Thread: Credit Card Validation

Originally Posted by ODYSSEY

"See ID" is not a valid signature according to VISA/MC. Merchants are not suppose to take cards with this written on them, but most do. This is because the signature on the card "See ID" does not match the signature on the receipt. You will lose a chargeback just on this reason alone.

Which is why I have "See ID" on the back of all my credit cards, and when I hand my credit card to a cashier, I also hand them my ID. And yes, you are correct, "See ID" is not technically a valid signature. If the merchant asks me to sign the card in front of them, then I leave my merchandise on the counter, retrieve my card and ID, and walk out. Only had to do that twice in the last 10 years or so. I hope that if my CC's ever get stolen, some merchant will refuse to take them without the person producing some form of ID.

Anyways, this gets a bit off the track of the original subject, but the foul ups with MP3Car customer service once again cease to amaze me.

Originally Posted by armine

1. Rob- the owner, and I are the ONLY people at Mp3Car who view the credit card authorizations. I am the only person processing orders, period. If this changes, it will be public knowledge who is processing the order.

Is that for ALL CC orders, or only the international orders where you take steps to verify the customer's identity, such as this incident?

2. Darque, you are not quite right, we do not have outdated infrastructure - but there are certain situations where banks around the world have not yet collaborated to make credit card processing fraud proof. I will say not more on this, as it is sensitive information.

It's not so sensitive. It's pretty much common knowledge to anyone who has worked in retail or for retailers. However, those financial institutions that don't provide adequate security for both seller & customer are NOT the norm.
I worked with retail customers that do business internationally by phone, online webstore and purchase order. I've seen all manners of credit card processing, both good and bad, full-featured & bare-bones. I know what systems are out there, and understand how secure (or insecure) they are to a certain extent.

However, if your MSP is not so thorough that you feel the need to gather additional information on your own, I am of the opinion that something in the money chain between your point of ordering (the store website, I presume?) and your bank account is pretty severely lacking in terms of security & fraud protection.

3. Our file send is encrypted and secure - we would not request your information via email otherwise.

The send file tool we use has always has used an encrypted transfer method with 128-bit SSL encryption.

It seems to me that you're missing the boat here, Heather.
There's a balance between fraud protection (on both sides of the transaction) and convenience. There are other online retailers with roughly the same sales volume (both in units and dollars) that sell internationally. They don't require customers to scan credit cards and photo IDs for international orders.
Why?
They use the fraud prevention systems that are put into place by merchant service organizations, credit card companies and banks for that very purpose.

If you are using the full security capabilities of your MSP, your CC validation system and your bank, you should not have to resort to having a scanned document sent to you for ID verification purposes.
Besides, anyone with some mediocre photoshop skills can come up with a reasonably realistic scan of a photo ID, especially considering the file size for sending will reduce the image quality dramatically. It's even easier for a faxed document, since the quality of a fax is pretty much garbage.

You're going over and above that for your protection, which is understandable. I know darn well that electronic hardware sales are on a razor-thin margin, so you have to protect yourself for each and every sale in order to stay profitable.
However, by taking these extreme measures, you just lost a customer.

I can understand having signatures & identifying information (although not a phot ID) for customers who buy on terms.
I can understand wanting to verify identity, especially for suspect international orders where it may be difficult to track down & prosecute the perpetrators of the fraud.

However, as a Business Manager (that is your title, isn't it?), you have to understand that there has to be a balance between security and customer service. In this particular customer's eyes, you crossed that line and subsequently lost out on a sale.
One would hope that you will take this situation as an opportunity to evaluate or re-evaluate the methods of protection you have implemented.

This is yet one more way in which your credibility in this marketplace is eroding away. But you don't need me to point that out, I'm certain.

We only ask for this verification from a small fraction of our orders. We could lower our fraud screening requirements which would increase fraud and overhead.

Due to these increased losses we would have to raise the price of our products for honest customers. That doesn't seem fair.

As new loss prevention techniques become available we will continue to review them. In the mean time, I am sorry some are inconvenienced but this is just they way it is going to be.

So if it's just a small fraction of orders, how could it then be effective? In all seriousness, I'm interested to know.

Originally Posted by Tidder

So if it's just a small fraction of orders, how could it then be effective? In all seriousness, I'm interested to know.

I know this is a bad answer, and I hate to say this, but publicly revealing all of our fraud screening methods and the order in which they are applied would lower their effectiveness. I would be happy to talk about this in person but this will not be a public or written disclosure. Nothing makes me more aggravated than credit card fraud. It really just hurts everyone. There was a really good article about this in the wall street journal recently. I will try to dig it up. It really helps explain a lot here.

I can certainly see mp3cars' point here.
I just got burned by ememo06. He did his purchase through Paypal, and used his CC. Non-confirmed address.
I sent the stuff, have proof of delivery, 2 months later he did a charge-back with his CC company. PP "had to" withdraw the funds because the CC company found "in favor" of the buyer.
I can understand the PP doesn't want to loose those funds, but I think they could've put up a better fight with the CC company, since I have proof of delivery.
My question then is how can I protect myself better?
I suppose I can request the buyers CC company information...this way I can contact them myself to argue the charge-back?
What else?
Please note I have to use PP, and ship to non-confirmed addresses. Much of sales are this way. I'd loose too many sales if I enforced the "confirmed address" only.
So what can I do?

Originally Posted by muldrick

I can certainly see mp3cars' point here.
I just got burned by ememo06. He did his purchase through Paypal, and used his CC. Non-confirmed address.
I sent the stuff, have proof of delivery, 2 months later he did a charge-back with his CC company. PP "had to" withdraw the funds because the CC company found "in favor" of the buyer.
I can understand the PP doesn't want to loose those funds, but I think they could've put up a better fight with the CC company, since I have proof of delivery.
My question then is how can I protect myself better?
I suppose I can request the buyers CC company information...this way I can contact them myself to argue the charge-back?
What else?
Please note I have to use PP, and ship to non-confirmed addresses. Much of sales are this way. I'd loose too many sales if I enforced the "confirmed address" only.
So what can I do?

Always transfer money out of your paypal account, never keep a balance with paypal. Use a bank account that has no minimum for your linked bank account. Transfer any money from paypal to your linked bank account, then transfer to a second bank account (unlinked) or withdrawal monies once received from paypal.

Paypal can not take what they do not have access to.

Always use a real credit card to make payments when using paypal. That way if a seller is dishonest, but paypal sides with them, you can file a charge-back with your credit card.

You can not argue a charge-back from a credit card company on the behalf paypal. Paypal is the only one that can argue the charge-back and the only one the credit card company wants to deal with.

The only real way to get around things is to open a merchant account and process credit cards yourself. That in itself opens a whole other can of worms, that you may or may not wish to deal with.

Originally Posted by ODYSSEY

Always transfer money out of your paypal account, never keep a balance with paypal. Use a bank account that has no minimum and transfer to a second account or withdrawal monies once received from paypal.

Paypal can not take what they do not have access to.

Always use a real credit card to make payments when using paypal. That way if a seller is dishonest, but paypal sides with them, you can file a charge-back with your credit card.

You can not argue a charge-back from a credit card company on the behalf paypal. Paypal is the only one that can argue the charge-back and the only one the credit card company wants to deal with.

The only real way to get around things is to open a merchant account and process credit cards yourself. That in itself opens a whole other can of worms, that you may or may not wish to deal with.

About linking a bank with no money in the account, that too is risky. I know with my account if you try to withdraw money up to like $2000 or so and the account is $0, they will charge it to your credit card and give you the cash.

So then you would have lost money to PayPal, plus a $20 to $40 credit charge, plus a ding in your credit rating.

Happened to me twice, neither my fault. Deposit funds at the teller, go home it shows in there, transfer to a second account, and it dings my CC instead of the account since it wasnt fully clear yet. Both times called and complained, they reversed the charge, and did not report to credit score or anything, but I wouldnt want it to happen because of PayPal charge back...

Originally Posted by 2k1Toaster

About linking a bank with no money in the account, that too is risky. I know with my account if you try to withdraw money up to like $2000 or so and the account is $0, they will charge it to your credit card and give you the cash.

So then you would have lost money to PayPal, plus a $20 to $40 credit charge, plus a ding in your credit rating.

Happened to me twice, neither my fault. Deposit funds at the teller, go home it shows in there, transfer to a second account, and it dings my CC instead of the account since it wasnt fully clear yet. Both times called and complained, they reversed the charge, and did not report to credit score or anything, but I wouldnt want it to happen because of PayPal charge back...

Do not follow what you are saying.

Are you saying you transferred money (from a buyer) from you paypal account to your linked bank account, withdrew the money, then paypal wanted the money back, so they charged your credit card?

Or you deposited money to make a payment (to a seller), but the funds had not cleared yet, so paypal used your back-up source (credit card)?

If it was the first, then that would be an unauthorized transaction and a very easy charge-back.

If it was the other, that is how paypal works when paying by a bank account. NEVER use a bank account to pay a seller. It leaves you at the mercy of paypal for protection.

Also remember paypal can freeze your account at any time for no reason and refuse to give you any money left in your account. Another reason to keep no money in your paypal account.