Hello Everyone,

I'm trying to find a way to minimize chargebacks and hope that some of you can help me come up with some good preventive measures.

You probably already know that there are essentially 2 types of chargebacks:

1. From actual cardholders who decided they didn't like your service or just want to issue a chargeback to save money.
2. From actual fraudulent charges made on a stolen card.

You can go to great lengths to fight the first type of chargeback by having your clients sign a piece of paper authorizing the initial charge as well as any recurring charges. If worse comes to worse, you could use a collection agency if the chargeback can't be reversed with the bank.

The second type of chargeback is the kind I'm worried about most. You could start to combat it with things like AVS. But as people know, AVS is not the answer of all answers. Something more is needed.

I've heard a few things from people:

1. Record IP addresses at the time of the sale.
2. Require new clients to provide the email address supplied by their ISP and not a free email service from something like Yahoo or Hotmail.
3. Require 2 forms of ID to be faxed or mailed for any orders coming from overseas.

I have to admit, the email from your ISP thing doesn't make any sense to me. Anyone know how this can actually help prevent fraud?

If anyone can think of any other measures to help reduce the number chargebacks, or if you already have some measures in place, I'd really to like to hear about it!

I can almost always spot a fake transaction...here's what I look for:

Out of the ordinary orders - like just a domain name registration for 10 years or our biggest hosting package with alot of "extras"...

ESPECIALLY when it comes from a country that isn't US, CA, UK or AU.

Also, never take an order from a free email account.

If you have a bad feeling about an order...trust your instincts and ask them to fax you ID.

It doesn't really prove anything - you can create a fake card and ID on a computer, print it out and then fax it. You won't know the difference.....BUT, it will scare away most theives.

--Tina

OH! I wanted to add one other thing...

Sometimes, a non-US thief, trying to pass as a US customer will enter obviously WRONG information - like a phone number that looks like this:

41-565-51111

or a zip that has letters or something stupid. :)

This has been a big issue in the adult site industry, and I read an interview recently in Netmedia, one of the stack of trade rags I get each month, with the CEO of Danni's Hard Drive (apparently one of the most successful adult sites in that segment of the industry) and they have developed a method of preventing chargebacks due to fraud that they are offering to others.

"We sort of circled the wagons and applied the resources of our company to finding ways to patch the holes in the fraud. So we've built these really elaborate systems for identifying fraud and stopping it. As a result, we've gotten our charge backs down to .005%, which is incredibly low. Incredibly low. And we now are offering that service to other people."

The article should be at www.netmedia.com in their archives somewhere. This lady really knows the Internet porn business. If dotcoms were run like she runs her business, they wouldn't have been dropping like flies for the past year.

1. deny all signups from free emails (99% of fraud come from these)

2. make customers sign a cc authorization form that you can send them when they signup

3. do a simple reverse check on the ip that they signup with

I'm going to create a check list of "anti-chargeback" measures and look around on the web for stuff too. Maybe I'll post it here when I'm done...

Originally posted by Superman
1. deny all signups from free emails (99% of fraud come from these)

2. make customers sign a cc authorization form that you can send them when they signup

3. do a simple reverse check on the ip that they signup with

How do I do a reverse check on the ip and why would I want to?

Does anyone have a 1 page sample of a Credit Card Authorization form?


Too much :beer: = :sickface:

its impossible to block orders from free email providers. there are literally thousands of domains that offer free email.

It's impossible - but you can still do something about it.

Eliminate the "big" ones (@hotmail.com, @yahoo.com, etc.) and you'll be alot better off.

--Tina

Another good measure is to phone the customer back for confirmation.

The nickel it costs you to make the phone call, the better off you are.

Simple, get a program such as VisualRoute and run the ip. If the signup form says they are in New York and the ip you run is in California or Mexico, you got a problem

As with the free email stuff, your right and thats what we do, we block the biggest 10-20 free email accounts, if one slips by, we simply add it to the list

We got a sample form, it took me a while to create this so put credit where credit is due :)

-----------------------------------------------------

ACCOUNT CONFIRMATION FORM

*E-Mail Returns are NOT Acceptable. This form must be faxed by the card holder*
*This form must be signed & returned within 72 hours*

You can Fax this form to: [YOUR FAX HERE]

-----------------------------------------------------
I hereby authorize [YOUR DOMAIN HERE] ([YOUR COMPANY HERE]) to initiate charges to the credit card
listed below, and authorize the credit card institution to accept the amount of such charges to the
credit card listed below. I understand that the credit card listed below will be automatically
charged on a regular basis as a prepayment for services to be provided.

I understand that if a charge is declined by the credit card institution, this is treated the same
as a check returned for insufficient funds, and may result in a $20 fee being added to my account.

I understand that I must provide [YOUR URL HERE] ([YOUR COMPANY HERE]) with notice of my request to
discontinue this Credit Card Authorization.

I also understand that the Terms and Conditions as provided to me upon subscribing to the service
govern use of the service in all respects.
-----------------------------------------------------
ACCOUNT INFORMATION

*Your Domain Name:

*Name as it appears on the Credit Card:

*Last five (5) numbers of credit card:

*Address at which you receive your statement:

*Zip Code at which you receive your statement:

*Signature of Card Holder:

*Charges will appear from [YOUR COMPANY HERE]

wont this deter people from signing up? or continue with their service? after they sign up, they can just refuse to go through you anymore for the hassle.

I am not from the US and some of us would have prevented me from ordering :) Just a small example:

Sometimes, a non-US thief, trying to pass as a US customer will enter obviously WRONG information - like a phone number that looks like this: 41-565-51111 or a zip that has letters or something stupid

My zip contains a letter (A-5201) and my phone number looks like the above. But believe, I am for real.

150+ customers a month and no it doesn't deter customers. It actually is beneficial to both because it give the customer a sense of security that a internet company actually gives a fly about their security.

I have a full cabinet full of cc authorizations that customers send. Alot of times, they even go to kinkos and send the form, so if that tells you anything, it tells you the customer is willing to take the extra steps to ensure their account is not fraudulent

would using a service such as PAYPAL eliminate a lot of these concerns?

No service would eliminate it, the only thing that would work is prob not accepting credit cards.......Paypal would be an option, but it doesnt look that professional to use Paypal for hosting, for some reason, alot of people frown upon it...personally i could care less

The best method against customers #1 is IMHO:

- Require them to fax a credit card authorization form, if possible, with copies of the credit card (both sides)

The methods to catch fraudulent charges:

- Give them a phone call (not immediately, but after a few hours)
- Compare email address with Credit Card name (often people have emails like myname@myisp.com)
- Check whois record of the domain name and compare the information

A good way is to request them to FAX a copy of their card front and back including the signiture and ask them to sign the paper declaring the cost that you will be taking from the card. This makes up a big piece of evidence when a chargeback comes through the bank that the card transactions was legitimate.

I've noticed a lot with the chargebacks that I have dealt with and help others with that in a majorty (yes, majority) of cases that the owner of the card is requesting the chargeback. A way of getting 6 months free hosting!

Unfortunately as the retailers we get very little protection. Perhaps we should without having to pay the earth for insurance.

I ponder over how many claims are not legimate, compared to the credit card transactions themselves.

How can you tell?!? Well if you can't stop the chargeback find out from your bank, credit transaction agency of the credit card company whether the card owner cancelled the card.... Be shocked!!

There are too many chargebacks and quiet simply its too easy for the consumer to do.

Avoid free email address where possible, check country codes and look out for repeated offenses and over the top orders.. If in ANY doubt ask the consumer to fax you as like i mentioned above.

I think it's about time that some consumers will need to be taken through the courts for false chargebacks.

Originally posted by Walter
I am not from the US and some of us would have prevented me from ordering :) Just a small example:



My zip contains a letter (A-5201) and my phone number looks like the above. But believe, I am for real.

Walter read again. He said a non US customer trying to pass himself off as a US resident would do things like that. Here is a couple of expamples:

John Doe
123 Easy Street
Somewhere, KS 12345
US
41-565-51111

(nobody in Kansas USA would have phone number like that. This is obviously fraud)

Or

John Doe
123 Easy Street
Somewhere, KS A-12354
US
123-123-1234

(Nobody in Kansas would have that type of zip code.)

Originally posted by Adam@OpenHosting
I've noticed a lot with the chargebacks that I have dealt with and help others with that in a majorty (yes, majority) of cases that the owner of the card is requesting the chargeback. A way of getting 6 months free hosting!


Absolutely!

I have just had another spate of chargebacks for domain names and have been discussing it with my bank. Because there is no signature, there is nothing you can do. Electronic signatures are no good because anyone can use them if they are on your computer.

I was interested to see the fax form idea because that was the best we could come up with as well and are just in the process of implementing it.

Another way we have tightened up the domain names is to list us as the admin contact. It will lead to more work for us, but at least people can't just abscond with domain names they have charged back.

Its a very serious issue. How many of have terms of service which state termination without refund for repeated violations?
There is no way to enforce this.

Gordon

Originally posted by GordonH
I was interested to see the fax form idea because that was the best we could come up with as well and are just in the process of implementing it.

We've been using the fax form idea since the very beginning, and we get a lot of griping about it, we make it easy, there's a .pdf file on the site, all they have to do is print it and fill it out and fax it.

People are so accustomed to being able to pay by credit card over the phone that they don't understand that the faxed form is for their protection, to ensure that no one is using their credit card fraudulently.

Putting the right spin on it helps.

Originally posted by GordonH


Absolutely!

I have just had another spate of chargebacks for domain names and have been discussing it with my bank. Because there is no signature, there is nothing you can do. Electronic signatures are no good because anyone can use them if they are on your computer.

I was interested to see the fax form idea because that was the best we could come up with as well and are just in the process of implementing it.



Gordon (and all) thats why i brought up the fact that my form works best in both worlds. See the credit card companies hands are tied in any case, it being a fraudulent chargeback, services not rendered etc...if you do not have a signature on file.

We have had our case of free loaders and i simply faxed a copy of their website, our credit card authorzation form, and sometimes a copy of our policies to show we did in fact provide the services in question.

The credit card authorzation form works wonders, more then you think. Our chargebacks went though 10 a month (or more) when we were just starting out, to only about 1 a month these days. The main reason is because we watch more closely with the ip signed up, email signed up with, and our cc authorization form

PS: to everyone who thinks from a customers point of view that its just a waste of time to fax a form, just think what would happen if you went to the store and wasnt required to sign the form, same idea...just because you are a internet company, it doesnt really give you the right to go and charge anyones credit card whatever you want. The form is not only benifical to you, but to your customer as well.

The main reason why we are charged 2-4% per transaction for internet orders compared it .9 to 2% for at hand transactions is because visa doesnt require you to have signed paper with the customers signature.

I've decided to require a Signed Authroization Form from my customers. :agree:

But having someone FAX or mail a form may be inconvenient to say the least. I was thinking of making this as easy as possible for the customer without inconveniencing them completely.

What does everyone think about setting up a new customer account before receipt of the signed form...

In other words, should I give them say, 30 days, to mail or FAX that signed form over to us and then charge their credit card once the form is received? :confused:

sure, as long as you have it on file, i would give them 7 days..the longer you wait, the more likely they may forget

Originally posted by steve93138
Does anyone have a 1 page sample of a Credit Card Authorization form?

Sure - take a look at ours, you can download it from http://billing.windowswebhost.com/. We've got a couple of versions depending on whether the customer is approving us to charge their card on a recurring basis or whether it's just a one-time process (since we also accept payments by check, sometimes a customer only wants to pay by credit card this month and then return to check payment next month).

Customers can fax or mail them in, and we give 15 days from the date they sign up to have them to us - so we are extending some credit to them, but generally we've found that customers are more open to sending in a signed form if it's not going to hold up their launching their web site.

Jaosn

These are all good ideas:

We have done 3 things that have drastically cut back chargebacks.

1) Call the number back. Nine times out of ten, a suspicious order will not even have a working number. If they pick up, just tell them you are confirming an order for domainname.com, and see if they acknowledge.

2) All foreign orders with Yahoo.com and Hotmail.com are not accepted without an ISP based email, and additional info. (Think we will extend this to all orders, not just foreign that use web mail.) This realy does work, lots of fraud does come through hotmail and yahoo.

3) All orders over $200 require a faxed authorization form.


Ideally calling everyone, and having every single person fax, would be best, but if your company does high monthly volume, and within 24 hour turnaround for new orders, this becomes difficult.

Here is another Idea we started. Make sure the address even exsist. Use http://www.expedia.com or similar service to check it with a global map.

I was reading a workz newsletter and one of their guest editors said we should look out for customers that do not enter any details in the title field. I found that a bit funny cos that would mean quite a number of customers for everyone i am sure.
:D

Superman,
I decided to go ahead and try the fax form idea for a couple of days.

So far all customers bar one have sent them back.
I give them 72 hours to send it in but set up their account straight away.
Mostly I get the faxes back within an hour or so.

I borrowed some of your wording (hope thats OK) but I will need to rewrite it to make it fit what we do a bit better. It was just an experiment to see if people would send them back.

Here is an example of how I set the form up:
http://www.hostroute.com/faxback.html?domain=webhostingtalk.com

Anyone who wants to - feel free to copy the code if you think it will be useful. I got it to put the domain in from a link in the welcome email (generatd via PHP) and added the date in as well.

This is how it is explained in the welcome e-mail:

Account Confirmation
--------------------
To protect you from credit card fraud we ask all customers to fill out an account confirmation form and fax it back to us. This reduces the risk of someone having used your card without your permission and helps keep our costs down.
For your convenience the form is already partially completed.
Please click here now and follow the online instructions:
http://www.hostroute.com/faxback.html?domain=$domain


Also, I beefed up my security by adding the remote_addr to the pre-order form.
I use Worldpay and their callback script does not report the visitors IP address. To save redoing my order form I wrote a script that embeds it in a form field using SSI and Javascript. I am sure its terrible coding but if you want it, its here:
http://www.hostroute.com/script_ip.html

You can see it in action here:
http://www.hostroute.com/order4.shtml

At least it lets people see we are recording it, which may be a deterrent in itself.

I also set up the form not to accept Yahoo or Hotmail addresses. SO far this has not affected sales.

Gordon

Great! thats what we do as well, we setup the account and they usually send the form within a few hours. If they email you back and tell you they dont have a fax, just give them your snail address and they usually send it within a week depending on where they are

I was testign out your order form and used a yahoo email... and it didn't try to stop me.

I've noticed a lot with the chargebacks that I have dealt with and help others with that in a majorty (yes, majority) of cases that the owner of the card is requesting the chargeback. A way of getting 6 months free hosting!

Yeah... its funny that banks accept the charge back upto 9 months or 1 year I guess from the card owner. Honestly this boils my blood :angry:

Just imagine I am getting a charge from my hosting company from last 9 months. I may have missed once, twice but not for continously 9 months. If I did then I deserve those charges as been such an idiot who missed to note a charge (specially from overseas) for 9 times. After 9 months (when a baby born) I realised that I need some extra money, why not find another hosting company and put a charge back...went to the bank and put a charge back... I don't know who the hell is this hosting company. The bank honored idiot like me and asked the web hosting to refund...

banking, specially in Australia 5uck5... We had a case where a client put charge back after 9 months, he transferred 4/5 domains on his from our server to the new one but missed one. We kept that domain upon air and try to prove that his one of the domain in still on our server, but the bloody bank refused to accept that it is a valid proof. I guess they want us to take a group photographs with customers to prove that the customer knows us. $&%&*&*&^*(

Sanjay, which bank? :D

(I presume it's one of the Big 4 :uzi: )

Yeah its big shot... WestPac "Australia's first bank :)

Originally posted by Get-Hosted.com
I was testign out your order form and used a yahoo email... and it didn't try to stop me.

Well spotted.
Thats known in the trade as not uploading the latest version.

Gordon

Originally posted by BC
Sanjay, which bank? :D

(I presume it's one of the Big 4 :uzi: )
The Big four alright... I must say. with the E world exploding everywhere. you would at least expect them to keep up to date with new innovations(wonder where all those high fees they charge go) I would rather go for the Scared fOur ;) . The Australian Government legalised the digital signature. and I called up our bank asking them if we could use it as proof. No one had a clue what i was talking about.
Chargeback letters sent nowadays have another page. with a square box about 6 inches by 4 printed on it and the bank requests us to please paste our documentary proof to that. try squeezing at least 10 pages of emails, terms and conditions and client information into that. I'd give you $10 if you could.




;) ;)

OK
Having tightened up security I have also purchased chargeback insurance at 1% commission on all transactions.

It has limitations though. Card issue country must match and no hotmail type e-mail addresses but I had filtered all that out already.
I rekon its worth the cash outlay just to sleep at night.

Gordon

Gordon, did your merchant provide u with that? whos your merchant?

We use Nova @ 2.15% and .30 per tranny with $20 chargeback fee

I havent found anyone to move to that could meet or beat my current %%

Hello
I am using worldpay so its 6% in total including the chargeback insurance.

I believe if you live in the US their charges are higher.

Gordon

man thats highway robbery

Not really when you consider that a bank merchant account would be about 3% commission and the payment gatewaywould be another 3%.

Actually Worldpayis a proper merchant account (Natwest Bank)

The reason for the higher charges over here is that credit card transactions are covered by the consumer credit act. This makes the card issuers liable for warranty and other issues on goods bought with a credit card.
Thats also why the interest rate on cards here is 17% - 25% when the bank base rate is around 7%

Because of all this legislation it wouldn't be possible to run an Instabill type company here.

Gordon