best practices for card not present chargebacks - woman taking credit card payment over the phone

Best practices for card not present chargebacks

Sunday, December 14, 2014
When it comes to your business, there are many ways to accept payments. And while your business most likely accepts multiple forms of payment, not all payment methods carry the same amount of risk. One of the toughest payment types to monitor is card not present transactions. So in this article, we’ll take a look at card not present transactions to learn more about what they are and why they’re more prone to fraudulent transactions. Then, we’ll take a look at how to institute best practices for accepting card not present transactions at your small business.

Card not present transactions: what are they?

Like it sounds, a card-not-present transaction (also called a CNP transaction) occurs when a credit card or debit card is not physically present during a transaction. There are a variety of reasons why a transaction may be a CNP transaction. For example, maybe your business only provides takeout, and customers can place their order online or give you their card details — like their credit card number, expiration date, and security code — over the phone. These are both CNP transactions because the card is not present at the business when the transaction is happening. 

Here are a few other examples of CNP transactions: invoices that a customer pays to business owners like you online, a recurring payment for goods or services that bills automatically, mail orders, ecommerce transactions and card-on-file transactions.

In contrast, in person payments are known as card present transactions. For a card to be a card present transaction, the payment has to happen in person at the time of the sale. Card present transactions involve credit card processing at the point of sale (POS) system or payment terminal. Customers use their physical credit card to pay, swiping in the magnetic stripe card reader or by using an EMV chip card to tap to pay or another contactless payment method like Apple Pay or Google Pay.

Because a physical card is not present during a CNP transaction, it makes it easier for customers to buy things even if they don’t have their physical card. However, it also makes it easier for fraudsters to get their information and use it at your business. Payment processors, card brands, and issuing banks all know these types of transactions have a greater risk for fraud because cardholder information is more difficult to verify in these types of transactions. That means there’s a higher risk of chargebacks as well. Let’s take a look at three types of CNP chargebacks your business could encounter.

Three common types of card not present chargebacks

Now that you know more about card not present transactions, let’s talk about the most common types of card not present chargebacks you’ll experience at your business.

Criminal fraud chargebacks

These types of chargebacks happen when a fraudster steals someone’s credit card information. They often don’t have to even have the credit card in question. While you may not be able to completely stop this type of chargeback, you can help to prevent it. 

With CNP fraud, fraudsters will try to maximize the purchases they make in a short period of time before someone catches on to the fraud. So new orders or larger than normal orders should require more of your attention to confirm they are legitimate orders. Fraudsters also may use multiple cards with different numbers shipped to the same address. You can also use fraud prevention tools to help you verify the cardholder and their information. These tools give you a way to double check your customers, providing another layer of authentication.

  • Address verification service (AVS): This gives you the opportunity to compare the billing address the customer gave you during the transaction to the billing address the customer listed at the issuing bank. If the address the customer provides doesn't match the address on file at the card issuer, you can decline the card and avert fraud.
  • Card security codes: These are the three or four digit (Amex only) numbers on the back of the customer’s credit card, usually around the signature panel. Each credit card network calls it something different: CVV2 for Visa cards, CVC2 for Mastercard, and CID for Discover and American Express. Requiring these CVC, CID, or CVV numbers ensures that the customer has the card in their possession when making an online purchase.

Merchant error chargebacks

The second type of chargeback is a merchant error chargeback. This type of chargeback happens when a cardholder states that they didn’t get what they paid for per their agreement with the merchant. This type of chargeback can also come up if a merchant erroneously charges someone for an incorrect, duplicate or unauthorized transaction. Often, these chargebacks are online payments or purchases.

In this type of transaction, you should keep a close eye on the transaction you are processing. It’s important to submit transactions in a timely manner and to only process the transaction once. If you run an ecommerce business, it’s paramount that your product descriptions and photos clearly and accurately reflect the actual products. You should also ensure your billing descriptor is accurate and reflects your actual business name. Otherwise, you may be susceptible to unhappy customers and more chargebacks as a result.

Friendly fraud chargebacks

The third type of common chargeback is friendly fraud chargebacks. This is a group of chargebacks that are a result of a customer filing a chargeback under false pretenses. This could be them trying to get the product for free and filing a chargeback with their credit card company, saying they were unable to contact you. It could also be them not remembering your billing information and not recalling a certain charge. A friendly fraudster could also file a chargeback as a result of a poor customer service experience or not fully understanding your company’s return policy.

To avoid these types of chargebacks, it’s important to communicate your company’s policies regarding returns and exchanges. It’s also important to have safeguards like delivery confirmation in order to ensure you’re protecting yourself from these scenarios. If not, the best way to dispute these chargebacks is through the chargeback representment process.

Now that you know more about common types of chargebacks and why they happen in card-not-present transactions, let’s talk about the best practices for accepting CNP transactions at your business.

CNP transaction best practices

When it comes to accepting transactions in which the card isn’t physically present in your business, there are some steps you can take that will help you reduce chargebacks and ensure a smooth transaction. Let’s take a look at some of the best practices.

Never save customer data on unsecured platforms

When you take customer payment information, it’s best to take this information through a secure payment gateway. Entering it directly into your virtual terminal is the best way to protect your customer and your business. Also, don’t ask customers to send any type of credit card information over unsecured channels like email, text, or live chat. By doing so, their data is at a higher risk of falling into the hands of bad actors. That’s why it’s critical to have the right technology to keep your customer’s information safe.

Present your business information clearly 

Make sure that all of your business’s information is clear and up-to-date starting with your billing descriptor for credit card statements. If a customer doesn’t recognize the charge from you on their statement, it can lead to chargebacks and headaches for your business. One way to ensure the information is clear is to run test transactions, so you can be certain it’s displaying properly for customers. You’ll also want to make sure that your contact information, including a business email and phone number, is visible and easy to find on each page of your company’s website as well as any email correspondence your business sends to customers. 

Confirm the customer’s address with the AVS

As we’ve already mentioned, the address verification system (AVS) is an invaluable tool for your business. You should always verify the billing address of the customer and then cross-check it to confirm that it’s the same as the AVS has on file with the credit card company. For CNP transactions, this is even more important than in-person transactions. Having all of this information to reference can also help your business if the transaction happens to be fraud or if you have to dispute a potential chargeback.

Know the current PCI compliance guidelines

Payment card industry (PCI) compliance is important because it is the standard that all businesses must follow to protect customer data. Therefore, it’s important that your operation is PCI compliant. Luckily, if you work with a payment processor or merchant services provider, that entity works hard to ensure their products and services meet the PCI compliance standards. As a small business, even if you don’t have time to learn the ins and outs of the guidelines, it’s important to find a payment processing partner that does.

In this article, we talked about the best practices for accepting card not present payments at your business. Now, you’ll be able to help spot and prevent fraud while protecting your lifeblood, your business. 

Ready to work with a payment processor who can help you navigate card not present transactions?

Heartland is the point of sale, payments and payroll solution of choice for entrepreneurs that need human-centered technology to sell more, keep customers coming back and spend less time in the back office. Nearly 1,000,000 businesses trust us to guide them through market changes and technology challenges, so they can stay competitive and focus on building remarkable businesses instead of managing the daily grind.