Advice Sought - How to Reduce/Eliminate Chargebacks on Ecommerce Site

Lapiecost on 14/07/2020 - 13:23

Hi,

I own a physical retail store that sells tech items including Apple computers. Several years ago we were victims of a chargeback on an expensive MacBook Pro due to an employee being socially engineered into taking payment over the phone and not checking the physical card upon pickup (the guy was a pro and I don't blame the employee).

Anyway, lesson learnt.

Due to this I've previously only accepted orders on our website as pickup on payment so that the card is physically presented to us. However I've now turned on payments for lower risk items on our site (pretty much things without serials numbers like cables and accessories) with the goal of figuring out how to ultimately be able to add iPhones and iPads with less risk later.

I'm now using Stripe as my payment processor. I have Stripe Radar configured and I'm only allowing 3D Secure transactions for amounts over $100 (an arbitrary value I admit). I know not all cards support 3DS but at the moment I believe I'm prepared to just decline those that don't. My store is WooCommerce based and I don't really plan to change. The standard WooCommerce Stripe plugin seemingly does not produce transactions that are covered under the 3DS "liability shift" and to do that I'd need to utilise the Stripe Checkout. I trialled a plugin that supports Stripe Checkout but I don't like the extra payment step (e.g. go to cart, go to checkout, go to yet another checkout).

I have a heap of questions from people that know more about this, or have been through the exercise.

Is there a better way to achieve the liability shift than the way I'm trying? suck it up and just use a plugin that uses the Stripe Checkout?
Is 3DS good enough anyway that my chargeback probability is so small that it doesn't matter? (I imagine liability shift wouldn't exist if the banks thought there was much actual risk)
Anything else I'm missing? I see this big sites selling online and it does my head in wondering how they deal with chargebacks.

Electrical & Electronics

Comments

  • jimbobaus on 14/07/2020 - 13:31

    My work is set up for HandKey Transactions (Card not present)
    essentially if the purchase is fraud (as in a stolen card was used) then you will always loose your money.
    if you are set up with your provider to do CNP transactions and you do everything within you power to ensure you are validating customers you will almost always win in a charge back dispute with the bank.

    Steps we take (as required by our bank)

    1) First time customers (or existing making first purchse over $200) ID is validated, We request copy of Government issued ID and Card (numbers can be obscured on both these if required)
    2) Parcels sent Signature on Delivery and we use a service that digitally uploads the signature which we save to the transaction.
    3) High Value Purchases are always checked, We do things like validating name and address with Electoral Roll or simply calling the supplied number and asking some questions (you can usually tell)
    4) Ensuring CCV is used when transaction is Keyed (manually) or entered on website

    When we get a charge back we provide the information above to show bank the transaction was valid and in 100% of non fraud chargebacks we have won and the money was given back to us and retaken from the customer.

    • apiecost on 14/07/2020 - 13:40

      Stolen cards are my main concern and we are a target for this kind of fraud. If you do a 3D Secure transaction (with Stripe at least, I'm definitely no expert on this) and the bank approves the transaction but it later turns out to be a stolen card the liability shifts to the bank so you don't get these types of chargebacks at all.

    • abb on 14/07/2020 - 13:59
      +4

      While true, there aren't many customers with BTC either.
      Average Joe is not going to procure cryptocurrency in order to buy their iPad, they will just go to the next shop that accepts their credit card.

  • John Kimble on 14/07/2020 - 13:42

    Can you get 3DS2?

    Can you implement small value auth/refund verification for high risk orders?

  • thatonethere on 14/07/2020 - 13:49

    Nothing is a 100% block on fraud. In another past job we used to delay shipment a working day or 2 as that flushed out "some" of the chargebacks. Depends if your customers will cope with that.

    Some places demand a copy of your drivers licence or passport - I've declined or provided a really bad B&W scan if desperate.

    If you only ship to Australia, don't auto ship orders made from overseas IPs.

    • jimbobaus on 14/07/2020 - 14:26

      Agreed nothing is 100%
      on a side note, many banks merchant agreements were recently updated to require merchants to get photo ID for first transaction so refusing to provide ID in future may limit your ability to shop online.
      Saying that, obscuring the DL number or Passport Number is always acceptable, just has to show your name and address and be government issued.

    • apiecost on 14/07/2020 - 15:53

      But isn't the idea of liability shift on 3D Secure to make it essentially be 100%? The onus is then on the bank

  • eug on 14/07/2020 - 15:33

    I recently ordered an item costing $1,999 from a store as a new customer. The store made two separate charges to my card and asked me to let them know what the values are. That's another option… although if volumes are high it might be impractical.

  • thewinchester on 14/07/2020 - 18:19

    1) Get off Woocommerce - It just isn’t a serious eComm platform worthy of anyone’s time. Strongly consider moving to BigCommerce - which also addresses your integration issues with Stripe checkout meaning you can shift the fraud risk.

    2) Spend the money on Stripe Radar to manage and mitigate your risk further.

    3) Screen the heck out of your transactions. Put additional business rules in place with Stripe Radar or other tools in your toolbox to:
    - Perform AVS matching on all transactions;
    - Screen new accounts with address, payment or contact details matching any past account or customer;
    - Evaluate email addresses intelligence to look for addresses that haven’t existed for very long;
    - Riskier transaction types and patterns, for example those from non-Australian issued cards, or specific goods where repeat risk occurs.

    And make sure that if you’re a multi-employee business, you have clear policies on who can approve a risky transaction to proceed, and the basis on which such approvals are allowed and decisions documented.

    5) Require mandatory tracking and signature on delivery for any transactions deemed risky.

    6) Also consider implementing an additional approval process for first time customers where their transactions are deemed risky. This can involve them sending back a signed form, with a copy of both the front and back of the card, and front and back of matching government photo ID. (Also have a good privacy policy in place for the obvious questions that come up around this stuff)

    Here’s an example of someone else’s approach to this you can consider and borrow:
    https://help.wafresh.com.au/hc/en-au/articles/360021014631-C…

    7) Don’t be afraid to refuse a transaction and cancel an order. Yes, you may not get $60 in revenue - but you also aren’t $120 out of pocket for fraudulent sales, aren’t without a saleable item to make a profit on, and don’t waste your time having to defend or research chargebacks.

  • MichaelV on 14/07/2020 - 19:49
    -1

    Make Paypal mandatory for all delivery orders, make sure you have online courier tracking, and you'll get no chargebacks ever.

    I used Paypal via BigCommerce checkout for thousands of transactions over 8 years. Just make sure you don't allow the cust to change the address after accepting order, and don't configure your Paypal account to accept credit cards as a payment gateway (Accept paypal account payments only).

    Pickups - only process the card via EFTPOS terminal swipe and pin, no possibility of chargeback that way.

    None of the "send proof of ID" and "tell us the random amount" tricks are foolproof - the banks will always require sig to match when CNP transaction is disputed.

  • Tee Rex Arms on 15/07/2020 - 00:36

    Socially engineered. Lol.

  • apiecost on 15/09/2020 - 14:01
    +2

    A couple of months on, and I thought I'd update in case anyone ever stumbled across this thread :)

    I ended up going ahead with Stripe and Stripe Radar to ONLY allow secure 3D transactions. It ended up seeming as though the (apparently fairly outdated) WooCommerce Stripe gateway doesn't qualify for the liability shift (protection from chargeback). I however ended up using a third party plugin that uses Stripe Checkout and does support this. It's an extra checkout step, but it's just what has to happen. (btw I also leave the other plugin active but not enabled as a payment type to process Stripe webhooks that update my orders).

    Lessons learnt:

    1. Don't sell AirPods via Stripe :) They suspended my account. After I proved I was an authorised reseller and removed those from the store they were happy to re-enable. They did not seem to care about any other product… so far.
    2. The occasional transaction gets blocked. I think it's because the customer probably doesn't have Secure 3D. Looking at them it seems most buyers just change it to a click and collect and pay on pickup so it hasn't been a big deal for us.
    3. One unintended benefit is that we ocassionally get somebody call that hasn't been a customer wanting to buy over the phone. We step them through buying online as I feel that gives us substantially higher protection. We would never have accepted these kinds of orders before.
Login or Join to leave a comment
Login Join