|
![*]()
Merchant Card Check
![*]() Because Internet hackers who work to gain
access to databases containing card data pose one of the biggest
fraud threats, acquirers need to review their merchant contracts
to ensure that they have properly indicated the potential
risks and liabilities of maintaining cardholder data. More
specifically, contracts should point out that merchants are
responsible for the security of the cardholder information
that is in their possession.
It's important for the merchants that they have the right
to ensure that they are doing business with a legitimate cardholder.
They can verify the cardholder's signature to make sure it
corresponds with the name embossed on the card. If it does
not, merchants can request another credit card or some form
of identification as a way to protect themselves.
Merchants can try calling the customer by the name on the
card. If the cardholder does not respond, the merchant should
ask for another credit card or additional identification.
To validate the sale, merchants can request an authorization
number by calling the code number provided by their ISO. This
automated system guides merchants through the code call by
asking them to enter the customer's card number and the transaction
information.
Merchant acquirers may also want to provide fraud prevention
services to their merchants, such as address verification,
which matches a cardholder's street address information with
the bank before shipping the merchandise. If the two doesn't
match, the merchant can discuss the matter with the customer
and resolve the issue before shipping out products. Merchants
who have access to these types of services should take full
advantage of them to protect themselves to the fullest. Using
common sense and obtaining extra information from the customer
can go a long way toward reducing chargebacks and protecting
the merchant, the ISO and the acquiring bank.
Merchants should be encouraged to check out the security features
on every credit card, including holograms that change color
in the light, and non-erasable signature lines. They also
should be encouraged to call the ISO with any concerns regarding
transactions that seem out of the ordinary.
Merchant acquirers, of course, should also feel free to call
the merchant to verify any transaction. Merchants often do
not understand that the transaction authorization code verifies
only that a cardholder has funds available for that particular
inquiry. The transaction authorization code does not guarantee
that security work has been done to confirm the sale with
the legal cardholder. Merchant acquirers can protect themselves
by requiring invoices or shipping documents to verify that
a charge is legitimate.
|
|
|
