A Case of B2B Payments Fraud – Merchant Lessons and Outcomes
We wrote a blog a few months ago about some of the tools available for B2B/B2G merchants (B2B Payments – Where’s the Risk?) relevant to fraud prevention. The article covered the whole technical gambit, from EMV details to the must haves – encryption and tokenization, and how it applies to you, the payment processing merchant.
But seriously – it’s time to get back to basics.
Last month we received a call from a long time merchant who had received notice of a chargeback for $12,000 for goods shipped. The cardholder called his credit card company or the credit card issuing bank upon seeing the charge on his monthly statement and claimed no knowledge of the order and certainly, no receipt of goods. The charge was reversed off his statement – but the merchant had already shipped the goods!
1 – Who’s on the hook?
Typically and unfortunately the answer in this case – is the merchant who shipped the goods. A painful and costly lesson – and just one, single, instance of fraud. The customer card number was stolen – and unless the card issuing bank is negligent of basic fraud prevention, they are certainly not going to pony up.
2- What should you do? Upon receipt of a chargeback notice from the payment processor, and in this case – the unexpected plucking of that cool $12k from your bank account – follow the steps listed in the notice. Get in touch with the payment processor immediately – outline specifically the details of the fraud as it occurred. An independent panel of individuals from the issuing bank and the processor will review the details. But most often, it won’t be enough to get your money back.
3- Could it have been prevented? Probably.
The B2B merchant in this case, had several red flags that should have alerted staff to a possible problem – here they are;
- The order and buyer came from out of the blue. Pack away the excitement of the unexpected sale folks and BE WARY. The purchaser had no order history with the merchant.
- The buyer was remote – not local. (Be especially wary of international orders.)
- The initial card used to place the order was DENIED. The customer/buyer then presented a second card for the purchase that was approved for the order.
- The order was URGENT. We need it now, combined with all of the above is more than enough to induce caution, and put a hold on the order just long enough to take a few quick and reasonable steps to ensure the validity of your newfound customer.
Here are some steps that if taken, may have identified the fraud –
1- Use AVS (address verification) and request a CVV code (the 3 or 4 digit security code on the card) This MAY answer the question – does the buyer have just the credit card number – or the actual physical card?
2- Contact your payment processor and request the fraud or loss prevention department. With the card number – this group can identify the bank that issued the card and contact them for you. The bank can then contact the credit card holder to verify the purchase.
3- Have the new buyer complete a credit application just as you would a customer you extend terms to on an initial order. A credit card transaction is credit and a chargeback can occur for up to 6 months.
4- Don’t ship the goods until you are confident the purchase is legitimate, and the payment is good. An authentic, new buyer will understand this caution as justifiable.
A credit card authorization or approval is not a guarantee, that the card is valid in the same way a paper check received is not a guarantee that it is good.
How cliché, but if it seems too good to be true? It probably is.