Require additional information or interested in accepting card payments? Don't hesitate to get in touch. see more
These questions are designed to help you find answers to questions other customers have been asking. We suggest these answers are shared with your staff.
Please return to these pages on a regular basis as this section will be updated frequently. If you have any specific fraud related questions not mentioned here, email us at Fraudcomms@worldpay.com
Q. Why does authorisation not guarantee payment?
Q. Why do I sometimes have to call for an authorisation code?
Q. The transaction was authorised, why have I now received a chargeback?
Q. What should I do if I suspect a member of my staff has processed unauthorised refunds?
Q. How can I minimise my exposure to Fraud?
Q. What should I do if I suspect a card is fraudulent, or being used fraudulently?
Q. Why should I keep the supervisor cards/access codes secure?
Q. Why do I have to enter an access code/use supervisor’s card to process a refund?
Q. The customer wants to pay for goods using more than one card, Can they do this?
Q. Is there a list of common fraud scams available?
Q. Why should I follow the prompts on the terminal screen?
Q. Do cards have any security features that I can check?
Q. Why am I at greater risk when processing Mail Order/Telephone Order (MOTO) transactions?
Q. If the transaction is Card not present (CNP) should I let the customer pick up the goods?
Q. Delivery to a third party address, what are the risks to my business?
Q. What should I look out for when I am completing an Address Verification Service (AVS) check?
Q. Why is authorisation given if the Address Verification Service (AVS) check doesn’t match?
Q. How does MasterCard Secure Code and Verified by Visa work?
Q. Why does authorisation not guarantee payment?
A. When a transaction is authorised, an authorisation code is given by the card issuer on the basis that there are sufficient funds in the cardholder’s account at the time of the request and the card has not been reported lost/stolen. Authorisation does not confirm the authenticity of the card and/or the presenter. The introduction of chip and PIN gives comfort that the person entering the PIN should be the authorised cardholder and therefore limits your liability should the transaction be disputed.
For Mail order/Telephone order transactions Where the card and cardholder are not present you can not take advantage of inbuilt security within the card e.g. Chip or magnetic strip and you will be liable for the transaction if it is disputed by the authorised cardholder.
For e-commerce transactions – If you have implemented MasterCard Secure Code and Verified by Visa (known as cardholder authentication) providing the process is carried out correctly, your business may be protected against fraud related chargebacks ie where the cardholder denies taking part. There are a number of restrictions and you can still receive chargebacks for other reasons e.g. duplicate processing, goods not received, no authorisation etc. For further information please visit http://www.worldpay.com/support/kb/bg/authentication/auth1010.html
Q. Why do I sometimes have to call for an authorisation code?
A. Your terminal will normally provide you with an authorisation code. There will be occasions however when the terminal will prompt you to make a voice authorisation call. This is known as a referral and has been requested by the card issuer. You should always act on this prompt and make the call. For further information please visit http://www.streamline.com/customer-zone/operating-instructions/authorisation-and-referrals/
Q. The transaction was authorised, why have I now received a chargeback?
A. Even with a valid authorisation transactions can occasionally be disputed by the cardholder or the card issuer. Chargebacks can be received for many reasons and each one has specific time-limits, rules and requirements which are set by MasterCard and Visa and influence the action we are able to take. For further information please visit http://www.streamline.com/customer-zone/operating-instructions/merchant-operating-instructions-chargebacks/
Q. What should I do if I suspect a member of my staff has processed unauthorised refunds?
A. Refunds should always be made back to the card used for the original purchase, therefore a refund should generally be equal to or less than the purchase transaction it relates to. Firstly satisfy yourself that the refunds can not be matched to a corresponding purchase. If after conducting an internal investigation you identify a member of staff responsible, seek an explanation as there could be a legitimate reason. If after speaking with your employee you feel the matter merits Police involvement, or you are unable to identify the individual responsible but feel a fraud has been committed, you should consider reporting this to your local Police office. If you require further assistance, email us at Fraudrisk@worldpay.com where a member of the Fraud team may be able to provide guidance.
Q. How can I minimise my exposure to Fraud?
A. We recommend you:
- Always follow the prompts on your terminal
- Train your staff so they know what to look out for, ensure that everyone taking card payments has read the merchant operating instructions on www.streamline.com. and understands the risks involved especially if you accept transactions where the card and cardholder are not present (CNP) We also recommend you hold regular training sessions with all your staff to refresh their understanding.
- Follow your instinct: if something doesn’t feel right or the sale is ‘too good to be true’ then it probably is, act on your instincts and do not proceed with the transaction. For additional information please visit http://www.streamline.com/customer-zone/operating-instructions/merchant-operating-instructions-reducing-fraud/
Q. What should I do if I suspect a card is fraudulent, or being used fraudulently?
A. Do not proceed with the transaction or send out goods. Make a code 10 call to our authorisation centre, telephone 08457 600 500, take the second option, speak to an operator and mention you are making a code 10 call.
A. A 'Code 10' call is an additional security check that is available should you become suspicious about a transaction. This can be done at anytime, even if the transaction has been processed through the terminal and has been authorised. If you are suspicious about the card, the authenticity of the cardholder or something just doesn’t feel quite right, we recommend you make a 'Code 10' call to our authorisation centre on telephone no. 08457 600 500, select option two and speak to an operator. For further information please refer to http://www.streamline.com/customer-zone/operating-instructions/authorisation-and-referrals/
Q. Why should I keep the supervisor cards/access codes secure?
A. Refunding a transaction requires the use of the supervisor card/access code. Restricting access to this will reduce the likelihood of misuse. Unauthorised or fraudulent refunds will incur a financial loss to your business
Q. Why do I have to enter an access code/use supervisor’s card to process a refund?
A. When you make a refund on a card transaction, the amount of the refund is returned to the customer’s card account and a corresponding debit will be made to your nominated bank account. As a security procedure you can only process a refund by using the access code or supervisor’s card. Anyone who has access to the supervisor’s card/access code can make unauthorised refunds which will incur financial loss to your business, therefore the supervisor’s card/access code should always be kept secure to ensure no misuse takes place.
Q.The customer wants to pay for goods using more than one card, Can they do this?
A. No, this is known as a split transaction and against MasterCard and Visa card scheme rules. You should not allow two separate amounts on one card or two or more different cards to be used for one transaction. The general rule is one transaction, one payment.
Q. Can I process transactions by manually keying the card details? (Known as Pan Key Entry (PKE) transactions)
A. Where the card and cardholder are present, Yes but only in exceptional circumstances. Always follow the prompts on your terminal and never swipe the magnetic stripe of the card or PKE the card number into your terminal to avoid using the higher-level security features (such as chip and PIN) If you are presented with a card that doesn’t have a chip and the terminal is unable to read the magnetic stripe you can PKE the transaction into the terminal. Where the transaction is authorised you are then required to take a back up imprint using your manual imprinter.
Fully complete the voucher including obtaining the cardholder’s signature. If you are handed a Chip card and your terminal indicates that neither the Chip or magnetic stripe can be read we recommend you ask for another method of payment and give the card back to the customer.
For transactions where the card and customer are not present (CNP) you would PKE the card transaction details into the terminal by activating the ‘MOTO’ or mail order button on your terminal first. You will then be prompted to enter additional security information e.g. the Card Security Code (CSC) and the numerics in the cardholder billing address (known as Address Verification Service or AVS) the results of which will help you evaluate the risk of fraud.
Q. Is there a list of common fraud scams available?
A. Yes, please visit www.streamline.com/fraudscams2011
Q. Why should I follow the prompts on the terminal screen?
A. The prompts are there to guide you and ensure you process transactions correctly. Following these prompts will help protect your business by minimising the risk of losses caused by fraud and reduce the likelihood of mistakes.
Q. Do cards have any security features that I can check?
A. Yes, although cards can be produced with various designs there are industry standard security features that are present and can be checked. If you are handed the card and have the opportunity to check the security features we recommend you do so and provided they are correct then you can accept the card for payment. See the Card Recognition Guide for detailed security features here http://www.streamline.com/customer-zone/operating-instructions/merchant-operating-instructions-card-recognition-guide/
Q. Why am I at greater risk when processing Mail and Telephone Order (MOTO) transactions?
A. Card Not Present (CNP) transactions are considered high risk because you have no opportunity to physically check the card or meet the cardholder. Whilst the majority of transactions will be genuine this type of transaction is appealing to fraudsters whose main interest is obtaining goods that can be easily re-sold for cash. You should take extra care and consider the risks before you process CNP transactions because you will be financially liable if a transaction is confirmed as invalid or fraudulent.
Q. If the transaction is Card Not Present (CNP) should I let the customer pick up the goods?
A. Be cautious of requests to pick up goods. All goods ordered by Mail, telephone or internet should be delivered to the address given. If the customer later does insist on collecting the goods, they should produce the card. The original CNP transaction should then be refunded and a new ‘card present’ transaction processed. Be aware of requests for goods to be released to a 3rd Party e.g. taxi drivers, messengers or friends/relatives of the cardholder as these types of transactions are at higher risk of being associated with fraud.
Q. Delivery to a third party address, what are the risks to my business?
A. This information applies to all transactions. Orders where the delivery address is different from the billing address may be legitimate (for example, when sending flowers or a birthday present) but we always recommend, where possible, you deliver to the cardholder’s billing address. Be wary of last minute changes to the delivery address and requests to send goods to hotels, guest houses or PO boxes as these are at higher risk of being associated with fraud.
For mail and telephone order transactions - Although there is no guarantee of payment, delivery to the cardholder’s billing address provides comfort that the genuine cardholder is receiving the goods. There is an increased risk to your business if the transaction is later confirmed as fraud as you may be held financially liable.
For eCommerce transactions – if you have implemented MasterCard Secure Code and Verified by Visa (known as cardholder authentication) provided that the process is carried out correctly, your business will be protected against fraud related chargebacks ie where the cardholder denies taking part. You can still receive chargebacks for other reasons e.g. duplicate processing, goods not received, no authorisation etc.
A. AVS (Address Verification Service) and CVC (Card Verification Code, also known as CVV, CSC or CVV2) are additional security checks available when processing transactions where and card and cardholder are not present. By following the prompts on your terminal you will be asked to key the unique three digit code on the back of the card (CVC) and the numerics from the cardholder’s billing address (AVS). This data is matched against details the card-issuer holds in his database for the card. If the transaction is authorised you will receive a response at the bottom of your till receipt advising how much of the data matched, this will help you evaluate the potential risk of fraud and decide whether to continue with the transaction. It is important to understand that these checks are an additional security measure, and can help you make an informed decision, they do not guarantee payment.
Q. What should I look out for when I am completing an Address Verification Service (AVS) check?
A. When you process a mail or telephone order (MOTO) transaction, always activate the ‘MOTO’ or mail order button on your terminal. By following the prompts you will be asked to enter the Card Security Code (CSC) and the numerics in the cardholder billing address (known as Address Verification Service or AVS)
Provided that the transaction is authorised you will receive a response at the bottom of your till receipt advising how much of the customer data matched against information held by the card issuer. link to picture of till receipt showing results It is important to always check the results as this will help you evaluate the potential risk of fraud and decide whether to continue with the transaction. It is your decision based on the results of these checks to accept or decline the transaction. Be aware that a transaction can still be authorised, even if the AVS details do not match. For further information please visit Mail and Telephone Order Transactions.
Q. Why is authorisation given if the Address Verification Service (AVS) check doesn’t match?
A. The authorisation request is separate to the AVS check. If the card has not been reported lost or stolen and there are sufficient funds on the cardholder’s account to cover the transaction authorisation may be given, regardless of the result of the AVS check. The AVS confirms the numerics of the cardholder’s billing address (house/flat number and post code). You should always check the results, which will appear on the bottom of your till receipt. For a list of reasons and their meanings please visit http://www.streamline.com/customer-zone/operating-instructions/merchant-operating-instructions-card-not-present-transactions/merchant-operating-instructions-mail-order-and-telephone-order/
Q. Should I accept a CNP transaction if the Card Security Code (CSC) and Address Verification Service (AVS) checks do not match?
A. We pass the information entered to the card issuer for comparison with their records. The results of the comparison are then passed back to you. You can examine the results of these checks at the bottom of your till receipt. The results help you evaluate the potential risk of fraud. We recommend you do not proceed if both of these checks fail, however it is your decision, based on these results to accept or decline the transaction. For a list of the various results, meanings and suggested course of action please visit http://www.streamline.com/customer-zone/operating-instructions/merchant-operating-instructions-card-not-present-transactions/merchant-operating-instructions-mail-order-and-telephone-order/ You should be aware that there is an increased risk to your business if the transaction is later confirmed as fraudulent as you may be held financially liable.
Q. In what order to I input the numerics in the customer’s billing address when completing an AVS check?
A. The terminal will prompt you for the numerics in the postcode initially then for the other numerics in the billing address e.g. house number or flat/street number. These details are passed to the card issuer for comparison against their records. The results of the comparison are then passed back to you. For a list of the various results, meanings and suggested course of action please visit http://www.streamline.com/customer-zone/operating-instructions/merchant-operating-instructions-card-not-present-transactions/merchant-operating-instructions-mail-order-and-telephone-order/
Q. Are there any additional checks I can make to reduce the risk or fraud when taking Card Not Present (CNP) transactions?
A. Apart from the Card Security Code (CSC) and Address Verification Service (AVS) checks there are other checks you can consider making which may help to reduce the risk of fraud.
- Compare new shopper information to data you already hold i.e. has the same card or the same delivery address been used previously
- Keep records of previous fraud attempts or chargebacks and reject orders where there are matches to these records.
- If possible always try and obtain a landline number and use this to confirm the customer’s name and address by checking on public databases e.g. 192.com
- Check your records to see whether you have had a number of transactions in a short period of time from the same company, person or card number
- For a new business customer check their details on 192.com or another internet search engine.
- Check new personal customer’s details on 192.com or the electoral register. Don’t always rely on the number they have given you.
- Call the customer back (on the number obtained from 192.com) to confirm their order.
- Does your phone have ‘caller ID’, is the number for the customer the same as that already provided?
- Monitor transactions and consider applying risk scoring and alerts to flag suspect activity that merits further checks. You may be able to design your own in-house system – or ask your PSP.
- Look for patterns such as similarities between transactions and repeat use of the same shopper name, e-mail address or IP address – and investigate anything suspicious.
- Verify the shopper’s identity if you are suspicious. Test their contact details to see if they work – send an e-mail and call the telephone number. You may also ask for copies of utility bills, card statements, passport or driving licence (with any sensitive details obscured).
- Establish a fraud policy setting out what should be done if fraud is suspected and ensure that all members of your staff are trained to act.
Q.How do I check that I have MasterCard Secure Code and Verified by Visa set up on my website before I go live?
A.This should be set up as standard by your Payment Service Provider (PSP) but you can check by contacting the customer services team of your PSP and ask them to verify this.
Q.How does MasterCard Secure Code and Verified by Visa work?
A. All the information you need on MasterCard Secure Code and Verified by Visa contained in our Cardholder Authentication section here.
Q.Does MasterCard Secure Code/Verified by Visa (known as cardholder authentication) protect me from all Chargebacks?
A.No cardholder authentication will only protect you from certain fraud related chargebacks i.e. when a cardholder denies they made the purchase. Chargebacks can still be received on authenticated transactions for other reasons e.g. no authorisation, duplicate processing, goods not received, faulty goods etc.
