Welcome to part 10 of our 12 part series – “Tell Me the Best Merchant Solution for My Business.” In this chapter of our series we will discuss the following questions: “What liabilities am I accepting by accepting electronic payments? What liabilities am I protected from by doing business with you?”
By being a merchant who accepts payments online you do have some liabilities. Let’s break down the most common liabilities that you obtain by getting the dramatically improved sales that come with accepting electronic payments.
1. Stolen Credit Card Data/Identify Theft
Your clients are placing their trust in you when they give you their payment information. Not only are they trusting you to deliver what you are selling to them as you have promised, they are also trusting you to protect them from identity theft. If you are using a good merchant services provider that offers strong encryption and only uses PCI complaint equipment and software you really have just about nothing to worry about so as long as you are following best practices. For example, all credit card data should be stored securely behind encrypted and password protected digital firewalls. You should NEVER write credit card information down and save a paper copy of it in your office, save it in your email, or save the information in a file such as an Excel file on your PC. If you do so, your customers data could easily get stolen by a crook and the net result may be 1K, 5K or 30K in identity theft that happened because of your insecure actions. If that could get traced back to you the identity theft victim could hold you responsible. So follow-best practices and use common sense. If you do that – all should be good.
2. PCI Compliance Violations
If you follow these three simple rules would should be safe from almost all PCI complaint violations:
a. Do not accept payments through old and outdated merchant equipment – in other words only use approved merchant equipment.
b. Only use the highest forms of encryption when accepting payments online – in other words only accept payments through Authorize.net or PlugNPay.
c. Store all data securely. In other words do not store credit card data in any place but within your merchant equipment or software.
3. Chargebacks
A chargeback occurs when someone makes a purchase from you and then wants a refund because they are not happy with the product or service you offered, or they claim they did not make the purchase. You are liable in both of these cases. Visa, MasterCard, American Express & Discover rules favor the end credit card user – in other words, they favor the customer. If a customer of yours reaches out to their credit card company and requests a charge back, the money is immediately debited from your checking account. The burden of proof is then on you to prove that you fully and legally deserve and are obligated to the payment. If you win the charge back – you get the money placed back in your checking account. If you lose, the money is gone forever.
How do you mitigate your risk of charge back?
Lets cover each type of charge back separately:
a. Cardback Due to an Unhappy Client
Your best way to make sure this does not happen is offer a great product or service and do what you say you are going to do – really well. Then, have a reasonable refund policy for those that would may want a refund. You can also print your refund policy on all receipts or your customers to see and keep a record of that. Lastly, if you are accepting payments via contract or online have a terms of service written up that sells your products or services “as is” and you will be in a position to win most chargebacks.
b. Cardback Due to Fraud
This happens when someone claims they never authorized the purchase. In this case, the burden of proof is on you to prove that the person that made the purchase was actually the person who owns the credit cards. The common advice in a situation like this to have almost no liability is to get a photo ID of every person at the point of check out and make sure the name on the ID, the picture of the person, and the name on the credit card all match. If not, do not accept the payment. Yet in reality, this upsets your customers becuase you are telling them you you don’t trust them. The best way to get around this for retail locations is to simply require that all of your purchases be run through the swipe or the tap and go method and that the person making a purchase enters their zip code registerd to the credit card at the point of sale. If that is done – your instance of credit card fraud will be really low. For busienss to business, ecommerce, phone order or mail order merchants the best way to protect yourself is to get a photocopy of the credit card on file, a photo ID, and a signed contract. Yet, in reality this is not practical in most situations. Your next best option is to to get a really strong anti-fraud system such as PlugNPay’s FraudTrack2 that will cross reference billing address, credit card number, name on the credit card, and zip code and make sure they all match before allowing a credit card transaction to be accepted. You can even go so far as use the automated features of FraudTrack2 to look at IP address and email address of the customer making a purchase.
Keep on reading. Our next chapter of this 12 part merchant service series will be part 11, “Can I take a line of credit out on my merchant payments? What is my interest rate? What is the approval process look like?”