IMG

Frequently Asked Question

FAQ-Zfraudshield and minimizing Credit Card Fraud and charge backs

This FAQ suggests preventative methods and post-order procedures that merchants can perform to minimize credit card fraud. When a brick and mortar merchant accepts a credit card, and the charge is authorized, and assuming the merchant conforms to regulation, the merchant will get paid, even if a stolen card is used.

Liability for fraud shifts from the card issuer to the merchant for 'Card Not Present' sale (mail order, telephone/fax order, and internet sales). The merchant is generally liable for credit card charge backs, even when the bank has authorized the transaction. After a merchant is stung by a fraud, the credit card processors often hike their rates, citing increased risk. The merchant also risks losing their accounts with the card companies if their fraud rate gets too high.

Credit card fraud is something that can never be completely eliminated, but rather something that must be managed. Merchants must develop a delicate balance between using safeguards to prevent fraud and not creating too many hoops for customers to jump through. This FAQ concentrates on preventative methods and procedures that merchants can perform to limit credit card fraud.

Isnt it enough to follow the merchant rules?

No. Though you should follow the procedures recommended by your payment processor and the credit card companies. You can loose your merchant account for failing to follow their rules. If a merchant suspects a fraudulent order, contact the registration service, so they can cut reduce the total number of charge backs. Registration services with a large number of charge backs will likely be charged higher services fees, which will be passed on to merchants. You need a comprehensive process of buyer authentication to identify potential Fraudulent transactions before seeking the card issuer’s authorization. Zfraudshield’s Anti-fraud API is a great way to do this.

If I get an authorization I am safe right?

Authorization approval does not mean that the merchant is guaranteed payment. Approval only indicates that at the time the approval was issued, the card hasn't been reported stolen or lost, and that the card credit limit has not been exceeded. If someone else is using the credit card number illegally, the card holder has a right to dispute the 'approved' charges.

Isnt CVM enough?

Card Verification Methods (VISA = CVV2, MasterCard = CVC2, and American Express = CID use a security code of 3 or 4 extra digits imprinted on the card, but not embedded or encrypted in the magnetic stripe. This verification code does not appear on credit card receipts. Since most fraudulent transactions result from stolen card numbers rather than the actual theft of the card, a customer that supplies this number is much more likely to be in possession of the credit card. VISA claims that the use of AVS with CVV2 validation for card-not-present transactions can reduce chargebacks by as much as 26%.

Merchants that accept Internet, mail-order, and telephone orders must be prepared to request the verification code when the cardholder is not present to help validate a transaction. Even if a merchant cannot confirm the CVV2 number, they can still ask for it, or provide a space for the number on their web order form. If the crook does not have the number, they could look somewhere else to commit their fraud. The merchant is not allowed to store the CVM numbers. The merchant should never keep the customer's credit card "on file". Each transaction should be treated as a new order. CVM alone does not guarantee that you will not have a charge back or a fraudulent transaction. The only way to ensure completely that the card holder is initiating the transaction is through a second out of band verification such as Zfraudshield phone authentication services.

What is a negative historical file and how can I use it?

Keep a database of prior fraud attempts, problem customers, charge back records, and customers receiving refunds. This file should include the customer name, shipping/billing addresses, phone numbers, credit card numbers, IP addresses, and email addresses, and merchant comments. Incoming orders can be searched for matches in this database. This method reduces the incidence of repeat offenders, has a relatively low cost, but does not stop new fraudsters. Only a service like Zfraudshield’s anti-fraud authentication service can short circuit fraudsters at the point of transaction.

I use pattern Detection am I safe?

Check if multiple orders are placed shipping to the same address, but different credit cards were used. Check orders for an unusually high quantity of a single item. Thieves may have access to several stolen card numbers. Check if multiple orders are being sent from the same IP address. If the credit card numbers vary by only a few digits, it is very likely these numbers were generated by software.

Identify users who repeatedly submit the same credit card number with different expiration dates. Often the crooks have the credit card number, but not the expiration date, so they will just keep submitting that number with a different expiration date until they hit the right combination," Most fraudulent orders in the US are made between midnight and 2 a.m.

I currently call customers on large orders its time consuming and expensive though?

Calling customers is not only an excellent way to detect fraud, but it can also be a valuable part of your customer service. The telephone call also gives the merchant the opportunity to welcome the customer, answer their questions, and build a solid relationship. Sometimes the fraudster will submit the actual phone number of the person whose card was stolen. If the card holder did not authorize the charge, suggest that they call their credit card company to report their card as stolen. Zfraudshield automates this mechanism for detecting fraud for a fraction of the cost of doing it manually, check out our online demo.

How can you be sure the card holder answered the phone call?

The ZFraudshield call process relies on a user's ability to control the phone he or she indicates belongs to him or her. There are, however, call flow elements that can include voice recordings, telephone billing record analysis, voice biometrics and others to deter spoofers from impersonating a legitimate user.

How do you know what number to dial?

For existing relationships, telephone numbers are passed to ZFraudshield from the user's directory profile, or info populated as part of a credit card pre-authorization process. For new relationships or registrations, the number is passed from a registration form the user has filled out this should correspond to the phone number on the credit file

Are users receptive to this calling process?

Yes. In both blind surveys and customer Website comments, users overwhelmingly indicate they like the ZFraudshield calling process. It fits within the flow of what the user is doing at the tie and raises confidence in the security of the site.

How flexible is the ZFraudshield authentication process?

Very flexible. ZFraudshield offers an extremely flexible format and a number of optional features.

end faq

 

WHY CHOOSE ZIGHRA?

● Best in class Multifactor Authentication
● Flexible powerful API
● Competitive pricing plans
● No Tokens

Read More
GOT QUESTIONS?

We have answers. Check out our FAQ and what our CEO has to say about protecting your business

Read More
TEST DRIVE

Try out Zighra multifactor authentication technology today for FREE. Learn why some of the largest companies in the world are throwing out their Tokens.

 Read More
JOIN OUR NEWSLETTER
Name
Email


Zighra Ottawa, Canada - .. Ottawa, Canada .. .