How to prepare your business to receive payments online
Ecommerce isn’t a fringe sales channel anymore. Online sales are expected to grow 57 percent by 2018, up to $414 billion. An ecommerce website allows your business to be open 24/7, and makes it easier to attract customers around the world. Retail, hospitality, and service are a few of the industries benefiting from the new revenue online sales offers.
Whether you are considering ecommerce for your business or are already accepting credit card payments online, following best practices can reduce your risk, save money, and improve operational efficiency. In this article, we’ll take a look at how to receive payments online by implementing four best practices to help ensure streamlined, secure, cost-effective credit card processing.
Best Practice #1: Presenting information
Make sure your customers know who you are and what you offer.
- Clearly display your contact information on every page of your ecommerce site, on shipping materials, and on all correspondence.
- Use your company name or brand as your billing descriptor, which identifies your business on the customer’s credit card statement. Make sure to use a name customers will recognize, and include a toll-free telephone number.
- Send an email confirmation immediately after an order or refund is processed. Always indicate that the card issuer may require a full billing cycle to apply a refund and that it may not immediately appear on an online statement.
- Post clear policies for billing, returns, shipping, back orders, and privacy. Be sure to include this information in the content of order confirmation emails or via a web page link.
Best Practice #2: Cardholder data
Make sure you know who your customers are, and gather the information needed to verify their payment information.
- Request complete customer information including email address, evening and daytime phone numbers, and shipping and billing addresses.
- Request all payment card information including the name as it appears on the card, the account number, card type, expiration date, and CID digits on the back of the card to establish the customer’s physical possession of the card
- Consider adding protecting by using, “Verified by Visa®” or MasterCard®’s SecureCode.” Ask your processor if these enhanced anti-fraud programs are right for you.
Best Practice #3: Protecting cardholder data
Following are best practices provided by the Payment Card Industry Data Security Standards Council™, which is responsible for the development, management, education, and awareness of the PCI Security Standards.
- Make sure your business is PCI certified.
- Make sure your payment processor is PCI certified.
- Protect stored data by using encryption to protect cardholder information stored internally, or tokenization to eliminate storage of cardholder information.
- Encrypt data sent across public networks including email, FTP, data streams, and phone lines.
- Restrict access to data on a “need to know” basis.
- Make sure any business partners such as fulfillment houses, call center, and marketing affiliates who have access to your customers’ payment information are protecting your customer’s data.
Best Practice #4: Processing orders
The following can help reduce the risk of chargebacks, and result in lower interchange fees.
- Conduct an Address Verification System (AVS) check and contact customers for order confirmation on AVS failures.
- To test card validity prior to deposit, use a “Zero Dollar Verification” (ZDF), also known as an “AVS-only” authorization. Avoid “$1.00 Authorizations”, as these may appear in online statements and confuse customers.
- Each deposit should reference one and only one valid authorization. Do not submit deposits without valid authorizations (“forced deposits”).
- Ship within seven days of the authorization or obtain a new authorization.
- Submit your deposits to your processor within two days of shipment.
- If supported by your processor, submit your authorization Transaction ID with all deposits and refunds. This prohibits forced deposits and can reduce fraud.
- Use voice authorizations as a last resort. These bypass processors’ systems and cannot be used to refute chargebacks.