Guide to Chargeback Fraud Prevention
Customer data security is a vital concern for merchants, customers, issuers, and acquirers. The more threats and security breaches there are, the more challenging it is to convince customers that it is safe for them to provide their credit card data online or by phone transactions.
With frequent reports in the news of hacked databases, leaked customer details, or the hijacking of data for ransom, it is imperative that merchants are able to easily answer questions about fraud prevention and security. These fraud prevention and security measures serve double-duty for merchants, in providing protection from chargeback fraud and customer theft.
Learn the facts on the latest fraud prevention technologies, and be confident that you have the best technology protecting you from hacks, chargeback fraud, and consumer fears.
Address Verification Service (AVS)
Address Verification Service (AVS) works behind-the-scenes to verify that the address the customer enters is connected to the cardholder. While AVS is a MasterCard service designed to prevent card-not-present (CNP) fraud, it is widely used by all major credit card companies.
Once the customer has entered their address during the checkout process, this information is compared to the address on file with the issuing bank. When the comparison is completed, the issuer sends the merchant an AVS code. Using pre-determined rules and filters, the merchant then uses this code to determine how to proceed with the purchase transaction.
Whereas the customer enters their complete address, only the numeric portion of the address is used for comparison and verification. The comparison look-up uses the house number and ZIP/postal code only for verification.
Because AVS does not use a complete address verification, there are flaws in relying only on AVS for customer verification. Do not rely on only AVS to prevent fraud and chargebacks. Ensure your end-to-end solution uses AVS along with other fraud detection mechanisms, such as biometric analysis, IP address verification, 3D Secure, and other data security measures.
Most merchants have heard of programs such as Verified by Visa, MasterCard SecureCode, J/Secure, and American Express SafeKey. These payment security services are based on 3D Secure.
3D Secure provides an additional layer of security to protect online credit card and debit card transactions. 3D Secure is named for the three-domain model used to secure the transaction and financial details.
3D Secure does change the customer transaction process, therefore it’s important that customers understand how 3D Secure works to protect their credit card data. After completing the merchant checkout process, customers paying with cards from participating issuers, like MasterCard or Visa are prompted to enter their issuing bank login credentials, or some other form of identification like biometric authentication. The customer is then either redirected to the issuer’s website for authorization, or the authorization is completed within the merchant’s payment solution.
Merchants can decide which transaction require 3D Secure authentication based on defined rules and filters. For merchants who have a solution in place that can identify high-risk transactions, this allows them to decide when to take the extra step of validating these transactions with 3D Secure.
3D Secure provides merchants with some key benefits:
- Liability shift. The liability is shifted from the merchant to the issuing bank. Review all documentation provided by the issuer regarding the rules/regulations surrounding 3D Secure implementation.
- Chargeback protection. Merchants who use 3D Secure traditionally have lower chargeback rates. This protection secures merchants against chargeback fraud.
- Customer confidence. Generally, customers feel more comfortable knowing that there is an extra level of security in place to validate and protect their data.
When used effectively as part of an end-to-end solution that protects merchants throughout the transaction process, 3D Secure can be a valuable component of a multilayered fraud prevention solution.
Tokenization is a security measure that replaces sensitive account and card information with a non-sensitive token or placeholder. This token is used as an identifier during the payment process. The token can only be traced back to the original account or card data with a master key as part of the tokenization system.
The primary goal of tokenization is to secure and protect cardholder data; these tokens are created by a Token Service and then issued to customer devices by the Token Issuance process. This method keeps the tokenization process secure and impossible to reverse engineer.
Typically, tokenization is used in the following CNP scenarios:
- Tap & Go. The customer simply taps their card on the screen of a standard card payment terminal. There is no need to enter a PIN or sign for verification.
- In-app purchases. To secure cardholder data over mobile and cloud networks, tokenization is used to transmit payment data. Customers are not required to enter credit card numbers and their identity is confirmed with the mobile device (fingerprint or other biometric data).
- In-app virtual purchases. Typically used within apps such as video games or other subscription services that allow customers to purchase additional services or options. A token is used to transmit the customer data.
A prime example of tokenization is when a customer taps their Apple watch on a payment terminal to make a purchase. Tokenization is used to communicate and secure the cardholder data.
Advanced Security for Chargeback Fraud Prevention
Along with these leading security measures, it’s important that merchants implement a multilayered security solution that provides additional security and protection. In future posts, we’ll discuss how technologies such as biometrics, geolocation, and device tracking can be used to secure customer transactions and merchant data.
Having an effective and proven solution in place that does double-duty in preventing chargeback fraud and secures customer data throughout the transaction process is the responsibility of the merchant.
Strive for success in your business and be the merchant who provides their customers with a reliable solution that keeps everyone safe from fraud, theft, and security breaches.
Contact us to learn more about chargeback fraud prevention and the latest in security technology.