If you run or work for a business that accepts card-not-present transactions, it’s important to understand the finer points of manual card processing. While it’s easy to simply gloss over these steps, especially when you’re on the phone with a customer and want to provide a fast, positive customer experience, it’s both a security and financial risk to manually accept credit card payments carelessly.
Card-not-present transactions represent the largest percentage of card fraud, and it’s trending up. Fraudulent e-commerce transactions are expected to reach $19 billion in 2018, with card-not-present fraud accounting for 45 percent of all U.S. credit card fraud.
Why is this? Data breaches at Target, Home Depot and Equifax have equipped fraudsters with an almost unlimited supply of personal data. This includes credit cards that are ready to use and the cardholder information necessary to open new lines of credit.
Simultaneously, the rollout of EMV has reduced fraudsters ability to commit fraud at the point of sale, and they have turned to card-not-present fraud to mitigate their losses. This is problematic for consumers and merchants alike.
To help business owners reduce their risk of fraud, we’ll review the steps to accept credit card payments manually that apply to most Merchant Account Providers, along with the best security measures you can incorporate into your protocol when accepting e-commerce or phone payments. Some of these fraud-prevention measures have the added bonus of reducing your rates (not to mention saving you money in lost merchandise and revenue should a fraudulent transaction occur).
Accept Credit Card Payments Manually for Your Business
If you don’t already have a credit card terminal, you should absolutely invest in one. Processing in-person transactions manually takes time and undermines the fraud-prevention measures — especially EMV — available for card-present transactions.
Now, to manually accept credit card payments can vary in appearance and order depending on your provider, but generally entails these steps:
- Enter the card number provided.
- Enter the expiration date of the card.
- Enter the amount to be charged to the account.
- Enter the name of the cardholder.
So far, these are simply the basics. To do yourself a favor and defend your business against card-not-present fraud, you should also implement the following steps:
- Enter the billing address for the card.
- Enter the ZIP code for the card.
- Require that both the ZIP code and billing address match bank records.
- Request the CVV on the card (a three-digit number on the back of Visa, MasterCard and Discover cards, or a four-digit number on the front of Amex cards).
If you have a customizable Virtual Terminal, you can specify that all this data must be entered for a transaction to be approved. CVV helps confirm that the customer is in possession of the physical credit card, whereas AVS helps confirm that the customer is, in fact, the cardholder. Capturing AVS also lowers your rates because it shows you did your due diligence to mitigate the risks associated with card-not-present transactions.
Side-by-side comparisons of keyed-in transactions with and without AVS match showed a 17 percent change in Interchange costs. If you accept credit card payments manually for a large portion of your transactions, a 17 percent increase in your rates can really add up.
If you operate an e-commerce arm to your business, we recommend taking a glimpse at the shipping and billing addresses of your orders, as well. A transaction with a U.S.-based billing address that’s being shipped internationally might indicate fraud. If you trade in high-value commodities, you can save yourself precious inventory by spot checking the information your customers enter before you ship or by requiring the item be shipped to the billing address provided.
Take Security Further With Remote Signature
Unfortunately, even if you configure your security settings exactly as above so and train your staff on the best protocol to manually accept credit card payments, you’re still susceptible to chargebacks if you aren’t capturing signatures for your transactions.
Understandably, this sounds like a major challenge for remote orders. Fax machines are becoming increasingly rare, and requesting a faxed authorization of a purchase is asking a lot of a customer. Follow through of that process is largely out of your hands.
Now, consider this alternative: An emailed receipt requesting a customer's signature, either by finger on a smartphone or by mouse on a desktop computer or laptop. Obtaining a signature is your best defense against chargebacks. By making it easy for your customers to sign for remote purchases, you can better defend your business in the event of card-not-present fraud.
Does your business currently accept credit card payments for card-not-present transactions? Do you have a protocol and recommended security settings in place to combat fraud? Let us know about your experiences in the comments section below.
Editor's Note: This post was originally published in October 2017 and has been updated for comprehensiveness and accuracy.