On the bright side, however, there are quite a few solutions and best practices which, if performed for each transactions and implemented consistently, will help mail order and telephone order (MO / TO) and web-based card acceptors limit fraud and maximize their bottom lines.
How to Accept Online Payments In a Way that Limits Fraud
Card acceptors doing their online payment processing in a card-not-present environment, incorporate the following suggestions into your payment processing cycle for each of your transactions:
- Get an authorization approval for all payments. The floor limit for all card-not-present transactions is inevitably zero and all that means is that card acceptors always ask for and actually receive an authorization approval for each payment, regardless of the payment amount.
- Get the expiration date of the card. You need to always ask consumers to provide their card's expiration date. It serves as another way to verify that the consumer is in a physical possession of their card during the time of the payment.
- Get the security code of the card. Card security codes are, as you no doubt know, the three- (for Discover, MasterCard and Visa bank cards) and the four-digit (for AmEx cards) codes on the back (for MasterCard, Discover and Visa bank cards) or the front of the bank card (for AmEx). Getting the security code of the card in none-face-to-face payments is a crucial way to validate that the customer is in actual physical possession of his card. Remember that you should never store the security codes of the cards anywhere in your database. This storage is prohibited by Visa and MasterCard and violators, when caught, will be charged with substantial fines.
- Use the AVS (Address Verification Service) system. The (AVS) allows web-based merchants to validate the correctness of the billing address that the customer has listed at the checkout. It does that by routing the provided address, through Visa and MasterCard, to the card's issuer. The card issuer receives the information and matches it to what it has on file for its own customer and returns a response code that gives the result of its validation process.