ChargeGateway: Realtime Online Credit Card Processing

Security

Reducing Credit Card Chargebacks on the Internet
For most merchants, credit card chargebacks are the greatest risk to doing business on the Internet. A chargeback is defined as the action taken by a merchant bank to debit the account of a merchant when a customer disputes a credit card charge. Unlike traditional retail sales, internet or mail order merchants do not take physical possession of the customer's credit card and do not obtain a signature. As a result, any dispute by a customer over the receipt of goods almost always results in a chargeback even though authorization for a transaction occurred! In addition to the loss of product/service, excessive chargebacks can result in an increase in the discounts rates provide by the merchant bank and in extreme cases loss of a merchant account altogether. Transaction processors take a variety of approaches to reducing chargebacks. The majority view chargebacks as a merchant issue and have implemented no risk management procedures. Some processors offer fraud screening and/or Address Verification Service (AVS), but still this is an incomplete solution. There are a number of different reasons for credit card chargebacks.
Back to top

Duplicate Orders
One of the most common situations resulting in credit card chargebacks is duplicate orders. Typically a duplicate order will occur when a consumer mistakenly clicks the "buy button" more than once during a transaction. As a result, two or more charges appear on the customer statement that the customer then disputes. This is a situation that should never occur but surprisingly it is the leading cause of chargebacks for many merchants. Usually duplicate orders occur when the time to process a transaction is too long. The customer, frustrated, clicks the "buy button" a second (or third) time thinking that the transaction was not completed. There are two methods to eliminate this problem. The first is to reduce the transaction time while the second is to filter for duplicate orders. ChargeGateway.com has one of the fastest processing times in the industry at approximately 6 seconds. In addition, we filter out matching transactions (same product, same credit card number and same amount) within each billing cycle - typically 1 day. If a customer attempts to place a duplicate order, a message is returned stating, "duplicate order". Eliminating duplicate orders is the first major step in reducing chargebacks.
Back to top

Credit Card Fraud
Credit card fraud occurs when someone attempts to use software generated or otherwise illegally obtained credit card numbers to purchase a product or service. Some transaction processors use a service called AVS (address verification service), which matches the customer entered billing address and zip code to the information on file at the credit card issuer. Although AVS is a good first step to reducing credit card fraud, information is readily available on the Internet on how to circumvent this service. In addition to AVS, ChargeGateway uses a variety of additional methods to reduce fraud.

Our merchants have the ability to record known bad credit card numbers and originating IP addresses in an online database. This information can then be added to that stored by all other online merchants creating a master database. When an attempt is made to purchase goods or services using one of these credit card numbers or originating from one of the listed IP addresses, the customer is politely declined with a customizable message to keep the door open for future orders. A sample message would be, "We are sorry but we cannot process your purchase at this time, please contact the vendor at xxx-xxx-xxxx (or email) for assistance".
Often when a credit card number is stolen or generated via software, the expiry date and address information is not available. In these cases a criminal will often retry transactions until they can guess the missing information. We prevent this "churning" of information. Three unsuccessful attempts with a specific credit card number within a 24 hours period will result in that number being added to our database and prohibited from future orders.
ChargeGateway records the customer IP address of all successful transactions and stores this information correlated to the transaction number and merchant involved. A customer making a purchase is notified of this policy and their IP address is displayed for them. This information can be used to track the origin of a purchase and is a strong deterrent to fraud.
We use two additional techniques for reducing credit card fraud. The results of these two tests are then passed to the merchant with the order. The merchant can then decide whether or not to accept the order based on their selection criteria and risk tolerance. For security reasons, details of these two techniques will not be described here, but one of our account managers would be pleased to discuss them with you.

Compromised Security
In most e-commerce applications, transaction processors accept credit card billing information from a merchant web site, process the transaction securely and then pass acceptance / denial information back to the merchant. In some cases it may be possible for a criminal to intercept or introduce information into the message stream returned to the merchant to indicate that a transaction was successful even though it may not have been processed at all or was declined. ChargeGateway uses two sophisticated techniques to ensure that this does not occur. Some transaction processors offer a web interface for processing transactions manually. This is a useful feature for completing partial refunds, returns or purchases. The transaction engine resides on the processor's servers, but the software can be accessed remotely via the Internet. The risk with this service is that an unauthorized user who gains access to the merchant password can process transactions without permission. We address this concern by implementing a multi-tiered password system in addition to IP address restrictions. In addition to knowing a user ID and password, anyone wishing to use the web interface would have to have a valid IP address as preselected by the merchant.
Back to top

Merchant Behaviour
Another leading, yet overlooked, cause of chargebacks is poor merchant service and/or sub-standard products. Our staff has the experience in the retail industry in both traditional bricks and mortar as well as e-commerce so we understand your needs. Future ChargeGateway products will act as enhancements to our transaction processing services. These include customer feedback and survey modules designed to increase the level of satisfaction the customer experiences and to assist in identifying issues at a stage early enough to rectify them.
Back to top

Summary
Credit card chargebacks cannot be eliminated but they can certainly be reduced. Should you wish to review any of the issues raised we would be happy to discuss them with you.
Back to top