Question about Chargeback

ameliadad

Hey Guys

I've just received first chargeback request from Elavon, due to a presumed stolen card transaction. It's for 112€, so substantial.

It's a laser card transaction. Customer name and Billing address are different to the correct name and billing address.

It happened back in November, but we're only getting request now.

I have contacted Realex and they said there's nothing they can do, not their responsibility, but that it's very likely we will be held responsible by the bank & Elavon.

I haven't contacted Elavon yet, as I want to be prepared. However, this all seems quite unfair, if we do end up being held responsible.

It was the first of a series of dodgy transactions on our site. It was followed by 4 other transactions in subsequent month, all for similar amounts that went to a similar area in Dublin. Our courier tipped us off after the second one of these, that it was a vacant residence, at which point we copped on and held all subsequent orders to these addresses. We then informed the Guards & Elavon of all suspect transactions.

However, there was no way of us knowing that this first transaction was a dodgy transaction, as it seemed perfectly legit, as it hadn't yet become a trend.

Surely this is more the responsibility of the bank/ realex/ Elavon than it is ours? We don't take any card details on our site for this reason, i.e. to give responsibility to someone else.

Am I mad?

Unfortunately the retailer is responsible if they initiate a "customer not present" transaction on a stolen card.

Where I work we got a chargeback for a laptop which was bought on a stolen card. As we put the transaction through it was considered to be our fault. We had to take the hit and enforced a policy of checking the name and address on all cards and refusing those which could not be verified.

EDIT: Online retailers are being given the option of implementing 3D Secure (Verified by VISA/MasterCard SecureCode). This transfers the liability to the customer as the necessary password should not be disclosed.

geoff2915

Unfortunately you have no comeback- all customer not present transactions are liable to a chargeback at a later date. My site was stung 3 times and have now introduced 3D Secure, which does give an extra layer of security.
The police are looking into my case and have tracked it down to an internet cafe in Limerick, but it is too late to get goods back and the money has been refunded.
If any transaction seems a tiny bit dodgy (different e mail name etc) then I always ring bank and ask them to ring the cardholder to check if transaction is legit.

ameliadad

Thanks Guys,

Am a bit annoyed, but anyway, will just have to check each Laser Transaction when I see it on Realex. Unfortunately will slow down dispatch time a bit.

TheWaterboy

One trick that I find works quite well if you suspect that a transaction is any way shifty, is to contact your customer and ask for a work email address or a landline number. Either of these two pieces of information will scare a potential scammer away as they can be traced to an actual work or home address. If they don't reply or make some excuse that they have neither a work email address or landline then I would just refund the card and cancel the order. On the very odd occasion you might cancel a genuine customer but you will soon learn to identify potentially fraudulent transactions

mneylon

Karsini wrote: »

EDIT: Online retailers are being given the option of implementing 3D Secure (Verified by VISA/MasterCard SecureCode). This transfers the liability to the customer as the necessary password should not be disclosed.

It's not an option for Laser

ameliadad

TheWaterboy wrote: »

One trick that I find works quite well if you suspect that a transaction is any way shifty, is to contact your customer and ask for a work email address or a landline number. Either of these two pieces of information will scare a potential scammer away as they can be traced to an actual work or home address. If they don't reply or make some excuse that they have neither a work email address or landline then I would just refund the card and cancel the order. On the very odd occasion you might cancel a genuine customer but you will soon learn to identify potentially fraudulent transactions

Thanks, yes, this is a good idea. Am going to introduce checks for any transactions over €50, that look any way suspicious

I think you're right, just ringing the customer can tell you alot. I rang one suspect customer before, just saying that I was making sure the order was correct. The "customer" stuttered before just hanging up, was clearly a scammer.

ameliadad

Blacknight wrote: »

It's not an option for Laser

I thought this also, but was talking to someone from Elavon yesterday who was adamant that 3D secure is available for Laser....

But I just rang them again and someone else said it's definitely not....

BuffyBot

It's not AFAIK, but with Laser vanishing soon I doubt it will be introduced.

Sheeps

ameliadad wrote: »

I thought this also, but was talking to someone from Elavon yesterday who was adamant that 3D secure is available for Laser....

But I just rang them again and someone else said it's definitely not....

Technically they were both right. 3dsecure can be done for maestro cards which actually cover's laser as all laser cards are co-branded as maestro. The trouble is you won't actually receive a liability shift for laser cards.

Sheeps

Sheeps wrote: »

Technically they were both right. 3dsecure can be done for maestro cards which actually cover's laser as all laser cards are co-branded as maestro. The trouble is you won't actually receive a liability shift for laser cards.

Yes. Iarnród Éireann have implemented it for their online booking service. It's probably still via Maestro as you say.

Formation

TheWaterboy wrote: »

One trick that I find works quite well if you suspect that a transaction is any way shifty, is to contact your customer and ask for a work email address or a landline number. Either of these two pieces of information will scare a potential scammer away as they can be traced to an actual work or home address. If they don't reply or make some excuse that they have neither a work email address or landline then I would just refund the card and cancel the order. On the very odd occasion you might cancel a genuine customer but you will soon learn to identify potentially fraudulent transactions

that would eliminate 100,000+ Irish people.

Most rented houses dont have a landline and only professionals have a company email address.

actually the number could be closer to a million potential customers excluded.

Sheeps

Formation wrote: »

that would eliminate 100,000+ Irish people.

Most rented houses dont have a landline and only professionals have a company email address.

actually the number could be closer to a million potential customers excluded.

By contacting a customer where you feel suspicious about a transaction, you can still asses better by phone as to whether or not the customer is genuine. It's for that reason that acquiring banks associate higher cost for ecommerce transactions than they do with mo/to transactions.

The risk of fraud will always be there, regardless of whether the card was laser or not or even whether the transaction went through 3dsecure. Most payment service providers have tools available to assist you in reviewing or highlighting potentially fraudulent transactions based on the transaction details and the various bits of information that you collect about the customers. It's only really by 3dsecure, fraud detection tools and by implementing some kind of procedure for manually reviewing the transactions or possible fraud that you can actually build a decent fraud prevention strategy for your business, and even then it only reduces your risk as fraud is more or less inevitable.