http://www.hallmark.com/ECardWeb/ECV.jsp?a=5593422091740M144474695Y&product_id=

By Ross Federgreen hen a company receives a chargeback or a dispute, a record of this event is maintained within the payment system. Many merchants do not realize the ratio of disputes and credits is also monitored. Contracts today often contain the 1-3-7 rule. This means over a given period – usually one month – the percentage of chargebacks cannot exceed 1%; the percentage of disputes cannot exceed 3%; and the percentage of credits cannot exceed 7% of a merchant’s total transactions during that period. Visa U.S.A. guidelines recommend that merchants continually monitor and track these and other ratios. Specifically, Visa suggests taking the following steps in monitoring chargebacks: 1) Track chargebacks and re-presentments by reason code; 2) include initial chargeback amounts and net chargebacks after re-presentment; and 3) track card-present and card-not-present chargebacks separately. The orderly approach The key to helping merchants successfully respond to chargeback notices is organization. Strongly encourage merchants to treat each notification seriously. As we discussed in the first part of this series, each response is driven by a specific time element. In addition, for each chargeback, merchants should know the jurisdiction responsible for the notification, the specific dispute code, the specific issuance bank and the specific request being made. Here are 15 steps to take when looking at a chargeback notification: Verify that the notification is addressed to the correct merchant. Identify the jurisdiction. Note the due date. Note the case number. Note the adjusted transaction amount. Note the reason code. Note the dispute type. Review the case summary. Note the issuance bank. Review the original transaction detail information. Review all attachments, including affidavits. Determine if you have responded previously to the inquiry or taken action. Decide if you want to accept or contest the adjustment. Review required actions. Complete the chargeback response. Merchants should keep data organized so they can discern patterns and trends. The point is to reduce future chargebacks and disputes by analyzing the information to recognize emerging patterns. Issues that might surface include problems with fulfillment, problems with issued credits, customer service difficulties and a multitude of other concerns, including the possibility of fraud. The analytical angle Trend analysis is critical. It provides merchants a view of not only a single chargeback in isolation but also, more importantly, an overview of the status of merchants’ specific operations. Frequently updating trend information with the knowledge of specific circumstances, such as seasonal variations, will provide merchants with a growing platform of reference data. At the very minimum, merchants should track and understand the implications of the following on a monthly basis: Number of chargebacks/total number of transactions Number of chargebacks per card brand/total number of transactions per brand Number of chargebacks per month Number of disputes/total number of transactions Number of credits. Why bother with trend analysis? By establishing baselines of behavior you can more readily recognize aberrations. It’s far better to take action related to a predicted increase in chargebacks than react to a situation identified by an outside source. Many merchants will ask you if there are resources that will provide these services. The short answer is yes. But you, as the ISO or merchant level salesperson, must be well informed about the quality of the provider. The diligent defense Do not rely entirely on information provided by a given merchant’s processor/acquirer. The information these entities provide doesn’t account for the critical needs of a successful chargeback defense. The issuance bank is focused on accounting for the specific dispute or chargeback code or identifying specific credit cards that have been used to defraud the merchant in question. A number of innovative programs have been developed in recent years that attempt to help merchants respond appropriately to chargebacks. Crucial to success is the development of custom responses, which are tied to three variable factors: the specific dispute code, the issuance bank and the specific elements the merchant can use when responding to the chargeback. For example, it does no good to develop a response that requires merchants to use proof of delivery in the MO/TO or e-commerce space if they, for whatever reason, cannot do so. However, it’s always important to provide this type of information so the most-informed business decisions can be made. The reliable response Merchants ask many questions about chargeback and dispute regulation. The primary concern is consequences: What happens if they fail to respond or do not respond in a timely manner? The simple answer is that all merchants should be taught to respond to all requests. Failure to respond is not prudent, except in cases in which the merchant accepts the account adjustment given in the chargeback notification. Many merchants ask if there is a criminal component to a chargeback. Chargebacks are not, in themselves, evidence of criminal activity. However, patterns of chargebacks can lead to criminal prosecution after an investigation. Reasons include evidence of the following: intentional failure to deliver product, delivery of banned items, intentional failure to issue refunds or other illegal activity. The rules that govern chargebacks are set and governed by the card Associations. Through their corporate governance, new rules can be set or existing rules and regulations can be modified. This process is normally driven by the evolution of payment modalities due to the development and modification of platforms. The arguable advantage As an ISO or MLS, it behooves you to be knowledgeable about the chargeback process and its governing rules and regulations. You can enjoy a very significant competitive advantage if you offer your merchant base meaningful and knowledgeable assistance in this area. A word of caution: Do not offer advice if you are not familiar with the subject. Help your merchants obtain qualified help instead. Remember, if your merchants cannot get paid, they cannot survive.

ast month I wrote about the importance of merchant education, emphasizing that proper merchant training can reduce chargebacks .Remember that a card issuer must meet all requirements for the MasterCard Worldwide and Visa U.S.A. chargeback reason code it is using.

Otherwise, the chargeback can be re-presented by the merchant or acquirer, shifting the burden of loss back to the card-issuing bank or cardholder. You may find the examples below helpful in further understanding the chargeback process and certain chargeback reason codes.

MasterCard Reason Code 4860

A card issuer initiated a chargeback for MasterCard Reason Code 4860 (credit not processed) after receiving a letter from a cardholder who was dissatisfied because a merchant issued her an in-store credit for returned merchandise.

The cardholder stated she had no use for the in-store credit and was not advised of the merchant’s in-store credit policy at the time of purchase. She wanted a credit on her card account.

The card issuer processed the chargeback because 1) the in-store credit confirmed the merchant’s acceptance of the returned goods, and 2) the credit was not issued in accordance with MasterCard’s disclosure requirements.

The requirements allow merchants to impose specific transaction terms by printing them on an invoice or sales draft near the cardholder signature line before presenting it to the cardholder for signing.

Transaction limitations may also be disclosed by other means, such as signage or literature, provided they are sufficiently prominent and clear to cardholders. Examples of allowable wording for transaction limitations are “exchange only,” “in-store credit only,” and “original packaging required for returns.”

In this case, the merchant would lose because he did not give the cardholder proper notice of his in-store credit policy. Reason Code 4860 is applicable only if the merchant accepts returned merchandise or service cancellation and issues an in-store credit (or partial credit) without proper disclosure, as specified under the rules. If you help to properly set up your merchants, this chargeback situation can be prevented.

Visa Reason Code 85

The card issuer initiated a chargeback for Visa Reason Code 85 (credit not processed). It attached a copy of the cardholder’s statement with a circle drawn around the merchant’s $59.95 transaction and “canceled” written next to it.

In this case, the merchant can have his ISO re-present this chargeback because the card issuer failed to indicate the reason for cancellation. Reason Code 85 requires the card issuer to provide: 1) the date the merchandise was returned or the services were canceled; 2) proof that the cardholder made an attempt to resolve the dispute; and 3) a reason for the cancellation or return.

Many credit-not-processed chargebacks can be re-presented due to failures to meet these three requirements. I usually find merchants are not even re-presenting chargebacks in situations in which they have already issued credits/returns to cardholders.

Merchants should check every incoming chargeback to see if a credit has already been issued. It’s easy to re-present a chargeback for credit issued.

Visa Reason Code 53

The card issuer initiated a chargeback for Visa Reason Code 53 (not as described or defective merchandise) in which the cardholder attempted to return merchandise purchased at an auction.

At the time of the transaction, the merchandise was represented as a genuine, signed memorabile, but it was actually only a laser copy.

The ISO’s chargeback department re-presented the chargeback with a merchant letter stating the merchandise was clearly described, the cardholder had the winning bid and the cardholder agreed to the merchant’s terms and conditions.

The merchant also provided a signed agreement that stated he would not accept the return of disputed merchandise and all sales were final.

The merchant won this chargeback for three reasons: 1) The language in his paperwork reduced chargeback exposure; 2) the cardholder failed to prove the merchandise sold was not as described; and 3) the cardholder failed to provide documentation from the merchant that guaranteed the merchandise’s authenticity.

These examples show that by paying close attention, a merchant and his ISO’s chargeback department can lessen the cost of chargebacks.

Many issuing banks have large chargeback centers that send improper chargebacks to the same merchants routinely. They will continue to do so for as long as they get away with it. When they know a merchant re-presents invalid chargebacks, they are much more careful about sending chargebacks to that merchant.

Visit the card Associations’ public Web sites for more chargeback resources: usa.visa.com and www.mastercard.com You’ll be better able to serve and properly set up your merchants. You can also provide much card Association information directly to targeted merchants; with e-mail it’s easy to distribute new and updated materials.

David H. Press is Principal and President of Integrity Bankcard Consultants Inc. Call him at 630-637-4010, e-mail dhpress@ibc411.com or visit www.ibc411.com

ackers target vulnerable POS systems they suspect store card data, Visa U.S.A. recently warned, and, in conjunction with the U.S. Chamber of Commerce, stated the five leading causes of data breaches and specific prevention strategies for each.

Visa is aware of credit and debit card account information compromises occurring from improperly stored magnetic stripe, or track, data after transaction authorizations are completed. Track data refers to the information encoded in Tracks 1 and 2 of the mag stripe.

The card Association has also observed compromises involving improperly stored card verification value 2 (CVV2) data, PINs and PIN blocks.

To guard against compromises, Visa advised merchants to implement the following strategies:

• Ask their POS or payment software vendor (or reseller/integrator) to confirm their software version does not store mag stripe data, CVV2, PINs or encrypted PIN blocks. If it does, they should have these elements removed immediately.
• Ask their payment software vendor for a list of files written by the application and a summary of the content to verify prohibited data is not stored.
• Review custom POS applications for any evidence of prohibited data storage. Eliminate any functionality that enables storage of this data.
• Search for and expunge all historical prohibited data elements that may reside within their payment system infrastructure.
• Confirm that all cardholder data storage is necessary and appropriate for the transaction type.
• Verify that their POS software version has been validated as compliant with the Visa Payment Application Best Practices. A list of PABP-compliant applications is available at www.visa.com/cisp

Merchants are permitted to store only specific data elements from the mag stripe to support card acceptance, according to Visa. This data includes cardholder’s name, primary account number, expiration date and service code. However, merchants should store this data only if needed, and they must protect it as required by the Payment Card Industry (PCI) Data Security Standard.

Merchants can limit damage from a compromise by not storing track data, CVV2, PINs and PIN blocks. Merchants sometimes store track and other data in the mistaken belief they need it to process merchandise returns and transaction reversals. Acquirers should ensure their merchants have proper processes for each type of transaction, Visa stated.

The most-effective weapon

The findings on data breaches came from a detailed review of the card security environment, including common fraud techniques, potential areas of weakness by card-accepting merchants and emerging threats.

“The single most effective weapon in the battle against today’s data theft is education,” said Sean Heather, Executive Director of the U.S. Chamber of Commerce, which, with Visa, conducted a survey of 600 small merchants in 12 target areas.

The survey of businesses accepting credit cards for payments revealed:

• 64% accept PIN debit.
• 42% do not worry about securing customer information.
• 5% have had an incident of lost, hacked or stolen customer data.
• 29% made improvements to protect customer information, including card data, within the previous three months; 63% did so within the previous year.
• The top three improvements (14% each) included 1) securing information physically or by adding password-protection; 2) identifying account numbers by the last four digits only; and 3) shredding or eliminating storage of customer information.

An astounding 82% did not know what mag-stripe data is. More businesses (34%) spend a greater share of their resources preventing theft of products and cash than in securing customer data (20%). Some 69% handle data security in-house.

The Visa alert, along with answers to data security questions, can be found at the Chamber’s Web site: www.uschamber.com/sb/security More information is also available at www.visa.com/merchant