Credit Card Processing

By Wendy J Woudstra

Credit card fraud is a serious business for online and retail shops. While consumers are protected by credit card companies against credit card theft and fraud, retailers are not only responsible for the fraudulent charge and merchandise, but are also levied an additional charge-back fee as well. Worse yet, if you experience a high number of charge-backs, your merchant account may face increased per-transaction fees, or get cancelled entirely.

It is essential, therefore, that retailers do as much as possible to prevent this kind of theft, without overly inconveniencing their customers.

Online orders

Online businesses are increasingly falling prey to credit card fraudsters. Card-not-present transactions are always riskier for merchants, but there are some ways to mitigate the risk, such as requiring card holders to enter their card verification value (CVV) number from the back of their card, as well as the billing address associated with their card for AVS verification.

Also, track the IP address of every online transaction. Many fraudulent transactions come from countries such as Nigeria and Romania, so IP addresses originating in those regions are suspect. You can also check the IP address against a list of anonymous proxies before approving the transaction. Most professional fraudsters will hide their actual IP addresses by using a proxy.

The Payment Card Industry Data Security Standards Council (PCI DSS) has established a set of standards to which credit card payment processors are expected to adhere. Requirements include the ability to detect and react to any security breaches. All information, including customer names and addresses, must be maintained in a secure manner. Sage Payment Solutions and Premier Merchant Processing are PCI-compliant providers.

Having a Secure Sockets Layer (SSL) certificate on your e-commerce website is another assurance to consumers that your site provides security. The service can be obtained from your hosting provider or outside sources.

SSL uses encryption for transmitted data. A client uses the server's key to encrypt information, and the server uses the key from the client's certificate to translate the data. If authentication fails during any step in the process, the session is terminated. SSL-secured sites can be identified by a URL that begins with HTTPS, for Hypertext Transfer Protocol Secure.

When you are shopping for online payment services, ask what type of security the providers offer. Let your customers know that their information is handled securely and they will have confidence in your business.

Card present orders

In order to prevent card-present fraud at retail stores, merchants should alert their employees to watch out for certain behaviors, such as bulk purchases of items that are easily resold. While it may be that someone is buying everyone she knows an iPod, it could also be someone racking up charges on a stolen card in order to sell the merchandise later.

It should also be a strong policy to check the customer's signature on the credit slip with the signature on the back of the card, as well as the security features on each card. Train your employees to look for tampering on the security features of Visa and Mastercards, including the embossing, the hologram and the signature panels.

You may also wish to require additional identification on orders over a certain dollar amount in order to compare signatures against a second source such as a driver's license. If you post your policy near the cash registers, customers will be prepared to show the identification and won't be too inconvenienced.

While some losses due to card fraud will happen, you can reduce your risk by being aware of the dangers and taking measures to protect your business against them.