Accepting credit card payments when the cardholder isn’t present can present a unique set of challenges for retailers.
Credit: Online payment image via Shutterstock
Does your business accept credit card payments online? Doing so is a great way for small businesses to simplify sales in addition to or instead of face-to-face transactions.
Even though the customer isn’t standing in front of you, you're still required to protect his or her credit information, says the PCI Data Security Standard (PCI DSS). It's also important to safeguard your own business against security risks: When it comes to accepting online credit card payments, fraud is on the rise. According to the 2013 LexisNexis True Cost of Fraud Study, merchants who accept online payments attributed 42 percent of fraudulent transactions to the online channel this year, compared with 31 percent in 2012.
[For a side-by-side comparison of the best credit card processing services, visit our sister site Top Ten Reviews.]
Credit payment experts offered the following advice regarding what small business owners should know about processing payments when the cardholder isn't present.
Verify billing addresses
Want to make sure the person trying to purchase something remotely is the authorized account holder? One simple way to check is to ask that person to verify the billing address of the account.
"For mail order or telephone order card-not-present transactions, always use address verification, or AVS," said Joe Palko, chief marketing officer of 3dcart Shopping Cart Software.
Palko said that AVS is a good way to ensure the person you are talking to (or the person online) is actually the cardholder,since people who try to use fraudulent credit cards often do not actually know the billing address.
Check to see if the shipping and billing address match
If your business ships goods to buyers who have paid with a credit card online or over the phone, take a look at the shipping address versus the billing address.
"If you are shipping an order for a card-not-present transaction, always look at the shipping address," Palko said. "An abnormally large percentage of fraudulent transactions are shipped to addresses that are different from the billing address."
Additionally, Palko said to pay special attention to shipping addresses in cities known for busy international shipping ports.
"Watch for addresses in Miami or Los Angeles," he said. "These are major port cities where shipping consolidators will export the products overseas."
Online purchases mean the retailer is fully liable
If you already accept credit card payments at your store or office, you may feel confident that you have a good understanding of the PCI Compliance Standards governing merchant credit card and debit card activities. But there is one important difference between accepting a card when the customer is present and accepting a card for online purchases.
"With purchases made online, the retailer is 100 percent liable for fraudulent purchases," said Don Bush, VP of marketing for Kount, a fraud prevention and risk management technology provider. "Neither the bank that approved the transaction northe payment-processing service that reviewed the transaction are held responsible for fraudulent purchases. It's all on the merchant. That means if your company accepts a bad or stolen credit or debit card, the total liability of the loss is yours."
Do your homework on your service's PCI compliance
Just because a digital service provider offers payment processing doesn't necessarily mean they meet the current PCI requirements for credit card transactions. If something goes wrong and customer data is compromised during the process, saying you didn't know your provider wasn't compliant isn't acceptable.
"Most providers offer some level of security, but it is up to the business owner to do their homework and ensure the payment service provider has met the minimum standards of the PCI requirements," Bush told Business News Daily.
And if they don't meet the standards?
"Change service providers," Bush said.
You could lose credit card acceptance privileges
What's the worst that could happen if a business doesn't follow the PCI DSS guidelines for processing online or over-the-phone credit card purchases? You could lose more than just the revenue from the sale or payment, Bush said. Your business could also lose any shipping costs you’ve incurred, and also receive fines, similar to the chargeback fines that banks charge for bounced checks.
"If you get too many of them, you could lose the ability to take credit or debit cards online," Bush warned. "That essentially closes your online store."
Originally published on Business News Daily.