Maybe you've seen one of those signs that says "All sales final" and wished you had one on the wall of your business too.
There's just one problem: It's not true. Chargebacks, which occur when a customer disputes a credit card transaction, are inevitable.
You'll never eliminate chargebacks, but you can minimize them. We'll go over five steps below to reduce their frequency and impact on your business.
Overview: What are chargebacks?
Chargebacks originated in the 1970s to protect consumers against charges resulting from stolen cards or unscrupulous merchants. Bad actors learned over time to game the chargeback system, which favors customers over merchants.
Chargebacks come in three categories:
- Friendly fraud: A customer disputes a purchase based on a product that has not yet arrived or by not recognizing a vendor's name on a credit card or bank statement.
- Merchant error: An employee rings up a purchase twice or does not key in the correct card number, the wrong product was shipped, or the right product never arrived.
- True fraud: An unauthorized third party uses a stolen credit card to make a purchase or a customer disputes a legitimate purchase.
The chargeback process
Chargebacks differ from returns. A return occurs when a customer takes a product back to a merchant for a refund. With a credit card chargeback, the customer bypasses the merchant to resolve the situation through their card provider.
There are five steps in the chargeback process:
- The customer is unhappy with a transaction or suspects fraud.
- The customer contacts their credit card provider to dispute the transaction, and the provider issues a chargeback.
- The bank collects the disputed amount from the merchant's account.
- The bank notifies the business of the chargeback.
- The merchant has a brief window to contest the bank chargeback or the customer wins the dispute by default.
Each chargeback incurs a service fee, which can be $25 or more, whether it's resolved in your favor or not. Chargebacks exceeding 1% of your total transactions produce additional problems.
First, you'll pay higher credit card transaction fees. Your bank may put you in an Excessive Chargeback Program (ECP) that limits you to a designated number of chargebacks per month.
The worst case scenario is finding yourself relegated to the Member Alert to Control High Risk Merchants (MATCH) list, produced by Mastercard and also used by Visa and American Express. This list is a near-blacklist of merchants and makes it much harder for you to open bank accounts.
How to protect your business from chargebacks
If you accept credit card payments, you will have chargebacks. The first key to controlling them is to be an honest broker: have accurate product descriptions, ship orders promptly, provide multiple methods for customers to contact you, and respond to their queries.
And use your common sense. The customer acquisition process includes finding big spenders, but you must be alert to suspicious purchases such as unexpected international sales, multiple purchases on the same day, and sales using multiple credit cards shipped to the same address.
You can't prevent chargeback fees, but incorporate the steps below into your sales management process for your point of sale (POS) system and card not present (CNP) transactions to minimize them.
Step 1: Require credit card security codes
Require customers to enter the credit card security code as part of the online transaction process. Mastercard and Visa print a three-digit card code verification (CCV) number on the signature stripe on the card's back. American Express cards have a four-digit code above the account number on the front.
Merchants cannot store these codes, so any transaction with either a missing or incorrect security code is suspect.
Requiring CCV numbers highlights another point: You must protect customer data on your e-commerce platform. in January 2020 using the malware Magecart to steal CCV numbers during transactions on legitimate e-commerce sites.
Step 2: Use an address verification service
Reduce fraudulent chargebacks by using an address verification service (AVS). AVS checks to see if the address entered by a customer during an online transaction matches the information provided by the credit card company.
Another example of an AVS-verified transaction is keying in your zip code when buying fuel at a gas pump.
AVS verification can cause you to reject a valid sale if a customer's address doesn't match because they've recently moved or is incorrect for some other reason. To avoid this issue, Amazon requires customers to externally validate purchases when a new shipping address is used.
The customer receives a code at the phone number associated with their account to enter at the payment portal to verify the transaction.
Step 3: Use chip readers to process transactions
Europay, Mastercard, and Visa (EMV) chip credit cards reduce fraud with in-person transactions. The customer must enter a personal identification number (PIN) after inserting or dipping their card. The PIN is coded within the chip, not the magstripe, which increases transaction security.
EMV cards are not infallible. A credit card skimmer at a gas pump, automated teller machine (ATM), or retail self-checkout station captures magstripe information while a fake keypad or unobtrusive webcam records your PIN.
The credit card shimmer is the newest security threat. Skimmer hardware can be easy to spot if you know what to look for, but shimmers are made of flexible film and placed inside a card terminal's reader. It's thin enough that even during routine maintenance it may not be noticeable.
Step 4: Update your payment descriptor
The payment descriptor is how your business is listed on a credit card or bank statement. If your products are more familiar than your doing business as (DBA) name, customers may not recognize their transactions with you.
The software company Basecamp's original name was 37signals, which wasn't as well known as its products that included Basecamp, Highrise, and Campfire. It also had a greater than expected number of chargebacks each month.
Its original payment descriptor was "37signals, LLC." The company changed its descriptor to a web address and 800 number — "37signals-charge.com 800.xxx.xxxx IL" — customers could use for any questions about charges.
Step 5: Maintain payment card industry compliance
The best POS system for your business will be Payment Card Industry Data Security Standard (PCI DSS) compliant. PCI compliance uses protocols formulated by the PCI Security Standards Council to protect payments and associated data.
These standards apply to all entities that handle cardholder information, including merchants, payment processors, banks, and software and hardware developers.
You must submit an annual attestation of compliance (AOC) that you:
- Have a secure network
- Protect customer data
- Manage vulnerabilities
- Implement access controls
- Monitor and test networks
- Maintain an information security policy
PCI compliance can be difficult to implement on your own. , for example, used an outside contractor for this process, which required campus-wide surveys and interviews with departments with payment systems, to discover, develop, implement, and support a PCI-based solution.
Reduce your chargebacks now
A proactive plan is the best chargeback protection for merchants. Manage your sales process from beginning to end with the latest data security protocols, the best POS hardware, and a healthy dose of common sense.