Only a dozen people showed up for the ISPCON session on “E-commerce Fraud” I moderated last Thursday.
The rest of you missed an important story. Credit card companies are cracking down on chargebacks. These occur when, for whatever reason, the credit card companies have to back-out (and charge back) a transaction.
Some chargebacks are inevitable. If someone denies they bought something, or if it takes more than a week to send an order, a transaction is routinely cancelled.
Chargebacks are trouble for banks because they’ve already credited merchant accounts, but haven’t been paid by cardholders. It’s like writing off a loan. Even if the merchant hasn’t spent the money, the bank has still lost the use of it for a time.
So if your chargeback rate with Master Card or Visa is over one percent, you may be in trouble. American Express has already cancelled the accounts of the online sex industry en masse because of chargebacks, and my guess is banks that authorize their Visa and MasterCard customers will be raising fees accordingly.
But the point is this involves more than the sex industry. That’s because online fraud happens, and because the credit card doesn’t leave the customer’s pocket when he or she buys online. In the parlance of the trade, it’s a “card not present” transaction.
With no card present, buyers can deny they bought your goods, because there’s no signed credit card receipt to prove they did. This dramatically increases the risk of chargebacks. One woman, who said she ran a web hosting business, complained bitterly at the Thursday panel about overseas buyers who routinely default on their bills to her. Even when she takes extraordinary steps (demanding addresses, getting signed authorizations), she still gets chargebacks. She says her business is threatened.
The sad fact is, it is. And so is yours. My guess is that, with the Y2K problem a thing of the past, the processing industry is now moving quickly to support Secure Electronic Transactions (SET), which will mean consumers as well as stores will need encryption keys or digital certificates.
Programmers are working on SET implementations, and I expect that will be followed this fall by a big push from banks for “Internet Credit Cards,” which include wallets and encryption keys. My advice is that you ask your acquiring bank and processor when they’ll take SET, and prepare your site now for that day.
There is another step you can take. Commerce Service Providers like Cybersource and ICOMS feature “fraud screens” in their software, screens that let you adjust the risk of chargebacks based on the industry’s transaction history. If you don’t have a CSP, consider getting one, even if your business is relatively modest. If you do have a CSP, make those adjustments, even if it means you lose some business.
One more piece of advice from the Thursday panel deserves repeating. When asked for a refund, grant it. If you can back out of transactions before they settle (it usually takes about a week), you can stop chargebacks before they happen.