Eight smart steps to prepare your business for chargebacks

In the event of a chargeback, is your business prepared?

According to Wikipedia, “the chargeback mechanism exists primarily for consumer protection.”

Notice that the definition has nothing to do with the merchant or business.  Do you have the necessary steps in place to protect yourself and get your money back?  While chargebacks are not often used (generally about .01% of all credit card transactions are disputed), in the wrong hands, a chargeback can be a powerful weapon used by the unscrupulous consumer.

Some keywords and their definitions in this article

  • A Chargeback is the return of funds to a consumer, forcibly initiated by the issuing bank of the instrument used by a consumer to settle a debt.
  • An Issuing Bank is the bank that is named on the consumer’s credit card (American Express, Wells Fargo, Chase, etc.)
  • The Consumer is the one who charged the item on their credit card and requested the issuing bank to initiate the chargeback
  • The Merchant is the business that accepted the card from the consumer
  • The Merchant Processor is the company that processes the merchant’s credit cards.
  • Reason Codes define why the chargeback is requested.

Chargebacks were created to cover the consumer, as defined above, and to address fraud.  In those instances where a consumer might purchase something from a merchant and doesn’t receive it, or it’s broken, or it’s not what it was supposed to be, and the consumer does everything to reasonably work with the merchant, a chargeback can be used to make the consumer whole.  Additionally, if a consumer reports their credit card stolen, the credit card company issues chargebacks for any charges that are fraudulent.  For all of these reasons, the chargeback is a great tool.

Here are some things you may not know about chargebacks:

  • When a consumer submits a chargeback, the issuing card company contacts your merchant company and a course of action is taken.
  • Chargebacks are generally categorized into four areas:  technical, clerical, quality or fraud
  • There are numeric codes in each area that define the chargeback.  For example, a C32 is damaged goods or merchandise received;
  • Most often, the course of action is the removal of funds from the merchant account.  Sometimes, based on the reason code and how old the transaction may be, an inquiry is initiated instead of the money being removed.
  • If money is removed from the merchant’s account, it’s usually within 48 hours, but often sooner.
  • A notice of chargeback is usually mailed via USPS – this means you’re missing the money before you even know the chargeback was initiated.
  • Once the consumer initiates the chargeback, it is the merchant’s responsibility to prove that the charge was valid.
  • Chargebacks can be won by the merchant, but refiled by the consumer, as long as a different reason code is used.  This cycle can happen continually for up to 12 months (based on the consumer’s bank).

If you accept credit cards, you are vulnerable to a chargeback.  Depending on the volume of your business, and the average amount of each transaction, many businesses consider chargebacks a cost of doing business.  For a company whose average ticket is $30, and who might do $60,000 in sales in a month, a couple of chargebacks probably aren’t worth the time of the business owner to resolve.  But what if your average ticket is $3500 and you might do $60,000 in sales a month and you get a chargeback?  Suddenly you realize that your cash flow is a lot more vulnerable than you think.

Here are some ways to protect and prepare your business.

1.  Don’t take credit cards over the phone without written authorization. Before you internet business readers groan and stop reading, hear me out.  If you’re subject to a chargeback, the very first thing on the list to prove that it’s a valid charge is a signed sales draft.  If you’re taking a credit card on the phone without a written authorization you’ve probably just lost the chargeback battle.  It used to be that writing /s/ and “over the phone” on the signature line was enough.  These don’t necessarily count anymore.

2.  Make sure the written authorization to charge a consumer’s credit card is clear.  Under what circumstances can you charge the card?  Is it recurring?  Do they have to review the invoice?  For one-time purchases do they have to initial an amount field?  This document should be ironclad.

3.  What is your return policy and is it clearly started on whatever the consumer signs?  Take a look at your receipts or invoices that you print and give the customer.  Is it clear?  Is there an exact number of days and under what circumstances you’ll accept a return? Entrepreneur.com has a great article about writing a clear return policy, which you can read here.  To win a chargeback, you have to have a very clearly defined return policy that the consumer can understand.  A tie goes to the consumer, so make sure it’s consistent and easy to interpret.

4.  Keep all the pertinent documentation from the charge itself.  Other things you have to provide when you fight a chargeback are the cardholder number, authorization number, transaction amount, and date.  These are usually all found on the sales slip.  It sounds obvious but don’t throw these things away.  Ideally, they’re stapled to the written authorization in step one.

5.  Document and have the consumer sign an authorization if items are to be shipped to an address other than the one that you have on file for the consumer.  Example: A consumer buys auto parts but wants the parts shipped to a third party body shop for paint and installation.  Shipping items to someone other than the consumer can get you in trouble without written authorization.

6.  Print and save the tracking and delivery information.  If you’re shipping products, proof of delivery is necessary to prove the items were delivered to your consumer’s address or the address where they wanted items shipped.  Print these confirmations out when items are received. If you ship USPS, note that they only keep delivery confirmations for six to twelve months.

7.  If you receive a chargeback notice, don’t ignore it.  Fight it immediately.  Pull together your documentation and go after it.  You can win if you have the documentation and the backup to prove it’s valid.  Take a look at the reason code to help you fight it better.  If the reason is items never received, show the shipping confirmations and you’re one step ahead.

8.  Consider having two checking accounts at your bank – one for merchant deposits only and one for operations.  In the event you have a large chargeback, it doesn’t hit your operations checking, it hits your merchant checking.  Keep your merchant checking account balance low just in case.

You might have guessed by now that I was recently subjected to a chargeback.  Actually four chargebacks.  It started with two – one from January and one from April.  They were both American Express, and given what I’ve heard about AmEx, I was afraid I would lose them. Luckily, I had enough documentation that I won the first round.  Then the consumer opened them again, this time with a different reason code. These are still in process. And the monies came in and went out of my account a number of times, and in total, between phone calls, documentation and letter writing, I’ve spent about 20 business hours so far fighting them.

Based on what I’ve learned, I’ve made some changes.  We don’t charge a credit card without written authorization. The authorization is clear about what it is for, and the return policies are crystal clear and noted in a couple of places.  It’s my hope that this article prepares you for the possibility of fighting a chargeback and gives you the knowledge to have documentation which will make you successful.

$1.73 Pending Ghost Charge exposes Merchant Fraud

Merchant fraud is not something you would necessarily relate to a Sunday afternoon lunch with your family.  Seems like I’m up to my eyeballs lately in credit card fraud of one type or another, and I guess by now I shouldn’t be surprised when fraud sneaks into my happy moments and gives me something else to deal with yet it never ceases to surprise me when it happens.

While at lunch with my 16-year-old son, he said his car’s engine was sputtering a little when it started and having trouble turning over.  We immediately suspected the starter or alternator, so we drove over to the closest auto parts store for a diagnosis.  Indeed, the starter was the culprit, so out pops my Amex to pay for a new one.

When you purchase a starter, in addition to the charge for the part itself you are charged what’s called a core charge.  A core charge is when the auto parts store charges you what is essentially a deposit on the piece of the part that requires recycling, and the store refunds you the core charge when you return the defective part.  My son and I agreed he would return the starter when he replaced it in his jeep, and the other night called me to tell me he had indeed done what he agreed to do and asked me if he got the credit or I did.  (Teenagers! Really son? Who paid for the part in the first place?  But I digress…)

So after our call, I logged in to my Amex to see if the credit had hit, but there was nothing there.  Usually, credits aren’t pending, they just hit once they are processed.  But in the pending area of my charges, there were two really weird transactions.  One for $1.73 from a hardware store in Seattle; the other, $9.65 from a home medical supply company in Lincoln, Nebraska.

Uh-Oh.  Someone’s got my Amex again.  I am a dutiful cardholder and watch my account like a hawk, and I KNOW that I haven’t been in Washington or Nebraska, so I call Amex to report the fraud.  Here’s where things get weirder.

The Amex rep says that neither charge was done with a real card, and there is a $9.65 charge and a credit, but the $1.73 is just an authorization.  Why would someone steal my credit card info and then make a charge AND a credit moments later?  And why charge my account for such little amounts?  Usually, you hear about big fraud – $1,500, $5,000, or some obnoxious amount of money that is obvious.  Amex’ stance is that it’s pending and since it has been refunded the charges will never hit my actual statement.  Pay attention to that fact – a pending charge that has been charged and refunded will never hit the cardholder account.  So it’s a ghost charge that doesn’t hurt me now, but more importantly, it doesn’t leave any trace that the charge even happened after a few days.

So I decided to call the two merchants that have charged my card.  I’ve never done that before, but I looked them up based on my pending charges and gave them a call.  The hardware store in Seattle was pretty frustrating.  “Ma’am, there’s just no way we processed your card.  All of our cards are processed in person, we don’t do any sort of on the phone transactions at all. There’s no record of any charge in our system for that amount.”  I was given over to a manager who said that while they did do internet business, it was from their parent company who processed everything at the headquarters level.

The home medical company, who I got to the next day, was more helpful, probably because a day or so had gone by and there were other credit card holders calling them as well.  Apparently, I was one of a few hundred that had a charge from them on their pending charges.  The local office gave me to accounting, and I spoke with a lovely woman who knew exactly what had happened.

There are two thefts going on.  Thieves had obtained the merchant ID processing numbers and either programmed machines or created fraudulent virtual terminals to run stolen credit card numbers. This is the merchant fraud. There are a number of articles out there about protecting your terminals in your office but none that I could even find about this type of theft.  Then they ran my stolen Amex number to see if it was a good number, and by running a charge and a credit they guaranteed they had a good number.  But since the charge would negate and never hit my account, I would never see it.  It would be a ghost.  Bingo.  Credit card fraud.  Two for the price of one.

I was telling this story in my office, and someone asked, why would they steal a merchant ID and program a machine?  What is the point of merchant fraud?  The money would not be deposited into the thieves’ accounts – it would be deposited in the unsuspecting merchant account.  This is true.  However, the thieves weren’t after the first deposits of the fraudulent charges, which is why they returned them.  They were after checking the card numbers that were stolen to see what they could charge later.

And the little amounts?  Often charges are done under $10 the first time because so many people don’t actually look at the detail of their bill until the end of the month, and who worries about $10?  It’s not till they hit in the hundreds, or thousands of dollars until someone pays attention.

Unfortunately, there’s no way to know how the thieves got the merchant accounts in the first place.  If you’re a business and you take credit cards, you have a merchant number, which opens you up to merchant fraud.  The number is usually 16 digits like a credit card number.  It’s printed on the top of any merchant statements you receive and sometimes listed on the deposit line of your bank account statement.  It’s also online when you log in.

The bottom line is that we are all trained to protect our credit card numbers as consumers, but this is the first time I’ve seen or heard of merchant numbers being stolen.  I guess it goes to show that as our lives get more technical, so does the crime.

My advice would be for a business to protect their merchant numbers as they would their federal ID number and company credit card numbers.  And consumers need to make sure they’re checking their credit card accounts regularly for pending charges.  Waiting until the end of the month when the paper statement arrives won’t necessarily show you all the transactions that have been done on your account.