Say the word chargeback in a room full of Web shop owners, and you'll hear the proverbial pin drop. Chargebacksthe return of funds to a customer through the issuing bank are a headache for e-tailers.
Chargebacks should be a consumer's last line of defense against merchants, or they should be used to reverse unauthorized payments if fraud or identity theft occurs. Unfortunately, some consumers use chargebacks as their first line of defense and initiate one before going through an e-tailers customer service. Also, a consumer can commit chargeback fraud by initiating a chargeback based on false claims.
For dishonest and unscrupulous e-tailers we dont offer sympathybut honest merchants can lose both the transaction funds and the goods or services being sold. You need to invest time and money into disputing chargebacks, and you might have to pay a fee to your merchant account provider, even if the bank finds in your favor. It can take months to clear a chargeback claim.
Brien Heideman, president of Badcustomer.com believes that smaller merchants and Web shop owners are often hit the hardest as a fraudulent chargeback can damage their reputation. If you have a new merchant account, for example, you could be in jeopardy of losing that account with just one or two chargebacks.
Dealing With Negative Customers
Many e-tailers maintain their own database of negative customers. If a customer has previously issued a chargeback against you, then you might already have a system in place to prevent them from making another purchase on your site.
A new online service, called Badcustomer aims to help e-tailers, and anyone who handles Card Not Present (CNP) transactions, by offering a much larger database of bad customers to query before a sale is processed on their site.
When retailers partner with Badcustomer.com, they upload their negative customer data and in return they can query our entire database of chargeback customers, Heideman said. The benefit for retailers is that they have a much larger Internet blacklist database to query.
How the service works is simple. When a customer with a negative chargeback history attempts to checkout on your site, while the credit card is being processed, Badcustomers database is pinged. If no bad customer information matches the person trying to check-out, then the transaction goes through.
If, however, the ping results in a positive match, then the customer would be directed to Badcustomer.com where they can obtain information about chargebacks, learn why they cannot make a purchase from your site, and they can contact Badcustomer to get assistance.
Honest consumers who have submitted legitimate chargebacks in the past can be removed from the database after speaking with BadCustomer support. The company also offers advice to consumers on how to deal with e-tailers when they have a problem.
According to Heideman, the service is quite customizable so merchants can choose how much matching customer data they require before refusing a transaction.
Retailers can choose to refuse a transaction based on a number of queries. You can, for example query Badcustomer just for a matching name and e-mail address, or based on a matching name, address, state and credit card number, said Heideman. The decision-making is left up to the retailers. We simply flag customers with known chargeback histories, and the retailers decide if they want to do business with that consumer or not.
Share My Customer Data?
At a time when e-tailers are concerned with maintaining customer data integrity and meeting PCI regulations, the thought of sharing customer data may seem risky.
According to Heideman, Badcustomer meets and exceeds current PCI DSS Level 2 compliance regulations; however, since the company also houses millions of records of sensitive data from numerous third parties, the company is voluntarily creating the processes, practices and documentation necessary to be certified at PCI DSS Level 1.
"We've already undergone a review with a certified QSA consultancy, but for us the implementation of the PCI standards has been easy as it has been an ongoing process since we launched our service, said Heideman. However the 12-part PCI documentation process is taking considerably longer to complete.
It is also important to note that while customer data is shared, no single retailer or personnot even Badcustomer's own IT staffis able to view the specific information. According to the company, the database only pings a response when data is matched during a query; you cannot view a file or see any details.
Badcustomer doesn't store any credit card expiration dates and security codes. For any other stored sensitive data, Badcustomer uses AES 256 bit double-key encryption, with keys stored separately and rotated every 30 days. These are only a few of the security measures being used by the company to protect sensitive data.
Heideman said that security is a top priority for the company, and a full security measure disclosure is available to retailers interested in partnering with Badcustomer.com.
The Badcustomer database and redirection services are free to any retailer who also shares their customer chargeback blacklist.
Vangie Beal is a veteran online seller and frequent contributor to ECommerce-Guide.com. She is also managing editor of Webopedia.com. You can tweet with her online @AuroraGG.
|Do you have a comment or question about this article or other e-commerce topics in general? Speak out in the SmallBusinessComputing.com E-Commerce Forum. Join the discussion today!|
Unified Communications Buyers Guide: The Top Ten Requirements for a UC Solution This document offers an overview of the current top ten requirements to consider for a premise-based UC solution, with features called out as well...
It's Time for a Serious Talk: 3 Questions to Ask Your DNS Host About Lowering DDoS Risks It's no secret that DDoS attacks are worsening by the day. From the largest financial institutions to smaller Internet companies, everyone's a...
Breach Detection Systems Comparative Analysis: Security Value Map Targeted attacks and advanced threats are customized to infiltrate your unique IT infrastructure, evade conventional defenses, and remain hidden...
2014 Neustar Annual DDoS Attacks and Impact Report: A Neustar High-Tech Brief Dedicated denial of service (DDoS) attacks against high-tech firms have started to take a dangerous turn. It's called DDoS smokescreening —...