Recently I was attending a local chamber event when I heard a lady nearby complaining about a rideshare company. Apparently there was a charge on her credit card from the company, although she had never used it. When she called their customer service, they refused to give her a refund, because they couldn’t prove she wasn’t the one using the card at the time. Her complaints to a crowded room were clear: This company is no good. But should they have been held completely responsible?
Let’s say you have a $20 bill that has been stolen, and it’s marked in a unique way that you would be able to recognize it. Now let’s say you’re out at a restaurant, and when getting change, you get that unique $20 bill handed to you. Should you demand that you receive another $20 because that $20 was obviously stolen? Should the restaurant then be responsible for the stolen $20 because it accepted it, despite not knowing it was stolen?
Online merchants take all the risk in offering a way for the customer to make a purchase using their credit cards. When there is a payment issue, consumers can easily ask for their money back, and over time, many credit card companies have made it an easy process. It’s the business that really hurts from the situation because they either have to issue a refund or they see a chargeback from the bank, often taken directly from the business’s bank account, without warning.
Unfortunately, I know this from personal experience. After a major credit card breach, my company suddenly started getting a high volume of fraudulent orders on our website. These orders had all of the correct personal information, such as the person’s name and address, as well as the full credit card details. When the orders came in, nothing looked suspicious. That month, we had over forty chargebacks that resulted in thousands of dollars in fees and tens of thousands of dollars in refunds, and we were out the services that we’d provided
When the real people saw our business name and phone number on their credit card statements, they assumed we were the ones scamming them. I spent hours talking to people who had had their identities stolen, trying to explain to them that we were not the ones who had stolen from them. Our merchant services company of 10 years, without notice, started holding all our bank deposits, even as we quickly worked to resolve the issue. We verified old orders and refunded any fraudulent orders that had not been caught yet. We also alerted the people of their stolen identities and urged them to call their banks and cancel their cards.
On average, chargeback fees are typically between $20 and $50, but if a business is labeled “high risk” by banks, it could pay more. Often for every dollar lost in a chargeback, the business loses twice that or more in fees. If the business already provided the service or product, which is often the case and was true for us, due to the lag time between the fraudulent purchase and when it is reported by the consumer, the business will not only be out the purchase price and fees, but the product or service, as well.
If a business chooses to fight a credit card chargeback, credit card merchants typically come back and say they need to prove the transaction with a customer signature or show the card was inserted with a chip present. During this time, the money has already been pulled from the business account and an additional fee charged for the handling of the chargeback.
Many businesses cannot provide proof of verification due to the complex nature of taking cards online or over the phone. The only option businesses have left is trying to prove the transaction in arbitration. The arbitration process often requires the business to put up an additional fee. And if you lose in arbitration, you lose that money, the chargeback fee and the initial purchase altogether. That doesn’t even take into consideration the time that is required.
Merchants should consider putting a policy in place for dealing with instances of fraud, if they haven’t already. If you’re able, ask for identification or compare signatures when customers make purchases. If you’re an online business, consider investing in additional security measures consumers will need to take when making purchases through your domain. Also, be aware of the red flags that often pop up when credit cards are being abused, such as shipping and billing addresses being different or the IP addresses not matching up.
At my company, we added additional order screening steps, as well as an automated system that calls or texts clients, allowing us to verify the identity at the time of purchase. This new system stopped the chargebacks entirely; however, the financial damage had already been done. The old merchant account held almost an entire month of legitimate customer payments for months, even though the chargebacks were refunded directly from our bank account. At the end of the day, we had nothing to do with the person’s credit card getting stolen. However, as a business, we took the reputation hit, the financial hit, and the loss of our time and services.
The only way to fully prevent credit card fraud is to not accept credit card purchases at all, which is not realistic in today’s world. Investing time putting policies in place and preparing for the process you will take is best to prevent hardship when this occurs. If not, you may end up like the rideshare company mentioned above and blamed for something that is beyond your control.