Is your credit card authorization template worthless? Card absent transactions have a heavier burden of proof to prevent charge-backs, and the methods businesses use often create other risks, such as identity theft. Here are steps to protect your business to business company.
- Never store CVV security code data; it’s against card association rules. Not on paper, digitally or anywhere. Stored forms containing CVV, represent substantial financial risk in the event of identity theft, and potentially even jail time for failing to protect sensitive data. Visa specifically prohibits requested the security code on paper.
- Fax or email the sales invoice, which must include the merchant name (matching the merchant account either as company name or dba), merchant address, merchant phone, customer bill to, customer ship to, product or service details with quantity, price and description. Add a checkbox for customer to acknowledge sale, refund and cancellation policies. Add a fill-in line with title “Cardholder Authorization” and ask them to put in the reference code. See next item.
- Do not ask customers to fax back a credit card authorization form. That’s right, chuck the credit card authorization fax form into the trash can. Tell customers that for security reasons, payment must made via a secure online pay page. The hosted pay page form should include fields for the cardholder name, address, email, phone, and invoice number. Additionally, have a checkbox for the cardholder to acknowledge receipt and acceptance of refund policy, cancellation policy and of the sales invoice terms. For example, I use this: “I accept the sale, cancellation and return policy and all other terms as stated on my invoice.”
- Request customers print the receipt from the online payment and the invoice. Fill in fields, sign both, and fax them back. Store the proof of delivery with the signed papers. Sending back the receipt is overkill, but if you have a fraud problem and don’t have adequate cardholder authentication like 3-D Secure, maybe it’s not for you. In lieu of signed papers via fax, customer replies via company email that acknowledge receipt of the invoice, and of the sales receipt with authorization code, can be used as proof to defend against charge-backs in future disputes.
- If the Cardholder address and ship to address are different, and this is not indicated on specifically on the invoice, have the cardholder send a supplemental document on letterhead (of the cardholder) that specifically states they’re authorizing shipping to a different address. For business to business, different addresses are common. Be aware that without acknowledged authorization of some sort, there is virtually no defense for sending product to an address different than the cardholder.
Another solution which facilitates future dispute protection is electronic bill presentment & payment. In this case, the merchant invoice is delivered to a customer’s company email address, and the customer clicks and pays the specific invoice securely online. This creates a paper trail of proof that terms were presented and the customer received them since they self-initiated payment tagged specifically to the invoice. Merchants may also want to create rules that transactions over a certain amount are reviewed by an internal audit team to verify if cardholder address matches the invoice.
According to a recent survey, the second highest identity theft concern of customers is credit card information on paper. Eliminate the paper to reduce risk, improve customer relations, and create efficiencies for both customers and merchants. All above are guidelines which can be modified dependent upon the risk associated with the customer. For example, new customers and recurring customers may carry different risks. Domestic customers with verifiable AVS (address verification) have lower risk than international with no AVS verification capability.
Disclaimer: The information above does not replace a merchants obligation to follow all rules associated with their merchant account, card acceptance guidelines and payment card industry data security standards.
For more information about solutions to streamline payment acceptance for your business to business company with card not present customer transactions, contact us. Call Christine Speedy, B2B payments expert, for help with PCI Compliant credit card authorization form at 954-942-0483, 9-5 ET.