Merchant Fraud

 and Chargeback

 Prevention Guide

 

INTRODUCTION

At Smartpay, protecting our customers against Chargebacks and Fraud is of the utmost importance to us.

Fraud can cost your business significant amounts of money, and certain types of merchants – based on the types of goods or services sold – are more at risk of fraudulent transactions than others. We believe it is essential for you to have a sound understanding of credit card fraud, how it can be detected and how it can be prevented. We have prepared this guide to give you a range of precautions and advice you can take to minimise these risks and continue to do business confidently and prosperously.

You can print off a copy of this guide in PDF format here.

What is a Chargeback?

A Chargeback is a reversal of a card transaction and usually occurs when a cardholder raises a dispute with their financial institution (also known as the Issuer) in relation to a purchase made with their credit or debit card.

The processing and investigation of Chargebacks are governed by the Schemes (i.e. Visa, MasterCard or American Express). This includes time-frames, transaction processing requirements and the acceptable documentation that banks and acquirers (such as Smartpay) must submit.

A Chargeback may result in the amount of the original sale and a Chargeback fee to be deducted from the merchant’s account. The reasons why Chargebacks occur may vary, however, they are generally the result of customer dissatisfaction with their purchase or because of unauthorised or fraudulent use of their card.

Most common reasons for Chargebacks

Chargeback Reason Why this has happened?
Unauthorised / Fraudulent Transaction Cardholder did not authorise the transaction, the transaction is fraudulent
The cardholder does not recognise the transaction

This can occur when a cardholder does not recognise your trading name on your credit card statement.

Tip: you should always trade under the same name you have provided for your merchant facility and ensure it appears on your transaction receipts.

Processing Error

Cardholder / Issue believes the transaction has been processed incorrectly. Common scenarios include:

  • Incorrect transaction amount / card number
  • Late presentment of the transaction
  • Transaction paid by other means (e.g cash)
Duplicate/Multiple processing Cardholder claims transaction for same goods/services was processed more than once.
Non-receipt of goods/services Cardholder claims goods/services for the transaction has not been received/rendered to the agreed-upon location or by the expected delivery date.

 

How does Smartpay notify me when a Chargeback has been filed against me?

When Smartpay is notified that a cardholder has filed a Chargeback against you, we send an email to the address that you nominated for financial notifications. It’s important that you check this email address on a regular basis.

What is the Chargeback/ Dispute process?

Mail

Mail us at
Smartpay Pty Limited, Level 2, 117 York Street, Sydney, NSW 2000. Attn: Merchant Services

What evidence can I provide to support my Chargeback dispute?

Evidence required to refute the Chargeback You may be liable for Chargebacks if:

Receipts for all card-present transactions by the required timeframes and all surrounding information including one or more of the following:

  • A clear description of the purchased goods or services
  • Transaction amount
  • Transaction date
  • Your merchant trading name
  • Your merchant location
  1. The transaction processed was manual/card not present.
  2. If your response is not received within the specified timeframe.

Transaction receipt and all other related documentation to provide the transaction was processed:

  • If payment was by other means
  • Within the mandatory time limit
  • With correct transaction amount/card number
No legible transaction receipt and documentation is provided to prove the transactions were processed accurately

Two separate transactions receipts or other records to validate separate transactions

Documentation to show that a refund was processed to offset the disputed transaction through the same payment channels the cardholder used to make the original payment

 

You are unable to provide evidence to support separate transactions

You accidently processed the same transaction twice or more for the same purchased goods and/or services

You did not process a refund via the same payment channel as the disputed transaction

Signed documentation to prove that the cardholder or cardholder authorised recipient received the merchandise/service by the expected delivery date and at the agreed location

Goods and/or services were not received by the appropriate recipient at the agreed location by the expected delivery date

You are unwilling or unable to provide the goods/services and have not refunded the cardholder via the same payment channel as the disputed transaction

Best practices for avoiding Chargebacks

Being Identifiable
Use a clear trading name on your receipts that the customer will recognise.

Keeping Records
Keep records about the transaction and your customer, including email or other correspondence.

Clear Documentation
Provide legible documentation when responding to retrieval requests, ensuring you can see the truncated card number, transaction date and transaction amount

Keeping your customer informed
Make sure your customer is aware of a cancellation or refund policy in writing and have your refund / cancellation policy clearly printed on the transaction receipt.

Customer Service
Respond promptly to requests for Eftpos receipts and Chargebacks

Do not accept declined transactions.

Note: Do not split a declined transaction into smaller amounts to avoid authorisation, as this may result in a Chargeback.

Use your best sense of judgement
Verify the details of customers placing large or suspicious orders

Getting proof for deliveries
If you have a delivery component to your business. Always get signed proof of delivery and for delayed delivery make sure you get a signature from the cardholder at the point of delivery.

Card Present Transactions
Insert / tap the customer’s credit card through your terminal and ensure you obtain a signature from the cardholder for transactions.

Card Not Present Transactions (MOTO)
Obtain as much information about the cardholder as This can include full name, address, phone numbers, email address, credit card number, name of bank, expiry date, CCV, company name etc.

Card Present Fraud

What to check What you’re looking for
Before you start a transaction, check that:
  • You’re authorised to accept the card
  • The card does not appear to be damaged or altered
Check on the front of the card that:
  • The name on the card is appropriate to the customer (e.g. a man presenting a card with a woman’s name should be questioned)
  • The printing on the card looks professional
  • The card has current validity dates (a card can only be used from the first day of the ‘valid from’ month to the last day of the ‘until end’ month)
  • If there is a hologram on the card, it does not appear suspicious or made of inferior material – it should look three-dimensional.
Check the embossing is:
  • Raised, not flattened (unless it is an unembossed card)
  • Clear and even
  • Accurate, so that the first 4-digits of the embossed number match the pre-printed four digits on the card.
Be alert for customers acting suspicious or who:
  • Appear nervous, overly talkative or in a hurry
  • Arrive on closing time
  • Try to rush you or upset your concentration
  • Carry the card loose or by itself
  • Have no means of identification
  • Make numerous small purchases
  • Make purchases without regard to size, quality or price of goods
  • Ask for transactions to be split
  • Ask for transactions to be manually entered

 

Chip card processing

Chip Cards are MasterCard® and Visa (credit and debit) cards that are embedded with a security microchip that provides further protection to help lower the risk of fraudulent transactions and Chargeback disputes. Look at the card and if there is a Chip, always insert the card into the chip reader at the first instance.

As with any other transaction, a degree of caution must also be exhibited when processing chip card transactions. If:

  • The terminal displays “Insert Chip” when the card is swiped through the terminal and the card in question does not have a chip on it, do not proceed with the transaction
  • The terminal displays “Insert Chip” and the chip – when inserted – cannot be read by the terminal, do not proceed with the transaction
If you’re suspicious of a transaction:
  • Ask for photo identification (e.g. a driver’s licence or passport) and check that the details match the Cardholder’s name appearing on the card
  • Record the details on your copy of the printed Transaction Voucher

Don’t risk it: If you remain suspicious about the transactions, refund the credit transaction and ask your customer for a direct deposit or some other form of payment (particularly for large value sales).

Card-not-present Credit Card Fraud (MOTO)

Any credit card transaction where the card and/or cardholder is not present (Mail Order / Telephone Order – MOTO) poses a higher risk to your business. Being vigilant about unusual spending or behaviour can help you identify early warning signals that something may not be right with an order. While the following situations or scenarios may occur during a valid transaction, combinations of these may be cause for alarm. Common sense and instincts should be your guide. Follow these security checks to minimise the risk of fraud and Chargebacks when processing card-not-present transactions involving mail, telephone or Internet (eCommerce) orders.

Common indicators of fraud:

  • Payments to a third party: When your customer requests a payment be made to a third party from the card payment to you, usually by Western Union Transfer, often disguised as a freight or logistics cost
  • Multiple card details: When multiple card details are presented or multiple declines occur within a short period of time
  • Split transactions: When you are requested to split transactions over a number of cards
  • Large or unusual orders: When items are ordered in unusual quantities and combinations and/or greatly exceed your average order value
  • Email addresses: Be wary of customers using a free email service (i.e. yahoo, hotmail, g-mail) This is a potential risk as they do not require a billing relationship or verification that a legitimate cardholder opened the account
  • Delivery addresses: Exhibit caution with orders that are being shipped to international destinations you may not normally deal Delivery to Post Office Boxes can also indicate potential fraud
  • Freight: orders requesting express freight can be a fraud indicator as they want to obtain the goods as quickly as possible
  • IP addresses: Record and check the IP address of your online customers – you may find their IP address is not in the same location they claim to However, it is important to note that sophisticated fraudsters often hide their IP address
  • Unlikely orders: Orders are received from locations where the goods or services would be readily available locally, or you receive an order for additional products that you do not normally see (i.e. Mobile Phones)
  • Refund requests: Specifically, when orders are cancelled and refunds are requested via telegraphic transfer, Western Union Transfer, or to an account other than the card used to make the purchase
  • Numerous orders: A small value order followed by a large order a few days later can indicate possible Often, fraudsters will place a very small order to begin with, hoping this will not be questioned and go undetected. Once they know the first small fraud transaction has gone through, they will place orders for larger value goods hoping this still won’t be questioned as they are now an established customer
  • Lack of customer details: g. no phone numbers, no residential address, etc.
  • Phone order to be picked up: Be wary of customers wishing to pay for an item with credit card over the phone, but pick up the goods from your store, which lets them make the purchase without providing personal information (i.e. shipping, billing address), and the same card-not-present risks apply

When taking an order, as well as obtaining the credit card number, expiry date and full name, we recommend you also obtain the following:

  • Cardholder’s physical address
  • Cardholder’s contact phone numbers including landline contacts
  • The name of the Card Issuing Bank and the country the card was issued in

Trust your instincts!

If a sale seems too good to be true, it probably is. All too often what a merchant might think is a great sale will turn out to involve some type of fraud. Take the time to properly investigate overseas orders from customers with whom you have never done business. That bit of extra work may well prevent you from becoming the victim of a fraud scheme and having to bear any associated Chargebacks.

Refund Fraud

Unfortunately, refund fraud through a merchant terminal can be quite common. Refund fraud involves employees processing refunds (credits) to their own credit or debit card via your EFTPOS terminal. Essentially, this is removing funds from your business’ bank account and placing those funds into the employee’s account.

Smartpay has put measures in place to help protect your business from this type of fraud.

Ways to safeguard against refund fraud include:
  • Strictly controlling access to your EFTPOS terminal for authorised staff only
  • Printing and checking your daily summary from the terminal to help identify large/unusual refunds
  • Ensuring you change your Refund password regularly and limit who has access to the password
  • Always balancing EFTPOS settlement and refunds

A merchant’s website responsibilities

Offer accurate descriptions on the goods or services you’re selling.

Give clear explanations of shipping practices and delivery policy / timeframe.

Relevant refund / return policy ensure it complies with the relevant consumer law.

Displays total cost of the goods or services purchased (including shipping charges).

Avoids cardholder confusion by making sure the URL and trading name are not significantly different or confusing.

Contains the security capabilities and policy for transmitting payment card details.

Clearly explains your consumer data privacy policy, e. – what you do with any customer information you collect.

Contains all required contact details – trading name, address and Australian Business Number (ABN) where applicable.

Securing Your EFTPOS Terminal

Your Smartpay EFTPOS terminal is equipped with a number of built-in security features designed to protect your customers’ information. By implementing the recommended best practices below, you can help protect your business, your customers and your reputation from credit and debit card fraud or mis-use.

Notify Smartpay Merchant Services on 1800 433 876.

  • Your Eftpos terminal is missing
  • You, or any member of your staff, is approached to perform maintenance, swap or remove your Eftpos terminal without prior notification from Smartpay and/or Security Identification is not provided
  • Your Eftpos terminal prints incorrect receipts or has incorrect details
  • Your Eftpos terminal is damaged or appears to be tampered with

Terminals are secure and under supervision during operating hours (including any spare or replacement Eftpos terminals you have)

Only authorised employees have access to your Eftpos terminals and are fully trained on their use

Your Eftpos terminals are securely locked and not exposed to unauthorised access when closing your store

Only authorised Smartpay personnel are permitted to maintain, swap or remove your Eftpos terminal, and always ensure that security identification is provided

Your Eftpos terminal is never maintained, swapped or removed without notice from Smartpay. Be aware of unannounced terminal service visits

You inspect your Eftpos terminals on a regular basis and check that the terminal casing is whole with external security stickers remaining unbroken and of a high print quality

There are no additional cables running from your Eftpos terminal

Your software is updated to the latest version

Any CCTV or other security cameras located near your Eftpos terminal(s) cannot observe Cardholders entering details

Money Laundering

Money laundering is a serious breach of your Merchant Agreement and exposes your business to major financial loss. Put simply, laundering involves a merchant processing transactions on behalf of another merchant. Laundering is to be avoided at all costs – even if you’re offered an attractive inducement such as a percentage of the transaction.

Thanks!
CALL SALES 1800 433 876
CALL SUPPORT 1800 433 876