If your business processes credit cards and/or debit cards through a website shopping cart, the actual card is not able to be swiped, or dipped. That type of transaction is referred to as “card not present.” From a security standpoint, this type of transaction contains the most risk for you as a business owner.
So, what can you do to protect your business from fraud? While there is no perfect solution, there are definitely some best practices you can implement to minimize your risk when processing credit cards and debit cards via a website shopping cart.
Here are 10 ways to stay SECURE when accepting credit cards online.
1. Require full details from cardholder
Make sure your shopping cart requires full name, address, phone number, and email address. If the billing address is different from the shipping address, you should follow-up with a phone call. If you cannot reach the customer, or the reason for the different address seems odd, you should consider not proceeding with the transaction.
2. Verify card information
Collect the account number, expiration date and card security code. Make sure you include the expiration date and the card security code with your transaction authorization. If either doesn’t match, or receives a negative response, you should cancel the transaction.
3. Authorize every transaction
Make sure you receive an approved electronic authorization for every transaction.
4. Do not use voice authorizations
If you cannot obtain an electronic authorization, try again later. Avoid using voice authorizations because they cannot be used to help fight a chargeback.
5. Don’t force authorizations
If your electronic authorization was declined, request an alternative method of payment. Do not force the transaction, as you will not be protected in case of a chargeback.
6. Use Address Verification Service (AVS)
AVS compares the billing address provided by your customer with the billing address on file with the card issuer. If there is an AVS mismatch, you should cancel the transaction, and contact the customer to determine if the mismatch was caused by a data entry error.
7. Add other fraud detection tools to your shopping cart
Contact your gateway provider about their fraud detection tools. An example would be Velocity Filters that detect when the same card makes multiple purchase attempts within a specific period of time, or when multiple purchase attempts are made from the same IP address within a specific period of time.
8. Add a CAPTCHA code to your shopping cart
CAPTCHA codes help determine the card is being entered by a person, instead of a robot or a program. http://captcha.net
9. Settle transactions daily
A daily batch settlement is an easy way to both reduce higher transaction fees (after 24 hours your rate goes up!), and reduce disputes from cardholders.
10. Trust your instinct
A situation that seems too good to be true, or a customer placing a large order under odd circumstances, should raise a red flag and prompt follow up questions. This is not to say that everything out of the norm is fraudulent. However, being pro-active, and asking questions when a situation doesn’t make sense, can really help minimize your risk of fraud or chargeback when processing cards online.