Hi,

We have recently received several chargeback’s through our World Pay account.

The reason is “No authority to use card”. We know that these customers have actually installed and used our software but have issued a chargeback. We appreciate that there can times when a card is use without the owners permission but it seems anyone can buy digital goods/services and issue a chargeback which 9/10 will be accepted.

How do you fight chargeback’s or even avoid them,

My only suggestions is bonafide proof, invoice dates, receipts, software registration # or date if applicable...anything and everything that could possibly identify and prove that that person had used your products/services. But trying to win that battle isn't worth it unless you've lost a substantial amount of money IMO.

Chargebacks suck. The best way to prevent them is to request a
card authorization form (copy of card front and back and signature)

Example:
www.midphase.com/ccAuthPost.shtml

When you get them you can fight much easier with one of these
on hand.

This probably should be moved to the E-commerce forum.

But Dan has a good idea there - get a wet signature. A lot easier in the long run. It might take a little time for people to get used to it though. Another thing to check into is Verified by Visa. If your gateway supports it, shell out the few extra hundred dollars it costs to get that setup.

As far as no authority - do you have something that children like? You might request a DOB or something - that might help if that is the issue.

Do you actually check the IP do reverse DNS, Reverse Address, check if the eMail address is Free, do you ask them wich bank is the card from?

That reduced our fraud score by 70%, it is a good recommendation for you to take in mind.

1) For suspicious orders have them send a front and back of the cc
2) Most of the frauds come from middle eastern countries, so you might want to keep a special check on them.
3) Cross check the phone numbers provided, call them up and ask them to coperate for verifying the order.

P.S. Dan's Credit Card Verification Form is really nice, maybe you should have such a similar form. thanks, Yaser.

Hi,

Thanks everyone for your comments, they are really appreciated.

We received another one over night for £350. The client ordered our custom skin service for www.phprobid.com. They issued a chargeback and under an hour later they E-Mail asking for the PSD’s!

We are looking at:-

http://support.worldpay.com/kb/user_guides/fighting_fraud/ffg2020.html

What do you guys think about that? It’s £20 a month. It won’t cover transactions over £250 but most of our purchases are £99.

Always worth paying for these kind of services without doubt - go for it online-ve.

Andrew

Cheers Andrew,

We have signed up and called them to make sure. Sounds pretty good.

Currently we accept PayPal & World Pay, do you think we should now scrap PayPal?

Originally posted by online-ve
Cheers Andrew,

We have signed up and called them to make sure. Sounds pretty good.

Currently we accept PayPal & World Pay, do you think we should now scrap PayPal?

We're in the opposite situation to you just about, we currently accept PayPal and 2Checkout (yuck) and are moving to World Pay very soon. We'll definitely be keeping PayPal, have as many ways as it's possible for a client to get money to you - it'll give you the best chance of not losing a clients over something simple really (I mean, your site and support have won them over then they come to your payment page and realise they can't pay with their favourite method, losing a customer because of that would, well, suck!) :D

Andrew

It's difficult if your customer simply lies to their bank. However, such liers usually do this if they feel you won't pursue the matter or confront them. They need to know you are tough on fraud. Always ensure you have their full correct contact details.

Here are a few tips we have learned from other businesses and processors to help decrease charge backs.

[list=1]
Get an 800 to list on the credit card statement AND return all calls.
Capture and Verify both CVV, AVS, IAVS, and Street AVS when available
Capture and verify a number of different things such as IP & IP location and match on country and state (State is not 100% Accurate IE: All AOL users are out of VA) - You can get some software to do this here: http://www.location.com.my/free.asp
*We use it and it works very well and it also allows you to block fraud users. IE: I don't think John Doe in Kansas was in Nigeria when he placed the order. :rolleyes:
Do an authorization first then 24-48 hours later do a delay capture.
Send an auto email 48-72 hours later saying "thank you for your order # on Date for $Amount. You should see your charge appear on your credit card statement as Business DBA"
If you are selling software have your programmers put an uninstall code in that is displayed when the customer uninstalls the software. Require the user give this to you on uninstall before you issue a refund. A smart user will know they can re-install but some don't and at least you know they uninstalled once.[/list=1]


But most importantly once you capture this info FIGHT EVERY SINGLE ONE! The processor will see you actually care and will tend to side with you more often than not when a chargeback could go either way.

HTH,
Greg

i like that callcustomers.com website, very cool.

also, i did NOT like what i saw at the worldpay website. they dont even have a location on there as far as i could see. i saw a US based phone number but i dont believe they are in the USA?

does anyone here have experience with them?

We have had experience with them as a consumer - been very put off with their recurring billing that is used. Every other month, we have to go back in & re-enter all our CC information because their was a glitch in their system.

The other problem we have with them, they do not seem to allow us to enter an amount for this recurring billing.

also, i did NOT like what i saw at the worldpay website. they dont even have a location on there as far as i could see. i saw a US based phone number but i dont believe they are in the USA?

We used to be full of praise for them but recent events have changed our opinion. We emailed them to complain about their digital goods policy. Guess what…no answer for 11 days. Under a different email address we emailed about signing up for £250++ with future pay and world access, a total order of £400+, surprise surprise they answered within 2 hours. In addition when they reply to customer support queries they always answer at 4:45pm, 15 minutes before their offices close for the night.

Likewise they are quick enough to email you about new services but their customer service is dreadful. They are good for online retails dealing in physical goods but for hosting companies and software retails they should be avoided because they simply don’t care.

thanks for your opinions.

just the fact that they dont have sufficient contact inormation is enough for me to not use them.

why would they have a US phone number?

Originally posted by LaurenStephens
why would they have a US phone number?
Marketing... it got your attention didn't it? You saw they had a US number. I would gather that 70% of the people looking around for a merchant account do not gather all the facts. They think that since they are in the US but want to accept CC overseas they need a company called worldpay to do that. And since they have a US phone number - what more could you want? :eek:

Hi Everyone,

This is probably a stupid question but when we receive an order and we identify it as fraudulent, do we refund the card now or wait for the chargeback?

refund the order right away so you dont have to pay the charge back fee.

Originally posted by online-ve
Hi Everyone,

This is probably a stupid question but when we receive an order and we identify it as fraudulent, do we refund the card now or wait for the chargeback?
Yes - definitely refund the money. The chargeback fee is not worth it & you do not want to go over your alloted percentage of chargebacks to run the risk of having the processor drop you.

Thanks Corey.

Originally posted by coreybryant
Yes - definitely refund the money. The chargeback fee is not worth it & you do not want to go over your alloted percentage of chargebacks to run the risk of having the processor drop you.

BTW typical high risk allowed by a processor is 1% or less of gross transactions.

Anytime online-ve :)

And you are correct Gregory. That's the typical - not just necessarily high risk though, but always double check your merchant application to be sure since some companies are different.

We are with World Pay who seem to be tolerant so far at least, does anyone know of any issues like this with WP?

Originally posted by online-ve
We are with World Pay who seem to be tolerant so far at least, does anyone know of any issues like this with WP?

Fradulent orders or chargebacks?

both, in 3 months we have had 5 chargebacks

Myself - I am not too familiar with WorldPay. I have read that they have been trying to upgrade their fraud dept some. I have heard of a to of chargebacks with WorldPay due to the problems though.

You might consider implementing other fruad measures like IP verification

Hi,

We have signed up with fraudguardian.com which has already filtered out a fraudulent signup today.

They seem to be pretty good. Another one is also www.callcustomer.com - but it all pays off in the long run

is there a way to automate callcustomer.com? or something of the sorts?

Originally posted by emzec
is there a way to automate callcustomer.com? or something of the sorts?

checkout their FAQ/API Section of their website, you can automate the system.

A service like CallCustomer.com is definitely a great tool for reducing fraud.

In fact, here is a listing of some fraud countmeasures that can be used in conjunction with one another:

1 - No Automated Signups - don't do this. It just isn't worth it and it makes you a big, juicy target for fraudsters.

2 - Velocity-based IP-blocking (i.e. multiple trans attempts or multiple declines from the same IP address should be blocked)

3 - Negative CC Database(s) for cards that pose a high risk or recent chargeback activity

4 - IP-based geographic location matching, BIN issuing bank match, anonymous proxy detection, possible spam-source detection, distance from BIN to IP, free e-mail address (or not).

5 - Matching whether the WHOIS record for the domain is a partial or full match with the cardholder info specified for the transaction

6 - Domain Name analysis - sometimes the domain name itself will give you clues as to whether it is a good risk or not. This part is harder to put into an automated analysis however, so a quick eyeballing is the best way at this time.

7 - AVS & CVV2 match result - if the card is U.S.-based.

8 - Call Verification - especially if it auto-scrubs out cell phone/mobile/wireless numbers to verify the presence of the buyer at a landline #.

9 - For international sales (or even all sales if they are higher tickets), require a faxed or scanned/e-mailed authorization form with a copy of credit card statement and/or credit card.

10 - For larger ticket sales, look at them from a common sense standpoint as they represent more risk. And watch out for warning signs. The first question you should ask yourself is - do I know this person, have I had any prior contact? Or did they just walk onto my site and get the biggest package without a single question to me? (which is quite unusual for most folks)

Remember --- fraudsters prey on the fact that a merchant is happy to get sales. They figure that if they are demanding enough and try to push the issue, the service provider or merchandiser will just "give in" and say "ok".

Just remember, a sale that becomes a chargeback isn't a sale at all but a loss. And since Visa has been stipulating a 1% chargeback threshold, it is more important than ever for merchants to manage risk effectively and keep cbacks to an absolute minimum.

Originally posted by emzec
is there a way to automate callcustomer.com? or something of the sorts?
Yes - it is pretty easy actually: http://www.callcustomer.com/faq.php#apiinstant

I hate chargebacks!

When it comes down to it:

NO charge is valid without the card itself. Internet/e-commerce merchants run this risk quite too many times unfortunately. ALL someone has to do is claim "I didn't order that" and that's good enough for any credit card company. Your ONLY rebuttal for that is the physical cc (or a copy of) and a signature. It's pretty pathetic, but, unfortunately the banking industry doesn't give a damn about internet merchants. I had to learn this one the hard way. Take some advice, REQUIRE a fax (or scan) of the card and a signature, authorizing you to charge the card itself. If you don't, you will get screwed by the commerce industry.

Personally, I use fraudguardian.com just to cover my tail, to ensure these things don't happen, but even WITH that, idiots will always pull the "I didn't order this" excuse. it's pretty damned lame, and very illegal.