Privacy Policy Best Practices for ECommerce Merchants

ECommerce merchants should carefully develop their privacy policies. It is not only a Visa and MasterCard requirement that a privacy policy statement should be made available to website visitors and potential customers but it is also a great way to ensure consumers that their privacy is a top priority for the merchant and that it is adequately protected. Following is a short list of best practices that you should adhere to when designing your own privacy policy:

• Develop a clear, concise statement of your privacy policy. This practice, as well as the following one, may be subject to legal requirements. In order to adequately address consumer concerns about providing personal information, your privacy policy should answer the following questions:
  • What customer information is collected.
  • With whom the information is shared.
  • How customers can opt out.
• Make your privacy statement available to visitors to your website through links on your website. Your customers should be able to easily locate your privacy statement. Consider placing the link into your website's header or footer which, in most cases, will make it accessible from every page of your website.
• Sign up with a privacy organization and post a "seal of approval" on your website. Providing a "seal of approval" from a major privacy program is a great way to assure consumers that you are serious about protecting their personal information and are taking the necessary measures to do so. To obtain such a seal, you can register with a program such as TRUSTe or the Better Business Bureau's BBBOnLine Privacy.

Chargeback Basics

A chargeback is a payment card transaction that a card issuer returns to a merchant processing bank - and most often, to the merchant - as a financial liability. In essence, it reverses a sales transaction, as follows:

• The card issuer subtracts the transaction dollar amount from the cardholder's account. The cardholder receives a credit and is no longer financially responsible for the dollar amount of the transaction.
• The card issuer debits the merchant processing bank for the dollar amount of the transaction.
• The merchant processing bank will, most often, deduct the transaction dollar amount from the merchant's account. The merchant loses the dollar amount of the transaction.

As you can see, for merchants chargebacks can be costly. You lose both the dollar amount of the transaction being charged back and the product or service that was sold. There are also internal costs, associated with the processing of the chargeback. The following posts will discuss, in details, the reasons chargebacks occur, the available chargeback remedies, strategies for avoiding chargebacks and best practices for chargeback monitoring. The various types of chargebacks will also be scrutinized.

Chargeback Reasons

Chargebacks occur for a variety of reasons but there are several that stand out as the most common ones. These reasons include:

• Customer disputes.
• Fraud.
• Processing errors.
• Authorization issues.
• Non-fulfillment of transaction copy requests (only if fraud or illegible).

Chargebacks probably cannot be completely eliminated, yet merchants can take steps to prevent them or reduce them in number. Many of the chargebacks are a result of mistakes on the part of the merchants and can be easily avoided. Merchants who understand and implement proper transaction-processing procedures are much less likely to inadvertently cause a chargeback. Other chargebacks, however, are beyond the control of the merchant. Such chargebacks can be caused by errors made by merchant banks, card issuers, and cardholders. Merchant Responsibility The main interaction in a chargeback process is between the card issuer and the merchant processing bank. The card issuer sends the chargeback to the merchant bank, which may or may not be able to resolve the issue on its own, without involving the merchant. Merchants have a direct responsibility for taking action to remedy and prevent chargebacks. Your financial and administrative liability for chargebacks is spelled out in your merchant services agreement with your processor.

The Chargeback Cycle

The chargeback cycle is a series of interactions between several participants. Following are the stages of the chargeback process.

1. The chargeback process begins with the cardholder disputing a transaction or contacting his or her card issuer with disputed information.
2. The card issuer electronically returns the transaction (charges it back) to the merchant bank (also called acquiring bank or simply Acquirer) through the respective credit card company (e.g. Discover or American Express) or association (Visa or MasterCard).
3. The credit card company or association reviews the eligibility of the transaction to be charged back and, if appropriate, forwards it to the merchant bank.
4. The merchant bank receives the chargeback and either resolves the issue or, if unable to do so, forwards it to the merchant.
5. The merchant receives the chargeback. If the merchant has a proof that the transaction is valid (e.g. a sales receipt), the proof is submitted (represented) to the merchant bank. If the merchant is unable to produce a proof, the chargeback may have to be accepted.
6. The merchant bank receives the represented transaction and sends it on to the credit card company or association.
7. The credit card company or association receives the represented transaction and, if appropriate, forwards it to the card issuer.
8. The card issuer receives the represented transaction and, if appropriate, re-posts it to the cardholder's account. If the chargeback issue is not adequately addressed, the card issuer may submit a dispute with the credit card company or association.
9. The chargeback process ends with the cardholder receiving information resolving his or her dispute and may be re-billed for the item or receive a credit.

Processing of Transaction Receipts

Merchants should establish a process for handling sales receipts to ensure their proper processing, in order to minimize customer disputes and chargebacks. The following best practices should be included in this process:

• Merchants should make sure that transactions are entered into their point-of-sale or virtual terminals only once and are deposited only once. Duplicate transactions are very likely to result in chargebacks if merchants:
  • Enter the same transaction more than once.
  • Deposit both the merchant copy and bank copy of a sales receipt with their merchant processing bank.
  • Deposit the same transaction with more than one merchant processing bank.
• Merchants should make sure that whenever incorrect or duplicate sales receipts are detected, they are promptly voided and that transactions are processed only once.
• Merchants should deposit sales receipts with their merchant processing bank as quickly as possible, preferably within one to five days of the transaction date. Merchants should not hold on to them.
• Merchants should deposit credit receipts with their merchant processing bank as quickly as possible, preferably the same day the credit transaction is generated.
• For card-not-present transactions, merchants should not deposit sales receipts with their merchant processing bank until the merchandise has been shipped. If customers see a transaction on their monthly credit card statement before they receive the merchandise, they may contact their card issuers to dispute the charge. Similarly, if delivery is delayed on a card-present transaction, merchants should not deposit the sales receipt until the merchandise has been shipped.
• If a customer requests cancellation of a transaction that is billed periodically (monthly, quarterly, or annually), the merchant should cancel the transaction immediately or as specified by the customer. Following the cancellation, the merchant should inform the customer in writing that the service, subscription, or membership has been canceled and state the effective date of the cancellation.

Visa Chargeback Monitoring Programs

Visa monitors the chargeback activity of all merchants accepting their cards on a monthly basis and alerts acquirers when any one of their merchants reaches excessive chargeback levels. Typically, chargeback rates of 1% or greater are considered excessive. Once notified of a merchant with excessive chargeback rates, merchant banks (acquirers) are expected to take appropriate steps to reduce the merchant's chargebacks. Remedial actions depend on various factors, including merchant type, sales volume, geographic location, and other risk factors. Often merchants need to provide their sales staff with additional training on card acceptance procedures. Merchants may also be required to work with their merchant services providers to develop a detailed chargeback-reduction plan. Visa may impose financial penalties on acquirers that fail to reduce excessive merchant-chargeback rates. Visa has two chargeback monitoring programs:

• Merchant Chargeback Monitoring Program. The Merchant Chargeback Monitoring Program (MCMP) monitors chargeback rates for all acquirers and merchants on a monthly basis. If a merchant reaches excessive chargeback rates, Visa notifies its merchant bank in writing. MCMP applies to all merchants with more than 100 total transactions per month - sales, credits, etc. - more than 100 chargebacks, and an overall chargeback-to-transaction rate of one percent or greater. First notification of excessive chargebacks for a specific merchant is considered a warning. Visa imposes fines only if remedial actions are not taken within an appropriate period of time to return chargeback rates to acceptable levels.
• High-Risk Chargeback Monitoring Program. The High Risk Chargeback Monitoring Program (HRCMP) is specifically designed to reduce excessive chargebacks by high-risk merchants. High-risk merchants include direct marketers, travel services, outbound telemarketers, inbound teleservices, and betting establishments. HRCMP applies to all high-risk merchants with more than 100 total transactions per month - sales, credits, etc. - more than 100 chargebacks, and an overall chargeback-to-transaction rate of one percent or greater. Unlike the MCMP, under HRCMP, there is no warning period and fines of $100 per chargeback are imposed immediately if a merchant has an excessive chargeback rate.

Visa also monitors international sales and chargeback rates through its Global Merchant Chargeback Monitoring Program.

Visa Chargeback Monitoring Programs

Visa Chargeback Monitoring Programs

Visa monitors the chargeback activity of all merchants accepting their cards on a monthly basis and alerts acquirers when any one of their merchants reaches excessive chargeback levels. Typically, chargeback rates of 1% or greater are considered excessive. Once notified of a merchant with excessive chargeback rates, merchant banks (acquirers) are expected to take appropriate steps to reduce the merchant's chargebacks. Remedial actions depend on various factors, including merchant type, sales volume, geographic location, and other risk factors. Often merchants need to provide their sales staff with additional training on card acceptance procedures. Merchants may also be required to work with their merchant services providers to develop a detailed chargeback-reduction plan. Visa may impose financial penalties on acquirers that fail to reduce excessive merchant-chargeback rates. Visa has two chargeback monitoring programs:

• Merchant Chargeback Monitoring Program. The Merchant Chargeback Monitoring Program (MCMP) monitors chargeback rates for all acquirers and merchants on a monthly basis. If a merchant reaches excessive chargeback rates, Visa notifies its merchant bank in writing. MCMP applies to all merchants with more than 100 total transactions per month - sales, credits, etc. - more than 100 chargebacks, and an overall chargeback-to-transaction rate of one percent or greater. First notification of excessive chargebacks for a specific merchant is considered a warning. Visa imposes fines only if remedial actions are not taken within an appropriate period of time to return chargeback rates to acceptable levels.
• High-Risk Chargeback Monitoring Program. The High Risk Chargeback Monitoring Program (HRCMP) is specifically designed to reduce excessive chargebacks by high-risk merchants. High-risk merchants include direct marketers, travel services, outbound telemarketers, inbound teleservices, and betting establishments. HRCMP applies to all high-risk merchants with more than 100 total transactions per month - sales, credits, etc. - more than 100 chargebacks, and an overall chargeback-to-transaction rate of one percent or greater. Unlike the MCMP, under HRCMP, there is no warning period and fines of $100 per chargeback are imposed immediately if a merchant has an excessive chargeback rate.

Visa also monitors international sales and chargeback rates through its Global Merchant Chargeback Monitoring Program.

Chargeback Reason Code 60: Request Copy Illegible or Invalid

Chargebacks are identified with a Reason Code 60 when the card issuer requests a copy of the sales receipt and is provided an illegible copy by the merchant or its merchant services provider, an incomplete substitute receipt, or something other than the requested item. Most commonly a Reason Code 60 chargeback results when a merchant submits a substitute sales receipt that does not contain all of the required information, the sales receipt is not legible, or is other than the requested item because:

• The terminal's printer ribbon is worn and the ink is too light.
• The terminal's paper roll is nearing the end, and the colored streak indicating this obscures transaction information.
• The copy is on colored paper.
• The carbonless paper of the original sales receipt is mishandled, causing black blotches and making copies illegible.
• The original sales receipt is copied at a reduced size, resulting in blurred and illegible copies.
• The document submitted is not the requested copy of the sales receipt.

The remedial actions that merchants can take in the event of a Reason Code 60 chargeback can be the following:

• The back office staff should resubmit, if possible, a legible or complete copy of the sales receipt to their merchant bank. If a legible copy cannot be produced or the original receipt is missing, the chargeback should be accepted. If the retrieval request is fraud-related, the merchant has no representment rights and should accept the chargeback.
• The point-of-sale staff has a very important role to play as well. Printer ribbons should be changed routinely. Faded, barely visible ink on sales receipts is the top cause of illegible receipt copies. Printer paper should be changed when colored streak first appears. The colored streak down the center or the edges of printer paper indicates the end of the paper roll. It also diminishes the legibility of transaction information. Keep the white copy of the sales receipt and give customers the colored copy. Colored paper does not copy as clearly as white paper and often results in illegible copies. Carbonless paper and carbon- or silver-back paper should be handled carefully. Silverback paper appears black when copied. Any pressure on carbonless and carbonback paper during handling and storage causes black blotches, making copies illegible. Merchants should always keep the top copy.
• The owners and managers of your organization also have a role to play. Your company logo or marketing messages should be placed on sales receipts in a way that does not interfere with the transaction information. If your company name, logo, or marketing message is printed across the face of sales receipts, the transaction information on a copy may be illegible.

Chargeback Reason Code 75: Cardholder does not Recognize Transaction

Chargeback Reason Code 75 is issued when the card issuer receives a complaint from a cardholder stating that the transaction appearing on the monthly statement is not recognized. This code applies to both card-present and card-not-present transactions. The most common cause for a Reason Code 75 chargeback is that either the merchant store name or location reflected on the cardholder's monthly statement is not correct or recognizable to the cardholder. Merchants can take actions to remedy Reason Code 75 chargebacks on both back-office-staff- and ownership levels.

• Back-Office Staff. To prove that the cardholder has participated in the transaction at issue. your organization's back office staff should provide to the merchant processing bank any documentation or information that would assist the cardholder in recognizing the transaction. For example:
  • Sales receipt.
  • Shipping invoice or delivery receipts.
  • Description of merchandise or service purchased.
  If no supporting evidence is available or if you cannot produce a legible copy, you should accept the chargeback.
• Owner. The merchant name is the single most important factor in cardholder recognition of transactions. It is the owner's responsibility to make sure that the merchant name that the customers see on their credit card statements (also called a billing descriptor) is the one they associate with the merchant they shopped at. The owner should work with their merchant processing bank and set up the billing descriptor the right way. The merchant name, city, and state should be properly identified in the billing descriptor.

Chargeback Reason Code 57: Fraudulent Multiple Transactions

Chargeback Reason Code 57 is issued when the card issuer receives a written claim from the cardholder, acknowledging participation in at least one transaction at the merchant outlet but disputing participation in the remaining transaction. The cardholder also states the card was in his or her possession at the time of the disputed transactions. This chargeback does not apply to recurring payments or to mail order, telephone order, or eCommerce transactions. Most often a Reason Code 57 chargeback occurs when the merchant fails to void multiple transactions or attempts to process a fraudulent transaction. Merchant Actions.

• Back-Office Staff Actions. If the appropriate credit has been processed to the cardholder's account on one or all of the disputed transactions, the merchant should send to their merchant bank evidence of the credits. If the cardholder did participate in more than one valid transaction, the merchant should provide appropriate documentation, such as sales receipts, invoices, etc. If appropriate credit has not yet been processed on the disputed transaction, the merchant should accept the chargeback. The merchant should not process a credit since the chargeback has already performed this function.
• Owner Actions. Owners and managers should immediately investigate such chargebacks. This type of chargeback may indicate potential fraud occurring at the point of sale. It also may simply be the result of a mistake by point-of-sale staff.

Chargeback Reason Code 62: Counterfeit Transaction

Chargeback Reason Code 62 occurs when the card issuer receives a written complaint from the cardholder claiming that he or she was in possession of the card on the date of transaction and that he or she did not authorize or participate in the transaction. The most common causes for Reason Code 62 chargebacks are that the merchants fail to compare the first four-digits of the embossed account number on the card with the pre-printed digits below the embossed number for a card-present transaction or that they receive authorization without transmission of the entire magnetic stripe. Merchant Actions.

• Back-Office Staff Actions. If the card was swiped and transaction authorized at the point of sale, you should provide your merchant bank with a copy of the printed sales receipt. If the transaction was fraudulent, you should accept the chargeback.
• Point-of-Sale Staff Actions. Point-of-sale personnel should check all card security features before completing the transaction. In particular, the first four digits of the embossed account number on the card should match the printed four-digit number below the embossed number. If the numbers do not match, you should make a Code 10 call. You should also look for other signs of counterfeit, such as embossed numbers that are blurry or uneven, or ghost images beneath the embossed numbers, indicating that they have been tampered with. If you key-enter a transaction because the magnetic stripe cannot be read, you should make an imprint of the front of the card either on the printed sales receipt or a manual sales receipt form, which should be signed by the customer.

Chargeback Reason Code 81: Fraudulent Transaction

Chargeback Reason Code 81 is issued when the card issuer receives a sales receipt that is missing required information, indicating a potentially fraudulent transaction. A Reason Code 81 may be issued when the card issuer receives a sales receipt that has no imprint of the card’s embossed or magnetic-stripe information or is missing the cardholder’s signature, and either: cardholder certifies that he or she neither authorized nor participated in the transaction or the card issuer certifies that no valid card with that account number existed on the transaction date. This type of chargeback is not valid for recurring payments and card-not-present transactions. It is valid for card-present sales on self-serve POS terminals, such as cardholder-activated gas pumps. Typically chargeback Reason Code 81 is issued when the merchant:

• Has not swiped the card through a POS terminal.
• Has not made a manual imprint of the card account information on the sales receipt for a key-entered transaction.
• Has completed a card-present transaction without obtaining the cardholder’s signature on the sales receipt.
• Has completed a card-not-present transaction but has not identified the transaction as a MO/TO or eCommerce purchase.

Merchant Actions.

• Back-Office Staff.
  • Card Imprint from Magnetic Stripe Was Obtained. If account information was captured from the card’s magnetic stripe, request that your merchant bank send a copy of the authorization record to the card issuer as proof that the card’s magnetic stripe was read. You should also provide a copy of the sales receipt proving the cardholder’s signature was obtained.
  • Card Imprint Was Manually Obtained. If the account number was manually imprinted on the sales receipt, you should send a copy of the sales receipt to your merchant bank as documentation. The copy of the sales receipt must also contain the cardholder’s signature in order to remedy the chargeback.
  • Card Imprint Was Not Obtained. If the account number was not obtained from either the magnetic stripe or manually, there is no remedy and you should accept the chargeback.
  • Signature Was Obtained. If the cardholder’s signature was obtained on the sales receipt or a related document (for example, an invoice with cardholder’s name, address, and the date of the transaction) send a copy of the document to your merchant bank. You should also send evidence that the cardholder’s card was present, specifically either a manually imprinted sales receipt or authorization record proving the magnetic stripe was read. You must be able to prove the sales receipt and other documentation are from the same transaction.
  • Signature Was Not Obtained. If the cardholder’s signature was not obtained for a card-present transaction, there is no remedy and you should accept the chargeback.
• Point-of-Sale Staff Actions.
  • Swipe Cards or Use a Manual Imprinter. Merchants should obtain a record of the card’s account and expiration date information on the sales receipt by either swiping the card through a terminal or using a manual imprinter. If you use a manual imprinter, make sure the imprint can be positively matched with other transaction information to prove the card was present. For example, if you take an imprint on a separate receipt for a key-entered transaction, you should write the transaction date, amount, and authorization code on this document before completing the sale.
  • Obtain Cardholder Signature. Merchants should obtain the cardholder’s signature on the sales receipt for all card-present transactions. Always compare the customer’s signature on the sales receipt to the signature on the back of the card. If the names are not spelled the same or the signatures look different, call your merchant processing bank's voice authorization center and ask for a "Code 10" authorization.
• Owner Actions.
  • Remind Staff to Obtain an Electronic or Manual Imprint. Owners should train sales staff to swipe the card through a terminal or to use a manual imprinter to imprint the embossed information from the front of the card onto a sales receipt that will be signed by the customer.
  • Manual Imprinter or Portable Electronic Terminal. If your business delivers merchandise or performs services at customers' homes, your field employees should be equipped with manual imprinters or portable electronic terminals that can read the card’s magnetic stripe.
  • Cardholder Signature. Owners should train sales staff to obtain the cardholder's signature on the sales receipt for all card-present transactions; to compare the signature on the receipt to the signature on the back of the card; and to accept only signed cards.
  • Investigate High Volume of Chargebacks. If your business is receiving a high volume of Code 81 chargebacks, you should investigate. It could be a sign of internal fraud. You may need to examine sales receipts related to the chargebacks to check which POS terminals and sales staff were involved in these transactions.
  • Train Staff, Clean Magnetic-Stripe Readers. A high volume of Code 81 chargebacks may also indicate a need for additional staff training in proper card acceptance procedures or better maintenance and cleaning of the magnetic-stripe readers in your terminals.