Is your credit card authorization template worthless? Card absent transactions have a heavier burden of proof to prevent charge-backs, and the methods businesses use often create other risks, such as identity theft. Here are steps to protect your business to business company.
1. Never store CVV security code data; it’s against card association rules. Stored forms containing CVV, represent substantial financial risk in the event of identity theft, and potentially even jail time for failing to protect sensitive data.
2. Fax or email the sales invoice, which must include the merchant name (matching the merchant account either as company name or dba), merchant address, merchant phone, customer bill to, customer ship to, product or service details with quantity, price and description. Add a checkbox for customer to acknowledge refund and cancellation policies. Add a fill-in line with title “Cardholder Authorization”.
3. Do not ask customers to fax back a credit card authorization form. That’s right, chuck the credit card authorization fax form into the trash can. Tell customers that for security reasons, payment must made on a secure online pay page. The pay page form should include fields for the cardholder name, address, email, phone, and invoice number. Additionally, have a checkbox for the cardholder to acknowledge receipt and acceptance of refund/cancellation policy and of the invoice terms. For example, I use this: “I accept the return policy and all other terms as stated on my invoice.”
4. Image shows example of a custom secure payment page on a law firm web site. Fully configurable for your specific needs,
5. Request customers print the receipt from the online payment and the invoice. Fill in fields, sign both, and fax them back. Store the proof of delivery with the signed papers.
If the Cardholder address and ship to address are different, and this is not indicated on specifically on the invoice, have the cardholder send a supplemental document on letterhead (of the cardholder) that specifically states they’re authorizing shipping to a different address. For business to business, different addresses are common. Be aware that without acknowledged authorization of some sort, there is virtually no defense for sending product to an address different than the cardholder.
In lieu of signed papers via fax, customer replies via company email that acknowledge receipt of the invoice, and of the sales receipt with authorization code, can be used as proof to defend against charge-backs in future disputes.
Another solution which facilitates future dispute protection is electronic bill presentment & payment. In this case, the merchant invoice is delivered to a customer’s company email address, and the customer clicks and pays the specific invoice securely online. This creates a paper trail of proof that terms were presented and the customer received them since they self-initiated payment tagged specifically to the invoice. Merchants may also want to create rules that transactions over a certain amount are reviewed by an internal audit team to verify if cardholder address matches the invoice.
click through landing page for secure payment from an e-invoice
According to a recent survey, the second highest identity theft concern of customers is credit card information on paper. Eliminate the paper to reduce risk, improve customer relations, and create efficiencies for both customers and merchants. All above are guidelines which can be modified dependent upon the risk associated with the customer. For example, new customers and recurring customers may carry different risks. Domestic customers with verifiable AVS (address verification) have lower risk than international with no AVS verification capability.
Disclaimer: The information above does not replace a merchants obligation to follow all rules associated with their merchant account, card acceptance guidelines and payment card industry data security standards