Minimizing Chargebacks and Disputes
AGMS is willing and eager to make our industry knowledge and experience available to all of our clients as a resource to help defend against chargebacks and fraud. As your credit card processor, we serve as your payments expert to help you establish and maintain effective controls and protections so that your business can thrive.
Minimizing disputes and mitigating fraud is a very complex challenge, made even more complex by the very sophisticated system of rules and technology put in place by the credit card companies. Ultimately, any successful and effective prevention program comes down to a business taking the issue seriously and constantly working to improve and evolve their measures specific for their situation. This section is intended to serve as general guideline of best practices, recommendations, and places to start to help form a solid foundation for the ideal program for a specific business.
Good Customer Communication
Many disputes are caused by simple miscommunications and misunderstandings between a customer and a business. The Communication tab offers some points to consider to help ensure that a customer never feels that their only option is to file a dispute with their credit card company.
Fraud Prevention Steps
Credit card fraud is an exponentially increasing source of disputes, chargebacks, and losses making businesses additional victims of the crime. The Fraud tab offers operational and technical recommendations to jumpstart effective fraud prevention policies and procedures.
Authorization, Capture, and Shipping Timeframes
Some businesses simply take longer to build, manufacture, ship, or provide their product or service to their customer, while others experience the occassional backorder or delay. When it takes longer to deliver a product or service, the risk for a chargeback also increases and special considerations come into play with rules and regulations. The Timeframes tab attempts to provide some clarify into the various rules, regulations, guidelines, and best practices that come with longer fulfillment times.
Good Customer Communication
One of the most common reasons that a customer disputes and charges back a transaction is also the simplest to avoid: poor communication. The following guidelines provide some things to consider when analyzing a customer's experience from shopping to checkout to delivery.
- Answer all customer inquiries no later than 1 business day from when they were made, make your customer service teams easy to reach, clearly post refund policies, and always state estimated ship times.
- Make sure that the name and brand the customer sees as they are ordering matches any notifications they get as well as the business name that will appear with the charge. i.e. If a website is Mary's Flowers and the charge appears as MF LLC, the customer will very likely report the charge as unrecognized not knowing what MF LLC is.
- Make sure that the business phone number appearing on the cardholder's statement is the best customer service number and is professionally monitored and answered.
- Configure ecommerce websites in such a way that any back-orders or delayed shipments are stated to the visitor prior to them adding it to their card and/or completing their order.
- Clearly display all applicable terms, purchase polices, shipping policies, privacy policies, and refund policies to the customer. Consider making the customer agree to them prior to checking out, especially in the case of future delivery.
- If an item takes longer than 1-2 days to ship or goes on backorder, display that to the customer so they are aware of that delay before making the purchase.
- If an unexpected delay or back-order occurs after a customer submits their order, communicate with them immediately and provide them very clear ways to reach you by phone and email in case they have questions or wish to change their order. Clearly displaying your policy of how you handle these situations to the customer prior to ordering is also a very good practice.
- If an item ordered turns out to be unavailable and you will not be able to ship it at all, a refund should be scheduled immediately with notification to the cardholder. Many businesses also have success in contacting the customer by phone to suggest an alternative item and salvage the sale.
- Keep a record of every customer notification and interaction. Good documentation is important in defending an illegitimate dispute, and provides a paper trail that can be analyzed to avoid a repeat of the same issue in the future.
- Always respond quickly to any received Retrieval Letter or Chargeback Notice, involve AGMS support teams for assistance immediately.
Steps to Help Prevent Fraud
A rapidly increasing source of chargebacks is credit card fraud. With more data breaches over the past 12 months than ever, more and more businesses are becoming the victims of accepting orders and shipping products to fraudsters who stole the card information from an unaware cardholder. When the fraud is discovered, a chargeback is issued and the is transaction reversed with no way to recoup the funds and no way to get back the product shipped - resulting in a double loss.
There are a number of proven measures that can and should be implemented to prevent a devastating fraud incident. There is no uniform set of steps, procedures, and guidelines that work for every business in every scenario. Successful fraud monitoring needs to be adapted to a specific business and be continually monitored, managed, and evolved to be as effective as possible.
Operational Safeguards
- Require AVS Verification on every transaction taken over phone, fax, mail, or internet by collecting the billing zip code and submitting it with the transaction. Make sure that the zip code matches the billing information of the cardholder.
- Additional verification of the street address number can also be done with the AVS system, though not all card issuers fully support it.
- Require CVV Code Verification on every transaction taken over phone, fax, mail, or internet by collecting the 3-4 digit CVV code and submitting it with the transaction. Make sure that the CVV code matches, do not store the CVV code anywhere for any amount of time.
- Only ship to verified addresses that are registered with the customer's card using tracked couriers.
- Be wary of shipping to PO boxes and mailboxes unless it is an established customer.
- Require signature delivery on larger ticket items, consider requiring ID verification.
- Make order confirmation phone calls when in doubt or as common practice on orders meeting certain criteria.
- Have a system to flag unusual orders or particularly large orders, perform a manual review of each before shipping such as calling the customer to verify the order and information.
- Flag any sign of de-escalating purchase attempts, where a purchase is attempted for $1000 but declines, then $750 but declines, then $500 and finally approves.
- Be aware of the pro's and con's of providing tracking numbers. While they can mitigate chargeback as a means of clearly communicating to the cardholder when their items will be delivered, they can also be exploited by fraudsters. A fraudster can submit an order that appears legitimate and passes all verification by billing and shipping to the real address of the cardholder victim. Then, with the tracking number received to their email, they can call the shipping carrier and redirect the shipment to their actual address with no knowledge on the part of the victim or the shipping business.
- Set, advertise, and enforce acceptable shipping destinations, such as "delivery to US and Canada only."
- Beware orders containing multiples of the same item or unreasonably requested overnight/rush shipping (an order for $100 paying $300 for shipping and handling).
- Monitor the customer's local time when they placed the order, an order placed at 4am local time could be a worth a second look.
- If fraud does occur, perform a full investigation of the case to determine what, if any, steps could have been taken to stop it as areas of improvement for the future.
Technical Safeguards
- Always store IP Address, User-Agent, and timestamps for each order.
- Track declines as part of the internal order record so any decline activity prior to the approval can be reviewed.
- Only accept orders from IP addresses originating in countries that you do business in and will ship to. i.e. if you operate and only ship in the US, consider blocking international IP addresses from making orders or at least flag them for manual review.
- It is very common for ecommerce websites to be used with an automated script to attempt small transactions on thousands of cards very quickly to see if the cards are valid, resulting in massive charges for transaction declines. Implement velocity controls where users attempting too many transactions in a short period of time are blocked.
- An additional step to deter automated card scripting is to utilize CAPTCHAs, multi-step forms, user-registration, or all 3 to make an order.
- Watch out for orders using email addresses from anonymous or foreign email services.
- Maintain and manage blacklists of known malicious IPs to block.
- Maintain a record of IPs and customers who have had repetitive declines or previous chargebacks, flag new orders from them for review.
- Block orders originating from anonymizer networks (such as Tor), public proxy servers, and botnets.
- Maintain updated and effective Firewall, IDS, and IDP, perform regular vulnerability scans, take PCI assessments seriously.
Authorization and Shipment Timeframes
Sometimes it can take time before an ordered product is delivered to a customer, or a service is provided. When this fulfillment of the customer's order takes more than a week, it is designated as future delivery. In a future delivery scenario, the risk for chargebacks and fraud begins to escalate exponentially the longer the delivery takes. This section focuses on how and when to authorize and charge the customer's credit card in such a way that risk of disputes are mitigated while operating within proper guidelines.
It can be difficult to set an exact expiration on an authorization due to the complexity of how the card brands and issuing banks work, but we have summarized the following general rules of thumb and guidelines. For the purposes of this explanation, the term “card brands” refers to Visa, MasterCard, Discover, and American Express. The term “issuing bank” refers to banks that provide credit and debit cards to cardholders such as Capital One, Bank of America, Chase, Wells Fargo, etc.
- An authorization hold is valid for a period between 3 and 7 days. Once that expires, the capture can still be submitted on that authorization within 30 days however there is no longer a guarantee that funds will be available or the transaction will clear.
- Exactly when an authorization hold expires primarily depends on the card issuing bank, and customers can call their bank to have alleged erroneous authorizations manually removed from their account by the bank.
- When a capture is performed separate from an authorization or without an authorization, there is no real-time communication to the issuing bank like there is with the authorization. That transaction is sent as part of a batch during the day’s closing and sent to the issuing bank overnight. This means that a “successful” capture not associated with a still valid authorization may be rejected or charged back by the processor, card brands, or the issuing bank days after the capture was submitted and product shipped. As best practice, to mitigate the chances of a capture rejecting always capture as quickly as possible with a valid authorization, if not at the same time as the authorization with a sale transaction.
- Specifically for e-commerce businesses, both card brand regulations and most processor risk departments state that a product must be shipped within 7 days of capturing the transaction. (Exceptions apply where the customer is entering into an agreement for future delivery.)
- For purposes of avoiding downgrades resulting in excess processing fees, authorizations must be captured within two calendar days of authorization, excluding Sundays and holidays. In other words, if the authorization was not captured the same day it was ran, it generally needs to be captured the following day or a downgrade will occur. The AGMS Gateway default configuration automatically settles all captured transactions nightly.
- Capturing on the third day after authorization leads to a downgrade of the transaction resulting in increased processing fees charged by the card brands. Capturing after 3 days leads to an even more significant downgrade and more severe increase in fees from the card brands. Capturing after 30 days will result in a reject and the transaction will not be accepted.
- Issuers have 120 days from the transaction date (effectively the date of the capture or date of product shipment, whichever is later) to charge back the transaction with the claim that the cardholder did not make the charge. For other reasons, such as fraud or product not as described, they have even longer, generally up to 180 days.
- Issuers will at times automatically charge back a transaction without the customer even knowing it. This most often happens in the case of duplicated transactions, flagrantly obvious fraud, improperly submitted transactions with missing data, refunds in another currency with improperly calculated exchange rates, or transactions submitted in excess of the authorized amount. For the most part, this occurs very rarely with legitimate transactions.
- There must be only one authorization for each capture, and the captured amount must be the exact same as the authorization amount or less than the authorization amount for that authorization code. Capturing for more than the original authorization amount is not allowed. If a higher amount needs to be charged, reverse the original authorization and process a new one for the correct amount.
There are many overlapping rules and considerations which are constantly changing as the card brands and issuers evolve their policies to keep up with today’s purchasing habits and fraud trends. There is not always a straightforward approach or black and white rule to follow, however, we have made some suggestions below for your consideration as best practices which will minimize your exposure to expired/invalid authorization rejects. At the end of the day, every business is different. Some adapting and evolving may be necessary based on specific experiences and results that you may encounter.
- Ideally, configure the website in such a way that any back-orders or delayed shipments are stated to the visitor prior to them adding it to their card and/or completing their order.
- Clearly display all applicable terms and purchase polices to the customer. Consider making the customer agree to them prior to checking out, especially in the case of future delivery.
- If the order is expected to ship within 7 days, authorize and capture at the time of order or within the same day, but be sure to clearly communicate the expected ship date to the cardholder if its beyond 2-3 days.
- If only a portion of the order is expected to ship within 7 days and that is known prior to the order being submitted, authorize and capture only that portion that will be shipping in that timeframe. Do a second authorize and capture just prior to shipping the balance of the order.
- If only a portion of the order is expected to ship within 7 days and that is only realized after the order is submitted and the authorization is processed for the full order amount, capture the transaction for only the amount of the order shipping in that 7 day window. Do a second authorization and capture for the balance of the order just prior to shipping.
- Generally, try to avoid capturing more than 2 days after the authorization. Its better to capture in the same day and work within acceptable future delivery timeframes given the increased risk of capture rejects and substantial fee downgrades.
- If a substantial portion of your regular everyday business is future delivery beyond 7 days, contact AGMS with details of your situation. There are certain ways to make arrangements with your customers that would allow you to take a deposit or full payment up-front and deliver the product or service after the standard 7 day window. To do so requires special underwriting and approval from your processing bank, as well as certain disclosures and protections to be in place.
- If an unexpected delay or back-order does occur after a customer submits their order, communicate with them immediately and provide them very clear ways to reach you by phone and email in case they have questions or wish to change their order. Clearly displaying your policy of how you handle these situations to the customer prior to ordering is also a very good practice.
- If an item ordered turns out to be unavailable and you will not be able to ship it at all, a refund should be scheduled immediately with notification to the cardholder. Many businesses also have success in contacting the customer by phone to suggest an alternative item and salvage the sale.
- Keep in mind that the best way to avoid chargebacks is by communicating in a clear and timely manner with the cardholder and always providing them a way to get ahold of you quickly. Answer all customer inquiries no later than 1 business day from when they were made, make your customer service teams easy to reach, clearly post refund policies, and always state estimated ship times.