EcommerceBytes-Update, Number 105 - October 19, 2003 - ISSN 1528-6703     3 of 8

Chargebacks and Fraud Prevention for Merchants

By Yisroel (Izzy) Goodman

Email This Story to a Friend

Some sellers believe that if they accept credit cards, they must accept every customer chargeback. I can state for a fact that this is not true. In my first year of selling on the Net, I had three chargeback attempts. I disputed and won all three. So I have reason to believe that merchants who use common sense have little reason to worry.

  • Do not accept credit cards from outside the U.S. unless you know your customer. There is NO protection for foreign sales. I insist that foreign buyers use Bidpay or Payingfast, and I pay part of the fee. I do make an exception for some Canadian cards.

  • Always do address verification (AVS) and CVV. Any good merchant account gives you the ability to check that the address given matches that of the cardholder. Occasionally, a customer will ask you to ship to their work address or a relative. Be very careful, because doing so means you will have NO protection from a chargeback. I once was asked to ship to a work address. I decided to call the company and check that the customer really worked there. I discovered that he didn't. The company was a freight forwarder. They had been hired by the customer to accept all packages and forward them to Russia. Had I shipped the order, I would have been hit with the chargeback when the genuine cardholder disputed the charges.

CVV is the 3-digit code that appears on the back of most Visa and Mastercard cards. Amex uses a 4-digit code. This code does not appear on receipts or invoices. A merchant is forbidden from storing it with the order. So a hacker who gets stolen credit cards off the Internet will rarely have this information. It is a good indication that the person placing the order has physical possession of the card.

  • Get the phone number of the customer and the issuing bank. Use services like and Google; enter a phone number and they come back with the name and address. Though these are far from complete and a non-match is not an indication of fraud, a match to a completely different address is a pretty good sign that something is amiss. You can call the bank that issued the card and report discrepancies.

  • If possible, do not have transactions go through automatically. I feel safer having the orders come to me first, and I decide which to process. One Web site owner told me how overnight, 8,000 transactions were made with stolen credit cards. He was charged for every attempt, even the ones that failed (there is a fee for just attempting a transaction), to the tune of about $2,600. Since my site does not process orders automatically, a scammer gets no feedback to tell him if a card was accepted or not.

  • If possible, log every attempt to use a card on your site. I can see how many attempts someone makes to place a credit card order. Sometimes what looks like a valid order comes through, and then I see that the person tried several times, changing the credit card number between each attempt.

  • Put Sales Terms on your site and in your auctions. If you have no sales terms on your site, the issuer is free to make up their own. These usually mean that customer can charge back anything at any time for any reason. If your terms are too restrictive, the issuer can decide that they violate the legal protection given credit card customers. I have seen sellers post in their eBay auctions and on their Web sites very forbidding terms that basically state "all sales final." This is too restrictive for credit card sales, particularly those made when the card was not physically present. Issuers will only uphold sales terms that are reasonable. You should specify something that spells out:

  • How long the customer has to report a problem. You don't want a customer returning something to you months later.
  • Whether your warranty is refund or replacement.
  • Whether your warranty covers D.O.A. only, defect or any damage. Can a customer return an item that is physically broken several weeks after purchase and expect a refund?

My own sales terms evolved. As my business grew, so did some of the outrageous claims customers made. I kept adding paragraphs to my terms to cover these situations. Eventually, the terms became long and unwieldy. I then decided I really didn't want to scare away prospective customers with terms that resembled a contract for a second mortgage. So I added a leading paragraph which stated we had a reasonable warranty and expected our customers to be reasonable as well. For the benefit of those customers who "played lawyer on the Internet," we had prepared this lengthy document to make them happy. Everyone else was free to skip it.

We treat all our customers and all purchases the same, whether or not a credit card was used to make the purchase. In the rare event that someone has a complaint about a product we sold and the problem was reported in a reasonable amount of time, we will replace it. If the replacement doesn't work (which we feel indicates a problem with the customer's equipment, since we wouldn't stay in business if we sold junk), we will refund. When we get the occasional complaint that a printer cartridge didn't work, we replace it. If the replacement doesn't work, we refund.

It doesn't make a difference what form of payment was used. The cost of a chargeback is measurable. The cost of an unhappy customer, perhaps telling many others that he was ripped off, is not.

About the author:

Yisroel (Izzy) Goodman owns Complete Computer Services Inc. and sells electronics and ink cartridges online. His Web site contains articles about creating web sites, using HTML and ASP, obtaining a merchant account, payment service ratings, and avoiding fraud. His informed opinions are based on his own experience and from reading about others' experiences with payment services as well as discussions with users, representatives of the services and experts in the field. (Note: He is not affiliated in any way, directly or indirectly, with any payment service.) He can be reached by email at

You may quote up to 50 words of any article on the condition that you attribute the article to and either link to the original article or to
All other use is prohibited.