Payment and E-Commerce: Terms and Conditions

Outlined in this article you will find an explanation of many terms associated with transactions, as seen through the lens provided by fraud prevention. Cash will not be covered in this article.

Issuing banks:

 Every credit / debit / pre-paid card has an associated "Issuer". The issuer, of course, has all of the information that is associated with the account that is used for a transaction. When a transaction is attempted, the information is assessed by the issuer, and a "response code" is provided to the merchant. There are many codes, and they represent different answers regarding the authenticity of the information provided by the customer.

Additionally, chargeback are filed by the cardholder's issuer against the merchant. Each issuer has their own sets of rules for chargeback represents, but most follow a pretty standardized way of response and guidelines for the merchant to justify their policies and procedures.

AVS - Address Verification Service.

What it is:

The AVS is a service provided by payment processors on e-commerce platforms that works by sending the information provided at checkout to the issuer of the payment card. The issuing bank then sends a response in the form of a response code. This response code indicates the accuracy of the billing address information provided, by checking multiple points of data in the field. The two codes that represent the highest accuracy are "X" and "Y".

How to use it:

A customer places an order in which the Billing and Shipping addresses both match, and the AVS response code is "Y". Since the only verifiable address is the billing, and the shipping matches the billing, the merchant can feel confident in fulfilling the order. In the event that the two addresses DO NOT match, the merchant runs the risk shipping the product to an address unrelated to the cardholder's billing address, likely fulfilling a fraudulent order.

Credit Card Anatomy and Security Features: 

Credit Card Account Number

The numbers (Typically found) on the front of the credit card. 16 digits for Visa, Mastercard, and Discover. 15 digits for American Express.

What it is:

The credit card account number is the number associated with the credit / debit / prepaid account holding the funds for transactions. The number is created, following Luhn's Algorithm, or the Modulus 10 algorithm. The first 6 digits can be referenced in order to find the issuer of the card. These 6 digits are called the BIN number, or bank identification number.

How to use it:

Fraudsters often have the capabilities of creating their own physical cards for use with fraudulent transactions. The information on the card can be cross-referenced for authenticity if the cashier knows what to look for. For example, all authentic visa cards begin the number 4. Mastercards start with 5. Discover cards start with a 6. American express has 15 digits and begins with the number 3.

CVV - The Card Verification Value.

What it is:

The 3 or 4 digit number on the back of a card (on the front for American Express), used to verify the card details, especially in a CNP, or "Card Not Present" environment, such as online, or over-the-phone payments.

How to use it:

When accepting payments, there are several security measures that are employed. Simply requesting a CVV in your checkout form can help deter some potential fraud. Even if your processor does not require CVV information, be sure to include this field in your checkout.

When fraudsters look at a checkout form and see that the CVV or the billing information is not requested, they are more likely to attempt checkout by using partial card information.

3. Magnetic Stripe

The encoded black stripe on the back of credit / debit / pre-paid cards.

What it is:

A stripe of information, configured in a 3x3 grid format, containing the relevant information needed for processing payment against a credit / debit / pre-paid account.

How to use this information:

From a perspective a of fraud prevention specialist, it is important to note a couple items

1. The magnetic stripe information contains the Cardholder name, the credit card number, and the expiration date for the card, along with other sensitive information, contained on what are referred to as "Tracks". Of the 3 available tracks, debit and credit transaction information are contained on tracks 1 and 2. The 3rd track is typically used for gift cards.

2. The "Track information" contains additional information to what is visible on the card, including what could be considered a "password" in order to attempt payment.

Chargeback

A demand by a credit-card provider for a retailer to make good the loss on a fraudulent or disputed transaction.

What it is:

All fraudulent disputes are received in the form of chargebacks, however not all chargebacks are filed due to fraud. Most are familiar with the prior, however chargebacks are processed against merchants for 2 other primary reasons.

A. Friendly Fraud - 

Misleading as the name may be, this occurs when a legitimate transaction is processed by the cardholder, but later disputed in a dishonest claim as "Fraudulent", or an equally dishonest claim for operational failure or product quality.

B. Genuine Operational Disputes -

 When products or services are provided, but are not received in the manner advertised or within the company's posted policies. Things like delayed shipment, incorrect shipment, damaged product, etc.

Checks 

A form of payment that draws money directly from a checking account.

Although it is considered an archaic form of payment for personal purchases, businesses and government institutions still rely heavily on the paper payment.

What it is:

In the earliest days, a check was a piece of paper with information and a signature on it. In 1959, the ABA printed the first checks with a significant security measure - the MICR line. MICR stands for Magnetic Ink Character Recognition.

How to use it:

Establishments that accept checks as payment rely on check carousels and monitoring systems (like Chexsystems or Certigy) to assist in making the decision regarding the authenticity of a transaction. As with credit cards, the security measures are set in place for a reason. Be cautious when accepting a check that doesn't read through the carousel.

The value of understanding the various security features available on physical forms of payments is undeniable. Understanding how the various security work, coupled with the ability to identify fraudulent materials is merely the start to an effective strategy against fraud.

For further information, please contact us for a strategy session.