Currently when the magnetic stripe fails during a face-to-face transaction, the merchant key enters the account number and must manually imprint the card to prove the card was present during the transaction for protection against fraud chargebacks. Effective for new transactions processed on or after October 15, 2011, merchants may include Card Verification Value 2 (CVV2) in the authorization request for Visa U.S. Domestic key entered face-to-face transactions when the magnetic stripe cannot be read by the terminal.
In order to qualify for chargeback protection against reason code 81 “Fraud-Card Present” the transaction must meet the following criteria:

• Authorization Approval
• U.S. Domestic Transaction
• Card Present with magnetic stripe failure only
• Transaction was keyed entered
• CVV2 was included in the authorization request
• Signature obtained on the sales draft and retrieval request properly fulfilled

The following transaction types are excluded from the chargeback protection:

• Quasi Cash
• Cash Back
• Manual Cash Disbursement
• Betting, including lottery tickets
• Casino Gaming Chips
• Off-Track Betting and Wagers at a Race Track
• Visa International transactions

These merchants must continue to obtain an imprint of the card when the magnetic stripe cannot be read by the terminal for the protection against fraud chargebacks.

Hurricane Irene is wreaking havoc for businesses with limited phone and internet capabilities who need to process electronic payments. Our hosted payment technology provides the ultimate disaster relief capability because not only can merchants continue to process transactions, but they’ll have business continuity both before and after the disaster. What’s your back up plan?

DISASTER PROCESSES FOR A MERCHANT-  OVERVIEW OF BEFORE & AFTER SCENARIO:

Before disaster- Dial up terminal > authorization > print receipt which customers signs and you store for at least 180 days, the amount of time allowed for disputes.

After disaster: The use of limited phone line for customer service can interfere with ability to run operations, plus merchant needs power for printing receipts after authorization. More than likely the merchant manually imprints the card data and batch processes at a later date. This increases risk associated with accepting payments, including potential internal fraud and identity theft.

Before disaster with CenPOS technology- hosted terminal > authorization via internet >  customers sign signature capture terminal,  merchant sends receipt to the USB receipt printer, and CenPOS electronically stores signed receipt for retrieval for 7 years, covering both the amount of time allowed for disputes and any IRS needs.

After disaster with CenPOS technology, there are  multiple options:

• Attach a card reader to mobile device-ipad, iPhone, Droid. Card is swiped and customer signs on the device; a receipt is emailed automatically.
• Attach a card reader to laptop with satellite internet, and print 2 copies of receipts to the USB receipt printer; one for internal records and one for the customer. The transaction is electronically stored for retrieval for 7 years.
• Route calls to a temporary call center where operators take orders over the phone. Receipts are emailed to customers. Key entered transactions are automatically routed to meet card not present requirements, with proprietary technology to mitigate risk associated with card not present transactions, and reduce associated payment processing fees. Because CenPOS is an intelligent solution, even if you need to hire unskilled temporary help, you’ll avoid costly errors and mitigate risk because our solution automatically gathers the required data needed and passes it through to the processor.

In every case above there is no disruption to the merchant, who will use the SAME Virtual Terminal for all transactions both before and after the disaster. This simplifies recovery later because all receipts and transaction records remain in the same virtual location, with the exception of any offline signed receipts.

Do you take orders over the phone? How can you defend against chargebacks? You’re not going to like the answer I outline below because the burden on merchants is nearly insurmountable.

RULE NUMBER ONE.  You must have a MOTO* merchant account. If you run a card absent transaction on an RETAIL account, you will automatically lose because you won’t be presenting the transaction according to the rules of the merchant account with an in-person signature or pin entry AND card swipe or manual imprint. * MOTO is an abbreviation for mail order / telephone order; Faxed orders fall under this rule as well.

RULE NUMBER TWO: If the payment was made via a web page or ecommerce shopping site, the merchant must have an ECOMMERCE merchant account.

What if you accept credit cards via the internet and MOTO? Ecommerce presentment rules generally include MOTO requirements, but MOTO presentment rules do not include all Ecommerce presentment requirements.  You should read the rules carefully as it applies to your particular situation and NOT rely on this article.

Below are excerpts of the relevant rule from Visa and the condition I most often see cited on merchant chargeback forms. (Other cards have similar language. Please note the Visa International Operations Guidelines book is over 1100 pages so to keep this brief, this is a very narrow look, with text beginning from page 836.  Excerpts may be taken out of context to provide insights and should not be replied upon.

Reason Code 83 Fraud—Card-Absent Environment
Overview: Time Limit: 120 calendar days
Cardholder did not authorize or participate in a Card-Absent Transaction or Transaction was
processed with a Fictitious Account Number or no valid Card was outstanding bearing the Account
Number on the Transaction Receipt.

Chargeback Conditions – Reason Code 83
1. Cardholder did not authorize or participate in a Card-Absent Environment Transaction.

Representment Processing Requirements – Reason Code 83
b. Evidence of Imprint and signature or PIN  (Yes, it really says this under card not present!)
d. For Chargeback Condition 1, compelling evidence that the Cardholder participated in the
Transaction, excluding U.S. Domestic Transactions.

Further,

8. Mail/Phone Order or Electronic Commerce Transactions, if both: This provision applies to U.S.
Domestic Transactions (This only applies in the U.S. Region.)
a. Merchandise was shipped or delivered, or services were purchased (This only applies in the
U.S. Region.)
b. Issuer was not a participant in the Address Verification Service on the Transaction Date and
Acquirer received an Address Verification Service response code “U” (This only applies in the
U.S. Region.)

Additional Information – Reason Code 83
1. “Signature on file” notation is not an acceptable signature.
2. Pencil rubbing of the Card or a photocopy of the Card is not considered proof of a valid Imprint.

CARD ABSENT CHARGEBACK PREVENTION TIPS:

• When a merchant account is opened merchants are issued a metal plate with their required merchant account identifying information to use with imprinting forms.  Don’t toss is into a drawer. Buy an imprinter (about $25 from most office supply stores) and some voucher forms, put your plate in and keep it secured but handy in case you need it.  If you don’t know where your plate is, call your processor and ask for a new one. To mitigate risk, run the form through your imprinter, fill in all the information and then send the form to your customer. They must a) rub a pen across it to simulate as if the imprint mechanism ran across it. b) sign the form. This creates additional burdens to the merchant for PCI Compliance, since the imprint would have to be stored for 180 days, the current allowable chargeback time. But think of the burden of proof trail you’ll be able to produce- the form is sent to the customer address, the card must  pass AVS verify (address on card matches address mailed to), and you have a signature.
• To save time, merchants frequently only partially fill in the form, but this is not sufficient. All fields must be completed and the customer must sign.
• Ship merchandise with signature required, only to addressee.
• Shipping address and billing address must match. (You will lose automatically if they don’t unless you have special supporting document signed by the customer stating their desire to have shipped to a 3rd party address.)

Editors note: This article primarily addresses card absent,  not ecommerce.  A merchant solution to help mitigate risk is Cenpos. Here’s a few ways you can use CenPOS tools:

• Restrict user permissions for transactions.
• Set additional requirements to pass a transaction over merchant defined thresholds.
• Set up email alerts for notification of transactions over thresholds.
• Restrict types of cards accepted and rules for acceptance.

Is a pencil rubbing of the credit card or a photocopy of the credit card OK to defend against chargebacks? Yes, but only if the merchant has an imprint of the card on a credit card voucher form that is fully completed and signed by the customer.

Is a faxed approval form for the charge amount OK to defend against chargebacks? No. The merchant must have an imprint of the card on a credit card voucher form that is fully completed and signed by the customer.

Your credit card terminal goes down or your wireless unit can’t get a signal, but you’ve got customers lined up to buy. Is a pencil rubbing of the credit card or a photocopy of the credit card OK to defend against chargebacks?

No. The merchant must have an imprint of the card on a credit card voucher form that is fully completed and signed by the customer.

Below are excerpts of the relevant rule from Visa and the condition I most often see cited on merchant chargeback forms. (Other cards have similar language. Please note the Visa International Operations Guidelines book is over 1100 pages so too keep this brief, this is a very narrow look. Link t

Visa Chargeback Reason Code 81 Fraud Card-Present Environment

Chargeback Conditions – Reason Code 81
pg 825 One of the following:
1. Cardholder did not authorize or participate in a Card-Present Environment Transaction.

CHARGEBACK PREVENTION TIPS:

• A signature and imprint or magnetic stripe card data is required on all retail merchant accounts with a Terminal ID that is set up for retail  presentment. For most merchants, this means they need two merchant accounts- one for card present or retail, and another for card not present or MOTO if they have key entered transactions and the card is absent.
• To save time, merchants will only partially fill in the form, but this is not sufficient. All fields must be completed and the customer must sign.
• When a merchant account is opened merchants are issued a metal plate with their required merchant account identifying information to use with imprinting forms.  Don’t toss is into a drawer. Buy an imprinter (about $25 from most office supply stores) and some voucher forms, put your plate in and keep it secured but handy in case you need it.  If you don’t know where your plate is, call your processor and ask for a new one.

Editors note: Two merchant accounts will help mitigate risk because card absent aka card not present requirements differ from card present. For example, depending on the transaction method,  address verification and or security code may be required. Merchants with a single dial up terminal that has two merchant accounts my experience costly errors when the salesperson or cashier processes the transaction on the wrong account. It happens.  I see it all the time when I review statements and dig for downgrade reason codes. One solution is automated merchant account switching via Cenpos.

Phase 1 of Visa’s new chargeback rules are now in effect. Effective for fraud-related chargebacks processed on or after 16 April 2011, in lieu of a paper-based signed cardholder letter stating that the cardholder neither authorized nor participated in a transaction, issuers may submit information collected from the cardholder electronically.

Essentially, the dispute can now be completed elecronically instead of having to mail in a letter. The following reason codes are impacted by this rule change:
•     Reason Code 57 Fraudulent Multiple Transactions
•     Reason Code 62  Counterfeit Transactions
•     Reason Code 81  Fraud – Card-Present Environment
•     Reason Code 83  Fraud – Card-Absent Environment

Fraud-Activity Certifications
In April 2011, in lieu of a cardholder letter, card issuers will be required to certify through Visa Resolve Online (VROL) three fraud-activity  certification requirements to support their chargeback.  VROL is an innovative Visa back-office system used by all Visa members to process disputes. The three requirements are the following:
•     Card status at the time of transaction (lost, stolen, counterfeit)
•     Date fraud activity was reported through VisaNet
•     Date account number was listed on the Exception File
The fraud-activity certifications validate that the issuer closed the cardholder’s account, fraud reported the account number to Visa and statused the account either lost, stolen or counterfeit. The fraud-activity certifications will only be required if the issuer elects not to send a cardholder letter. In October 2011, Visa will mandate issuers to send the fraud-activity certifications with or without a cardholder letter.

What does this mean for merchants? The time that lapses between the customer initiated dispute to the time  merchant receives such notification shrinks.