has a Visa, MasterCard, Discover, or Amex logo you can do you a normal credit return, without needing the card or the cardholder present.  If the card does not have a major card brand logo on it, you only remaining option is a cash refund.  Keep in mind that card holders can still dispute a PIN debit transaction, however it’s much more difficult.

To hedge your risk, you can offer an in-store credit to the customer. This allows the business to retain the money from the original purchase so if there is a dispute you are not losing a return and chargeback.  If the card holder has not used their in-store credit you can revoke it or any remaining portion.  Unfortunately if they used all of their remaining credit you will have lost the chargeback and a product, however your hard cost on that product will hopefully be less than having issued them a refund and paying for a chargeback.

A really large order

Let’s say you have a small hardware store, and you have a customer walk in and say I need 5,000 chainsaws. Your first thought might be something along the lines of “Cha Ching!”, and sometimes the idea of such a large sale clouds your vision as you have a quick dream of the vacation you will finally take when all that money comes in. Well come back down to earth and get your guard up as this should be the Chernobyl of red flags.
You need to start asking yourself some questions like the following, and try to look at them as an unbiased third party.  Here are just a few quick examples.

• Why does this guy need 5,000 chainsaws?  This is an abnormal purchase for just about anyone.
• In your experience does anything feel off about this customer?  Let your gut feel be your guide.
• Do they seem to care about price?  When people buy in bulk they expect the price to drop, if they don’t, something probably is not right.  If they don’t even ask about price, or are willing to pay a premium, it’s even more of a red flag.
• Why is he/she wanting to buy them from me?  This can be a hard question to not show your bias.
• Are there more oblivious, easier, cheaper, etc. ways for this customer to obtain what they want?   This is more of an extension of the previous question.
• Can my business survive if this sales turns out to be fraud?  Make sure you don’t take on more risk than your business can handle.
• Are they asking for the quickest shipping method possible?
• Are they shipping to a forwarding or foreign address?
• If I were going to legitimately purchase 5,000 chainsaws as a consumer, is this the way I would do it?

Admittedly this example sounds to be on the ridiculous side of things, but this actually happened to a small hardware store. Things that sounds too good to be true usually are. These questions will help keep a realistic view of the situation, and will give ideas as to what questions you want the customer to answer.  If you are not comfortable with the situation you should probably not continue with the sale, or if you do, make sure you only accept cash or equivalent method that protects you from later disputes. I have seen businesses that refused to take this advice, and accepted credit card payment even after being specifically told by their processor not to. Sometimes the loss to the business is so bad, they had to close their doors after their transactions charged back.

Stay tuned for the next edition where we further discuss how to identify, prevent, and minimize the losses from certain types of retail fraud.

Do you need to process credit cards wirelessly?

In the past there was only one option when it came to truly mobile processing, the cellular credit card terminal. While these devices work great and offer fast stable processing, they can be expensive and usually come with additional monthly cellular fees from a wireless provider. As technology has progressed so have the wireless processing options, like the smartphone or tablet. These devices use an existing smart device and convert it into a credit card terminal.

Square popularized smartphone and tablet processing which is now the fastest growing wireless processing option today. There are currently multiple options when it comes to processing a transaction on a smartphone, and many people don’t realize their existing merchant service provider probably has smartphone processing options already available. If your business has looked at accepting wireless payments in the past and decided it was cost prohibited then it might be time to take another look. We currently offer MS Mobile for our current and new merchant account customers. MS Mobile uses an anti spin card reader that plugs into a headphone jack. Unlike other mobile specific providers, MS Mobile customers still get the same 24 / 7 support for their equipment and services and a dedicated account manager whom they can correspond with for any future needs.

Dejavoo Z9 WiFi Credit Card Terminal

“I thought a Wifi terminal would have a battery?”

We can’t tell you how many times over the years we’ve spoken to merchants who want a terminal they can connect to Wifi, but for years the only offerings were Ethernet based devices. Wifi terminals are becoming more prevalent which is wonderful for those of us who don’t want to run yet another wire to the checkout counter. Many of the Wifi devices miss the mark by leaving out key features that would otherwise make them a go to terminal for almost any merchant. Dejavoo’s Z9 seems like it was designed to be the exception. The Z9’s is a very capable terminal with all the bells and whistles you would expect and a price tag comparable to other terminals with its features.

The Features:

The Z9 Wifi is a small handheld terminal with a 3.5″ color touch screen and built in printer. Dejavoo outfitted this new device not only with features that will keep it relevant for years, but also one of the Wifi cards available in credit card terminals today. As you should expect it supports EMV so it’s ready for the October 1st liability shift and the Z9 is also enabled with NFC so you’re ready to accept contactless payments like ApplePay and Android Pay without additional hardware. One of our favorite features, normally only found on cellular based terminals, is a built in battery, which is hugely beneficial for mobile businesses. This means, if the merchant has access to a WPA-2 or better encrypted Wifi connection, they don’t need to maintain a wireless fee to a cellular provider to use a robust terminal.

Optional Docking Station:

Like everything that’s designed to be small and mobile, WiFi terminals have their drawbacks, however Dejavoo has done a good job of overcoming those with their optional docking station that expands the terminals capabilities. While the terminal itself doesn’t have any connectivity ports like a traditional phone line or Ethernet, the docking station provides those and more. It even adds Bluetooth support allowing it to be wirelessly connected to a separate printer that can hold a much larger paper roll.

Conclusion:

We have been very impressed by the Z9 Wifi after playing with it the past few weeks. It’s a small, easy to use, mobile terminal and with the optional docking station it goes from a compact terminal to an all-around great fit for most any business. The Wifi terminal itself carries a price tag of just $350 which for a Wifi device with EMV, NFC, and a battery, is exceptional. The optional docking station is an additional $85, but for merchants who have a storefront and do mobile events as well, you get a device that is both a small mobile terminal and a counter top work horse.

FANF or Fixed Acquirer Network Fee yet another cost riding on your merchant account.

What is the Fixed Acquirer Network Fee?

After the Durbin Amendment added new regulations regarding payment processing, Visa came up with the Fixed Acquirer Network Fee (FANF) to offset their lost revenue. These new charges that went into effect in April 2012 were one of two sliding scale fee structures, one being based on the number of locations, and the second being based on dollar volume processed in a month. For card present businesses, excluding fast food, the fee will be based on a business’s number of locations, ranging from $2.00 to $85.00 monthly per location. For card not present businesses and fast food the fee is based on monthly processing volume, ranging from $2.00 to $40,000.00 per month. Clearly most businesses are going to stay on the lower side of these ranges and shouldn’t fear a $40,000 FANF fee, as you would need to be processing more than $400 million a month in credit cards.

Can I be exempt from this fee?

Yes! But most businesses will not qualify. There is only one Merchant Category Code (MCC), 8398, that is exempt from paying FANF. MCC 8398 is the code for Fundraising for Charitable and Social Service Organizations. If more than 50% of credit card volume is not for fundraising then the merchant is no longer exempt from paying the fee. Note: Visa is watching closely for miss-categorized businesses as many companies think they qualify under this MCC when they do not.

There is one other exemption, but again probably not going to work out for you… Low to no processing, if you process less than $200 in a month the FANF is $0.00 and charged at 0.15% of volume between $200 and $1250 for card present merchants.

Basically either your business fits perfectly into MCC 8398 or you’re paying FANF.

See full cost tables for Visa’s FANF fee

FANF or Fixed Acquirer Network Fee yet another cost riding on your merchant account.

What is the Fixed Acquirer Network Fee?

After the Durbin Amendment added new regulations regarding payment processing, Visa came up with the Fixed Acquirer Network Fee (FANF) to offset their lost revenue. These new charges that went into effect in April 2012 were one of two sliding scale fee structures, one being based on the number of locations, and the second being based on dollar volume processed in a month. For card present businesses, excluding fast food, the fee will be based on a business’s number of locations, ranging from $2.00 to $85.00 monthly per location. For card not present businesses and fast food the fee is based on monthly processing volume, ranging from $2.00 to $40,000.00 per month. Clearly most businesses are going to stay on the lower side of these ranges and shouldn’t fear a $40,000 FANF fee, as you would need to be processing more than $400 million a month in credit cards.

Can I be exempt from this fee?

Yes! But most businesses will not qualify. There is only one Merchant Category Code (MCC), 8398, that is exempt from paying FANF. MCC 8398 is the code for Fundraising for Charitable and Social Service Organizations. If more than 50% of credit card volume is not for fundraising then the merchant is no longer exempt from paying the fee. Note: Visa is watching closely for miss-categorized businesses as many companies think they qualify under this MCC when they do not.

There is one other exemption, but again probably not going to work out for you… Low to no processing, if you process less than $200 in a month the FANF is $0.00 and charged at 0.15% of volume between $200 and $1250 for card present merchants.

Basically either your business fits perfectly into MCC 8398 or you’re paying FANF.