Ways to avoid chargebacks on your merchant account

Published on April 28, 2012 Ways to avoid chargebacks on your merchant account

Chargebacks occur when a customer disputes a credit card transaction after they see it on their statement. The bank refunds the transaction directly from your bank account, and usually charges you a fee “for the privilege” as well.

The usual cause is credit card fraud that wasn’t detected by your business processes or the credit card fraud detection systems at the time the transaction was conducted, in which case there’s usually very little that you can about it – but not nothing!

So long as you have covered off all of the normal security things that you should do as part of your daily business operating procedure, you are generally well protected against chargebacks.

What are the things you should be doing?

As a merchant, how can you avoid chargebacks on your merchant bank account? There are broadly three main things that you can do:

• Follow “safe” credit card business practices
• Use the built-in tools from your gateway providers if they offer them, OR use a third party service that you can pay for like Maxmind to generate a fraud risk store
• Don’t make your site a target for dodgy operators.

Safe credit card business practices

There are a number of ways you can play it safe when it comes to avoiding chargebacks on your credit card merchant account. Here are just some of the things you can do:

• When you get a sale from an international customer in a country you haven’t dealt with before, or is high risk, then take extra precautions. Ask the customer to scan the front and back of the credit card they are using and send it through to you by fax or email.
• Check that the credit card number comes from the bank that is in the scan. You can do this by taking the first 6 digits of the credit card’s number and entering them into a card identifier database like the one at BINchecker.com – see if it returns the same bank as what is shown in the card scan
• If your shopping cart records the location of the purchaser (via an IP address, go to a service like ip2location.com and look up that location. Does it make sense compared to the billing and shipping details
• Don’t ship to high risk credit card countries
• Look at the billing and shipping addresses – do these make sense for the location of the customer and the type of order?

Use the tools your shopping cart or gateway offers you

• Country blocking – delete countries known to be high risk for credit card so people in those countries won’t be able to sign up accounts with you. It won’t stop them from trying with fake addresses, but makes it less worth their while.
• If your cart has a country blocking component then ask your provider to install it and use it to block traffic from the countries you don’t want to have buy from you. This service is available for Ozcart customers, for example.
• If your cart has a facility for third party checking through a service like Maxmind, and your payment gateway doesn’t provide this service, then take advantage of it. It’s often built-in at no extra cost.
• If your payment gateway has a service for fraud score checking, then take advantage of that and block transactions that your gateway feels are suspicious.
• If your shopping cart provider offers SSL to encrypt the data in your checkout, then use it – even if your payment gateway doesn’t require it. Encryption keeps out “card sniffers” which are software tools (like computer viruses) that try to intercept and decipher internet traffic and extract credit card information out of them.

Don’t make your site a target

• Just like a sticker reminding potential intruders that your car or house is alarmed can help protect those valuable assets, so too can reminding potential intruders of the security features you have on your site. If you’re using SSL to protect your site, display the logos to prove it. If you’re using a daily checking service like McAfee Secure or Comodo Hacker Guardian, display the seals on your site too. If you’re using McAfee fraud scoring, it’s good to publish that logo too.
• Follow other security procedures that are best practice – like changing the default folder names of your admin area, enforcing stronger passwords for your customer accounts, and so on, so that if dodgy operators try out your site they feel like you’re well protected and perhaps not worth the hassle – there are millions of other easy targets that they can put dodgy transactions through instead.
• Bots are looking for easy targets first, so if you take the basic steps to protect your website won’t totally protect you, but it will make you less likely to be an easy target.

There are many more things you can do, but the lists above are a good starting point to get you thinking about security and protecting your hard earned income from a chargeback.