Preventing Fraud Recommendations For Dispute Avoidance

Cardholder disputes consume your valuable time and may consume a lot of your money.

Proper communication with shoppers from the beginning and vigilance regarding suspicious transactions help to avoid disputes.

  1. Use E-Next Fraud Screening tools to become aware of transactions that are potentially fraudulent. Before shipping any items, conduct additional investigation using manual checks.
  2. Block names, email addresses, and IP addresses of suspected or known fraudsters with the E-Next Risk Management service.
  3. Whenever the identity of a customer is suspect, conduct additional checks to verify that the individual is genuine. You can never be too careful.
  4. Even if Fraud Screening tools do not flag them, subject out-of-the-ordinary or high value orders to manual checks. A fraudster could have stolen all the information of a legitimate cardholder.
  5. Include clear product or service descriptions featuring a high level of detail on the business website. This will prevent customer claims of misleading information.
  6. Publish the refund policy on the website. This provides reassurance that customers can recoup their money from you rather than being forced to escalate situations to their card issuers.
  7. Provide convenient contact methods for customers to use. If cardholders feel ignored, they may take their disputes directly to card issuers.
  8. Offer realistic timescales for delivery and inform customers of delays. This is part of good customer service and can prevent customers from filing complaints with card issuers that goods were not received.
  9. Immediately refund suspected fraudulent payments and do not ship the items. After payment has been refunded, the cardholder cannot escalate the issue.
  10. If your business trading name differs from your website name, customers might not recognise it. Use a recognisable trading name because this is what appears on customer bank statements. If the existing trading name is not recognisable, contact the merchant account provider to change it.

How to Prevent Online Fraud Video

Preventing Online Fraud: Is The Customer Really Genuine?

Fraudulent use of credit cards poses a major threat to an online business. Transactions that seem out of the ordinary, suspicious, or are of a high value should be manually verified.

Many aspects of fraud detection are simply common sense and the process is not time-consuming. Incorporate manual fraud checks into business processes.

E-Next marks potentially fraudulent transactions with a caution or warning. You should check these transactions in order to:

  • reject high risk payments and
  • avoid rejecting payments that are legitimate but have been tagged potentially fraudulent (due to things like typing mistakes made by shoppers)

If you are not convinced that the individual who placed an order is legitimate, immediately refund the transaction and do not ship the items.

Identify high-risk names, IP addresses, and email addresses through manual checks. Merchants who use the E-Next Risk Management service can block these shopper names, IP ranges and addresses, and email domains and addresses.

Tip: Registered Post

To help protect against fraudulent claims that items were not received, send items by recorded or registered post and request a dated and signed delivery note.

Manual Checks

Name and telephone number

  • Be alert to incorrect formatting or nonsense in the shopper name field. Use http://www.192.com or another service to verify customer details on the electoral role.
  • Transactions are riskier when the customer provides a mobile number as the telephone number.
  • If the customer provides a landline telephone number, use a free online lookup program such as http://www.ukphoneinfo.com/section/tci/locator.shtml (UK only) to verify that the telephone number area code and the address match.

Address

Most fraudsters who obtain data by coping information from a card do not have the billing address of the authorized user. Look for these indicators:

  1. Incomplete billing address
  2. Different billing and delivery addresses
  3. Boarding house, hotel, or other temporary address
  4. Deliveries to an airport or another unlikely address (such as an industrial estate for a transaction that is not business-to-business)
  5. Export delivery address, particularly in a high-risk country (refer to the information on the Country Checks page)
  6. Customer refusing to confirm billing address and debit or credit card details

These are not always evidence of a fraudulent transaction. For example, a shopper may request that an order be delivered to a hotel address, not the billing address, due to being on holiday. However, it is always smart to check these situations. Verify customer names and addresses with the UK Electoral Register or a local equivalent.

If running these checks does not convince you that a customer is legitimate, consider checking the ID of the individual and trying to confirm that the person is the genuine cardholder. Request a copy of one of the following:

  • Driving license or passport
  • Utility bill for an address that matches the provided billing address
  • Credit card or bank statement reflecting the billing address (allow the customer to obscure sensitive information)

As a merchant, you bear responsibility for managing sensitive and confidential information so these details should be securely filed or destroyed after being used.

IP Address

  • Use a free lookup tool for IP addresses such as http://www.ip-to-location.com/free.asp to verify that the billing country and IP address listed on the order confirmation match. To find other tools, search for “IP look up tools” or enter similar terms online.
  • With the E-Next Risk Management service, you can block transactions from known fraudulent IP addresses automatically.

Email

  • Realize that an email address from a free site such as Hotmail is riskier than one that requires user registration through an ISP.
  • To verify an email address, try to access the email domain name within an online browser. You may discover that the domain is registered abroad or is not registered. To help confirm the existence of an email address use http://www.verify-email.org or a similar website. Note that this will not work for all email providers.
  • To confirm that an email address is active, send an email to it and verify that this is not returned as undeliverable by your email server.
  • Shoppers sometimes make mistakes when entering their email addresses. They often misspell .com, .co, or .uk or enter another character for the @ symbol. Compare the name of the customer to his or her email address to spot an obvious spelling error.
  • If you cannot reach the customer through email and cannot identify an obvious mistake, contact the customer using the provided telephone number.
    Orders

Look for these signs of potential fraud:

  1. An order of an unusually large quantity of an item without a noticeable preference for make, model, colour, or size
  2. An existing customer ordering an unusually large amount of items
  3. An order that is unusually large or small
    A repeat order quickly following an order that is unusual
  4. Orders of multiples or a top-of-the-range item
  5. Use of several different cards to attempt multiple transactions. This process, referred to as card testing, is used to confirm that a card is valid and a transaction using it will receive authorization.
  6. Use the provided telephone number to contact the customer and confirm details of the order. This will verify that the customer and telephone number are legitimate.

Delivery

If one of the following situations is identified, it is worthy of checking, though it is not always evidence of fraud:

  • Request for expedited delivery
  • No regard for delivery cost (legitimate shoppers typically avoid expensive delivery charges)
  • Delivery and billing addresses do not match
  • Request to leave items on the doorstep or similar area
  • Boarding house, hotel, or other temporary address
  • Export delivery address, especially to a high-risk country (see the list below)

To assure that the transaction is legitimate, further checks are recommended.

Tip: Intercept Services

When using a courier to sent items, instruct it not to accept “redirect” or “intercept” services that allow customers (including fraudsters) to make changes to delivery addresses when shipments are in transit.

High-Risk Countries

These countries are among those with higher fraud risk:

  • Algeria
  • Argentina
  • Belarus
  • Bulgaria
  • Indonesia
  • Lithuania
  • Macedonia
  • Nigeria
  • Philippines
  • Romania
  • Russian Federation
  • Ukraine
  • Yugoslavia

Fraudsters know many ways to use cards to get money from customers and goods or services from your business.

Protect your profits, your business, and your customers by using the E-Next fraud prevention service and conducting manual checks.

PCI DSS A Concise Explanation

Visa, MasterCard, and other card schemes must ensure that merchants protect customers from criminals and hackers. Many fraudulent individuals target cardholder data with several recent, high-profile breaches of security taking place around the globe.

PCI DSS Explained

In the payment cards industry, security standards are managed by the PCI Security Standards Council created by American Express, Discover, JCB, MasterCard, and Visa.

The Council works within five major areas:

  • Developing and maintaining an industry-wide, global security standard for technical data that protects account information of cardholders
  • Reducing lead times and costs for Data Security Standard implementation. The council aims to create and ensure compliance with general technical standards and auditing procedures.
  • Publishing an online list of qualified and globally available providers of security solutions to assist with industry compliance
  • Leading education, training, and a streamlined certification process for Approved Scanning Vendors (ASVs) and Qualified Security Assessors (QSAs). This results in all five founding members recognizing the same source of approval.
  • Providing a transparent environment for the contribution of data security standard development, enhancement, and distribution on an ongoing basis

When a legitimate documented business or technical constraint renders an entity unable to explicitly meet a state requirement but the entity has implemented other controls to mitigate associated risk, compensating controls may be taken into consideration.

Level 1

A merchant with more than six million MasterCard or Visa transactions annually AND identified as a level 1 merchant by a card scheme or compromised within the past year.

  • Quality Security Assessor (QSA) Annual Report on Compliance (ROC) or
  • Internal Security Assessor (ISA) Annual Report on Compliance (ROC)
  • Attestation of Compliance Form
  • Quarterly network scan conducted by an Approved Scan Vendor (ASV)

Level 2

A merchant processing one to six million MasterCard or Visa transactions annually.

• Quality Security Assessor (QSA) Annual Report on Compliance (ROC) or

• Internal Security Assessor (ISA) Annual Report on Compliance (ROC)

• Attestation of Compliance Form

• Quarterly network scan conducted by an Approved Scan Vendor (ASV)

Level 3

A merchant processing 20,000 to one million MasterCard or Visa eCommerce transactions annually.

  • Annual Self Assessment Questionnaire (SAQ)
  • Attestation of Compliance Form (included in the SAQ)
  • If applicable: Quarterly network scan conducted by an Approved Scan Vendor (ASV)

Level 4

A merchant processing fewer than 20,000 MasterCard or Visa eCommerce transactions annually and other merchants processing a maximum of one million MasterCard or Visa transactions annually

  • Annual Self Assessment Questionnaire (SAQ)
  • Attestation of Compliance Form (included in the SAQ)
  • If applicable: Quarterly network scan conducted by an Approved Scan Vendor (ASV)

If your business is not compliant with Payment Card Industry Data Security Standards (PCI DSS), you will be responsible for fraud-related losses and may face substantial fines. Customers will be affected by a compromise of their card details.

As a result, the reputation of your business will suffer. Merchant Terms & Conditions include PCI compliance responsibility.

Online Credit Card Fraud – Key Factors

Online businesses and their customers are encountering online fraud on an increasing basis. Fraudsters use stolen card details to target online payments.

Before you begin selling online, understand that your business will be held responsible for all fraudulent transactions it processes.

Be Responsible

The responsibility of determining whether a customer is genuine rests on you. Failing to do this will render you liable for reimbursement for unauthorized card use.

There is some good news. E-Next offers fraud-battling tools that help your business reduce its fraud-related losses.

However, you must also take individual measures to prevent fraud. New online companies that do not do this may find themselves out of business within just six months.

In addition, you must ensure that stored card payment information is protected from fraudsters and hackers who may try to steal credit card details. This compliance is necessary to meet card scheme requirements (referred to as the Payment Card Industry Data Security Standard, abbreviated PCI DSS) pertaining to the protection of cardholder data.

Data breaches or non-compliance can result in large fines. Therefore, before your business begins accepting payments, you must understand your obligations. For more information, refer to our PCI DSS page.

Why fraudsters target e-business

Since you do not physically interact with the cardholder or the card, you cannot:

  • physically check the security features of the card to verify that the card is genuine
  • require a PIN or signature to verify that the consumer is the legitimate cardholder
  • guarantee that the legitimate cardholder has provided payment information

Some retailers doing business online do not understand the associated risks so they do not make any effort to prevent fraud. As a result, they become easy targets.

Is my business at risk?

All kinds of e-businesses experience fraud but certain types of products and businesses are particularly attractive. If you offer any of the services or products below, we recommend reviewing your fraud tools, controls, and relevant company policy to ensure that your business is protected:

  1. Gaming
  2. Financial services
  3. Travel
  4. Electrical or computer goods including gadgets, videogames, and electronic toys
  5. Telecommunications (particularly Voice-over-IP) and technology
  6. Web hosting and domain name registration
  7. Furniture, particularly contemporary and modern
  8. Clothing, jewellery, accessories (sunglasses, handbags, etc.) and other fashion items
  9. Charities (often susceptible to card testing that involves making small payments to verify that the card is authorized and then using the card to purchase costly services or goods)
  10. Goods that can be downloaded
  11. Other items that are in demand and can be re-sold quickly and easily

Whether or not your business is at high risk, focus on protecting it from fraud. The following information will help you identify fraudulent activity and take action before it can harm your customers and your business:

Spotting Fraud

In addition to using the fraud detection tools provide by E-Next, you should be alert to other indications of suspicious payments.

A payment that is potentially fraudulent is not in line with the average purchase or customer.

Many fraudulent payments share these attributes:

  • high-value orders
  • high-quantity orders
  • late night orders
  • orders placed from high-risk countries (our Support site offers more details)
  • guest house, hotel, or P.O. box addresses
  • different billing and shipping addresses or different billing/card issue country and IP country
  • email addresses through free or anonymous services
  • mobile number vs. landline
  • inconsistent customer details with multiple purchases (ex: different address or name but same email address)
  • frequent purchases
  • indiscriminate purchases
  • express delivery
  • frequent contact made by nervous customer
  • suspicious customer behaviour

It is good sense to verify these transactions so we recommend doing it.

Case Study

We have created three ways to identify transactions that are potentially fraudulent:

  • Traditional detective work
  • No time to check
  • Honey Trap

Traditional Detective Work

If an order seems too good to be true, it most likely is. We contact the customer to make him/her aware of a possible payment issue. At that time, we request three additional pieces of information:

  • work telephone number
  • home landline number (if only a mobile number was provided)
  • work email address (if only a free/anonymous address was provided)

We use online resources to verify this information and we call the provided telephone numbers. Taking just a few extra minutes before processing the transaction saves hours creating and distributing items for which payment may never be received. Though you may encounter an honest customer who is upset by the enquiry, this individual will probably feel appreciative that his or her card security was taken so seriously.

No Time to Check

Fraudsters often try to place orders at the last minute, hoping that these will proceed through a system unnoticed and they will not be contacted. We are suspicious of any large orders placed during the final minutes of availability.

Honey Trap

Say a suspicious customer orders a birthday cake. We then offer several additional related products including a party pack that is drastically overpriced and includes only cups, plates, candles, and banners. Past experience has revealed that individuals using stolen credit cards are not concerned about the value they are receiving for their money.

They will take advantage of all the “extras,” even those that are not good values, because they are not going to be paying for their orders.

An Explanation Of UK Payment Gateways

uk payment gateways

A payment gateway is an infrastructure that authorizes a seller to accept credit or debit cards or other types of electronic payments. It represents an electronic version of the traditional point of sale such as a cash register.

Encryption of debit and credit card payments ensures that data sent through a gateway is secure. Gateways are widely used but few people understand these systems and how they work.

Below, we offer a more in-depth look at how the UK payment gateway operates.

The Payment Gateway for Transactions

To explain how a payment gateway works, we will use the scenario of a customer who places an order online and uses a credit card to pay for it:

• The customer selects the items and enters card payment details. The Web browser encrypts the card number and transmits it to the browser used by the merchant.

• The merchant submits this encrypted data to the payment gateway.

• Upon receiving the encrypted data, the gateway forwards it to the payment processor used by the seller’s bank.

• The transaction is then forwarded to the customer’s credit card company.

• The credit card company approves or rejects the payment and relays this message to the gateway.

• The gateway conveys the message to the website so the customer knows whether or not the transaction was successful.

The entire process above takes place in approximately three seconds!

How Does a Seller Receive Its Money?

A seller batches its approved sales and submits each batch to its bank, usually on a daily basis. The bank deposits the appropriate funds into the account held by the seller, which usually takes between three and five working days. Once the payment has cleared, the seller sees the transactions on the bank statement.

How Does A Payment Gateway Work Video

Is This Process Secure?

Since the information transmitted through the payment gateway is encrypted, it is considered secure. A 3D secure protocol was introduced in recent years to increase the level of security in this process. This requires the customer to enter specific digits from a password unique to the debit or credit card being used for payment. If the customer cannot do this, details regarding the card are not submitted to the gateway and the order is not completed.

A gateway plays a vital role in processing electronic payments online and via telephone. It serves as a link between the credit card company or bank of the buyer and the bank of the seller. Information being transmitted is encrypted at each stage of the process, ensuring that it remains secure.

This process is very quick, taking place in mere seconds. Money transfers to sellers may take up to five working days but are usually made much more quickly.

Payment gateways have become important to daily life by ensuring that the banking information of the buyer and seller remain secure. Online shopping continues to become more popular so this system is expected to continue its fast pace of growth.

Need more information on UK Payment Gateways for your business? Request a free call-back or obligation free consultation. Click Here to make an enquiry via our short application form.

Website and Online Payments

payments through webpage image

Take payments through your website Integrate A PayPage into your business website.

If you use a generic shopping cart such as Interpire, Magento, or ZenCart, contact us to learn more about our compatible shopping carts.

We may have a compatible plug-in that you can use.

If you cannot find your shopping cart on the list, submit an Integration Request via one of our forms.

We will research creating a compatible plug-in for you.

If you use a bespoke shopping cart, review our Developer Support pages for information on the Gateway API, methods of integration, and documentation to help your developer or you create customized integration with your existing shopping cart.

Pay Page Types And Comparison Table:

paypage comparison image

Need more information on taking website payments and pay pages? Request a free call-back or obligation free consultation. Click Here to make an enquiry via our short application form.

A Virtual Terminal Is A Simple Flexible And Cost Effective Option

payments over phone image

Taking payments via telephone requires a secure process that is simple and fast…

With a Virtual Terminal, it is easy to take telephone card payments. If you are a high-street takeaway, florist, or other business that takes orders over the phone, Virtual Terminal is an efficient and flexible way for you to take payments.

Online Service Option

If you have access to an Internet connection, you can use Virtual Terminal to take payments. Log in to a secure and dedicated Virtual Terminal page and enter the customer card details. We process the transaction securely and provide transaction authorization or confirmation immediately. Within 3 working days, we deposit the payment into your designated bank account.

Document Transactions

Our Merchant Management System maintains a record of each transaction in a single, secure location. Use this information to create Excel reports or print a transaction history. Our Merchant Management System reduces the amount of time you spend on administration so you can spend more time operating your business.

Extend Services

When you take payments over the phone, you extend business services to a wider audience and increase potential income. Use an Internet connection and Virtual Terminal to take payments anywhere.

No Technical Skills Required

Virtual Terminal does not involve technical setup or configuration on your part. To learn more about using Virtual Terminal to take payments via telephone, speak with one of our knowledgeable payment specialists.

The Virtual Terminal Process:

1) Use a Web-enabled device to log into your dedicated and secure Virtual Terminal. You can even use a mobile device or tablet with a WiFi connection.

2) Enter the debit or credit card information for your customer

3) We process the transaction securely

4) We immediately provide authorization or confirmation of the transaction so there is no need to wait

Need more information on taking telephone or card payments & virtual terminals? Request a free call-back or obligation free consultation. Click Here to make an enquiry via our short application form.

Take Payments Via Email – Pay By Link

payment through email image

Our Email payment solution is easy to set up, simple, and fast

PayByLink lets you create unique and customized payment links to a Hosted Payment Page that is secure and perfect for sending to customers to request invoice payment.

Pre-set a single-use link with a reference number and fixed amount, creating a unique link for each invoice.

PayByLink is a quick and easy way to accept secure debt and credit card payments online:

• Simple way to receive one-off payments for goods or services

• Create payment links and post them into invoices

• Almost instant payment processing

• FREE merchant management system that provides real time payment reporting

• FREE UK based support via telephone and email

• FREE ongoing maintenance

A website is not required to use email payment links. If your business takes place on the road or involves the provision of services, this is a flexible way for clients to submit payments.

Email payment links are commonly used with invoices so whether you are a beautician, builder, or offer personal training services, PayByLink is a smart and flexible way to request and take payments.

Speak with one of our payment specialists to learn more and have a personal payment link established.

Simple PayByLink Process:

1) Log into the PayByLink secure administration system

2) Enter your reference number and the payment amount to create a new PayByLink

3) Add the PayByLink to an invoice or email it to the customer

4) The customer follows the link to the Hosted PayPage, enters credit or debit card details, and submits a payment

5) We securely process the transaction and within 3 working days, you receive the funds in your account

Need more information on taking payments via e-mail? Request a free call-back or obligation free consultation. Click Here to make an enquiry via our short application form.