sign in sign up
<<
Home , Chargeback, Dispute (credit card)

Your Merchant Facility and Managing Risk How to Minimise Disputes, and Fraudulent Transactions

We want to help you get the most out of your merchant facility and provide a secure and convenient method for you and your customers. This guide will provide you with information to assist in understanding disputes, chargebacks and fraud risks associated with operating a merchant facility.

Dispute This request from the customer’s bank is only for information / documentation, it is not for value. What is a ? Below are some of the reasons why a cardholder or Issuing Bank will initiate a dispute: Dispute is a term used when a merchant’s customer (cardholder) queries a transaction appearing on their • Transaction not recognised; card statement. The merchant will receive a letter from • Goods or services were never received; BOQ advising details of the disputed transaction and the information required by you to provide back to • The cardholder did not authorise the transaction BOQ within a set timeframe. (card not present – fraudulent); or • A transaction was processed twice by the merchant.

DISPUTE CYCLE Issuer Acquirer (Cardholder’s) (Merchant’s) Bank Bank

Customer Merchant

2. 3. Issuer sends a ‘retrieval Acquirer bank receives the request’ to the Acquirer bank ‘retrieval request’ and sends electronically asking for a letter to thet advising of more information on the the dispute and requesting disputed transaction. more information as per card 1. scheme rules. 4. Cardholder Merchant has disputes 7 days to return the transaction. requested information back to their Acquirer bank to avoid any future .

Acquirer 7. (Merchant’s) Issuing bank will: Bank

a. resolve with the Issuer cardholder and no further (Cardholder’s) action is taken; Bank

5. OR Acquirer bank sends the information electronically back to b. commence the 6. the card holder’s bank. chargeback process Cardholder’s bank assesses (refer to chargeback cycle: the additional transaction step 1). information and makes a decision. How does the dispute process work? Chargeback timeframes The card schemes (Visa and MasterCard) have set rules Chargebacks can take place up to 180 days from the for all members (Card Issuers & Merchant Acquirers) date of the transaction being disputed. globally to follow. What are the most common chargebacks? Dispute process steps: Transaction not recognised by cardholder 1. Cardholder contacts their Bank advising an issue with a transaction appearing on their card Definition: The cardholder (merchant’s customer) statement or the Issuing Bank (Issuer) will set in contacted their Bank (Issuer Bank) to lodge a dispute motion the dispute process when a counterfeit card stating that they did not recognise a particular has been used; transaction appearing on their card statement. This means they do not recognise the merchant’s 2. The customer’s Issuing Bank creates and sends name and/or location. a ‘retrieval request’ to BOQ requesting more information from our merchant on behalf of The ‘retrieval request’ (dispute) did not resolve the their customer; issue. The cardholder’s bank creates and processes the chargeback to the merchant via BOQ (i.e. the card 3. BOQ sends you, the merchant, a letter requesting transaction is reversed and your nominated account is specific information / documentation to assist with debited with the amount of the sale). your customer’s investigation;

4. You are required to respond back to the address Hints on how to minimise this type of provided on the ‘retrieval request’ letter within the chargeback stated timeframe; Where possible always respond to a ‘retrieval 5. BOQ will assess to ensure the request for request’ with the required documentation. This will information / documentation has been fulfilled automatically reduce the number of chargebacks where by you and will send this back to your customer’s the cardholder does not recognise the merchant’s Issuing Bank; name and / or location; and 6. The customer’s Issuing Bank assess the information The merchant’s name is the single most important provided and contacts the cardholder regarding the factor in the cardholder’s recognition of the transaction received information; and appearing on their card statement. Therefore it is critical that the merchant name, while reflecting the 7. Both your customer’s Issuing Bank and your merchant’s ‘Doing Business As’ name, also be clearly customer make a decision to either accept the identifiable to the cardholder. The merchant will need transaction charge or proceed with a chargeback. to supply more information around their merchandise, Chargeback location and items the cardholder purchased. Goods / Services not provided by Merchant What is a chargeback? Definition: The cardholder (merchant’s customer) ‘Chargeback’ is a term used when a card transaction contacts their Bank (Issuer) to lodge a dispute advising is reversed and your nominated settlement account is merchandise / service had not arrived from the debited with the amount of the sale. merchant by the expected delivery date. Generally, if a cardholder disputes a transaction and The ‘retrieval request’ (dispute) did not resolve the you don’t have sufficient evidence to show that the issue and therefore the cardholder’s bank creates a cardholder authorised the transaction, then you will chargeback to the merchant via BOQ (i.e. the card be liable for the chargeback. For this reason, it is transaction is reversed and your nominated settlement important that your business keeps good records to account is debited with the amount of the sale). enable adequate investigation of any card transaction dispute and to assist with reduction of the risk of unnecessary chargebacks occurring. The most common reasons for chargebacks include: • Customer disputes; • Fraud; and • Processing errors by either the merchant or their Bank. Hints on how to minimise this type of Hints on how to minimise this type of chargeback chargeback Goods / Services delivered: Cardholder did not recognise the merchant’s name: • Send to BOQ evidence of the delivery, such as a • The merchant’s name is the single most important delivery receipt signed by the cardholder or a carrier’s factor in the cardholder’s recognition of the confirmation that the merchandise was delivered to transaction appearing on their card statement. the correct address Therefore it is critical that the merchant name, while reflecting the merchant’s ‘Doing Business As’ Delivery date has not expired: name, also be clearly identifiable to the cardholder. • Send a copy of the transaction receipt to BOQ The merchant will need to supply more information pointing out that the delivery date has not yet expired around their merchandise, location and items the cardholder purchased. Delayed delivery of merchandise: Cardholder did not authorise or participate in the • If the delivery of the merchandise is to be delayed, transaction – fraudulent / counterfeit transaction: notify the customer of the delay and the expected delivery date. As a service to your customer, provide • Where possible the merchant should obtain the CVV2 the customer the option of proceeding with the from the cardholder (the 3 digit security number on transaction or cancelling it. Send copies of this the back of the card) – this helps validate that the correspondence to BOQ for assessment. customer is in possession of the card at the time of an order (it still however, might not mean the genuine Cardholder did not authorise – card not present cardholder is the one making the purchase); (Mail Order / Telephone Order - MOTO) transaction • Be aware of urgent requests for quick or overnight Definition: The cardholder (merchant’s customer) delivery from the customer, as it can be a sign for contacted their Bank (Issuer Bank) to advise they did possible fraud; not authorise a ‘card not present’ (MOTO) transaction • Be aware of customers who are ordering above your appearing on their card statement. There could be usual transaction size and don’t care about additional several reasons for not recognising the transaction: costs that may be involved; • Cardholder did not recognise the merchant’s name as • Customer has asked for goods to be delivered to a it is different to the shop name; or Post Office box. • Cardholder did not authorise or participate in the transaction. Credit not processed by merchant The ‘retrieval request’ (dispute) did not resolve the Definition: The cardholder (merchant’s customer) issue and therefore the cardholder’s bank creates a contacts their Bank (Issuer Bank) acknowledging chargeback to the merchant via BOQ (i.e. the card participation in a transaction for which goods were transaction is reversed and your nominated account is returned or services cancelled, but the credit has not debited with the amount of the sale). appeared on their card statement. The ‘retrieval request’ (dispute) did not resolve the NB: An authorisation obtained on a fraudulent issue and therefore the cardholder’s bank creates a / counterfeit card only confirms that the funds chargeback to the merchant via BOQ (i.e. the card were available at the time of the transaction. This transaction is reversed and your nominated account is authorisation does not confirm that the cardholder debited with the amount of the sale) is the one making the transaction and therefore can result in a chargeback to the merchant, and at Hints on how to minimise this type of times, the loss of either goods or services. chargeback • Always refund a sale value to the same card that the transaction was originally processed on, and retain evidence of the refund processed. • Never process a refund, direct to a , by cash or by other means. Cancelled Recurring Transaction Chip card processing Definition: The cardholder (merchant’s customer) A card which has a microchip embedded means contacts their Bank (Issuer Bank) to notify that they the card contains security data and software which have cancelled a recurring transaction however it is provides greater protection for you and the Bank still appearing on their card statement. against fraudulent or counterfeit activity. The ‘retrieval request’ (dispute) did not resolve the There are only two (2) ways to process a chip card issue and therefore the cardholder’s bank creates a through your terminal: chargeback to the merchant via BOQ (i.e. the card • ‘Paywave’ and ‘Paypass’ / Contactless Transactions; transaction is reversed and your nominated account and is debited with the amount of the sale). • Dipping the card into the merchant terminal. Hints on how to minimise this type of chargeback • Always process the cancellation in a timely manner. Protection of PIN Entry • Send notification to the cardholder advising the Encourage the cardholder to cover the PIN pad when cancellation request has been processed. entering their PIN to prevent the possibility of sighting by a third party. Fraud / Counterfeit Cards / Skimming How to safeguarding against skimming What is a fraudulent transaction? EFTPOS skimming occurs when a customer’s card and/ or PIN data is illegally copied with the intent to create A fraudulent transaction occurs when a card account counterfeit cards or use compromised card data to is used through the theft of the account holder’s card conduct unauthorised transactions. number and card details. This can occur in several ways: Criminals will look to either compromise your EFTPOS • Stolen / lost card; and terminal or replace your EFTPOS terminal with a similar • Counterfeit cards (mainly created via skimming). looking terminal they have already compromised. The following checks should routinely occur to assist NB: An authorisation obtained on a fraudulent identify if your terminal has been compromised: / counterfeit card only confirms that the funds were available at the time of the transaction. This • Ensure the Merchant ID (MID), Terminal ID (TID) and authorisation does not confirm that the cardholder trading name on the receipt has not changed; is the one making the transaction and therefore • Confirm that the make, model and serial number can result in a chargeback to the merchant, and at (located on the back of the terminal) of the EFTPOS times, the loss of either goods or services. terminal has not changed; • Confirm the terminal location hasn’t changed; Hints on how to minimise fraudulent transaction • Confirm the condition of the terminal has not changed: • Where possible for all MOTO transactions obtain the −−Is not damaged or appears to have been tampered CVV2 3 digit number with; • Recognise suspicious orders, such as: −−Cables are not missing or additional cables added; and −−Transaction requests that are above your average purchase value; −−Increase or decrease in number of stickers on terminal or the colour of the terminal is slightly −−Delivering to overseas addresses; different. −−Customers who do not care what the value of the • Ensure the area surrounding the EFTPOS terminal is purchase is or additional costs (such as shipping / clear to reduce the ability to hide cameras. postage); −−Delivery to post office boxes; −−Rushed request where the cardholder advises they needed to goods immediately; −−Customers using more than one (1) card to purchase the goods or services. Hints on how to minimise this type of NB: Verifone is BOQ’s 3rd Party Terminal Provider. chargeback There is a set process in place regarding a Verifone technician visit to your site. Verifone technicians Where possible always respond to a ‘retrieval will always: request’ with the required documentation. This will automatically reduce the number of chargebacks where • Make contact prior to their visit, and should never the cardholder does not recognise the merchant’s attend your site unannounced; name and / or location; and • Ask for the nominated contact when arriving at −−The merchant’s name is the single most important the merchant site; and factor in the cardholder’s recognition of the • Show their identification immediately on arrival at transaction appearing on their card statement. your site. Therefore it is critical that the merchant name, while reflecting the merchant’s ‘Doing Business As’ If you believe your terminal may have been name, also be clearly identifiable to the cardholder. compromised or are suspicious of receiving fraudulent The merchant will need to supply more information / counterfeit information please contact the Merchant around their merchandise, location and items the Help Desk on 1800 700 226 and select option 3. cardholder purchased.

Chargeback Goods / Services not provided by Merchant Definition: The cardholder (merchant’s customer) What is a chargeback? contacts their Bank (Issuer) to lodge a dispute advising ‘Chargeback’ is a term used when a card transaction merchandise / service had not arrived from the is reversed and your nominated settlement account is merchant by the expected delivery date. debited with the amount of the sale. The ‘retrieval request’ (dispute) did not resolve the Generally, if a cardholder disputes a transaction and issue and therefore the cardholder’s bank creates a you don’t have sufficient evidence to show that the chargeback to the merchant via BOQ (i.e. the card cardholder authorised the transaction, then you will transaction is reversed and your nominated settlement be liable for the chargeback. For this reason, it is account is debited with the amount of the sale). important that your business keeps good records to enable adequate investigation of any card transaction Hints on how to minimise this type of dispute and to assist with reduction of the risk of chargeback unnecessary chargebacks occurring. Goods / Services delivered: The most common reasons for chargebacks include: • Send to BOQ evidence of the delivery, such as a • Customer disputes; delivery receipt signed by the cardholder or a carrier’s confirmation that the merchandise was delivered to • Fraud; and the correct address • Processing errors by either the merchant or Delivery date has not expired: their Bank. • Send a copy of the transaction receipt to BOQ Chargeback timeframes pointing out that the delivery date has not yet expired Chargebacks can take place up to 180 days from the Delayed delivery of merchandise: date of the transaction being disputed. • If the delivery of the merchandise is to be delayed, notify the customer of the delay and the expected What are the most common chargebacks? delivery date. As a service to your customer, provide the customer the option of proceeding with the Transaction not recognised by cardholder transaction or cancelling it. Send copies of this Definition: The cardholder (merchant’s customer) correspondence to BOQ for assessment. contacted their Bank (Issuer Bank) to lodge a dispute stating that they did not recognise a particular transaction appearing on their card statement. This means they do not recognise the merchant’s name and/or location. The ‘retrieval request’ (dispute) did not resolve the issue. The cardholder’s bank creates and processes the chargeback to the merchant via BOQ (i.e. the card transaction is reversed and your nominated account is debited with the amount of the sale). Cardholder did not authorise – card not present Credit not processed by merchant (Mail Order / Telephone Order - MOTO) transaction Definition: The cardholder (merchant’s customer) Definition: The cardholder (merchant’s customer) contacts their Bank (Issuer Bank) acknowledging contacted their Bank (Issuer Bank) to advise they did participation in a transaction for which goods were not authorise a ‘card not present’ (MOTO) transaction returned or services cancelled, but the credit has not appearing on their card statement. There could be appeared on their card statement. several reasons for not recognising the transaction: The ‘retrieval request’ (dispute) did not resolve the • Cardholder did not recognise the merchant’s name as issue and therefore the cardholder’s bank creates a it is different to the shop name; or chargeback to the merchant via BOQ (i.e. the card transaction is reversed and your nominated account is • Cardholder did not authorise or participate in the debited with the amount of the sale) transaction.

The ‘retrieval request’ (dispute) did not resolve the Hints on how to minimise this type of issue and therefore the cardholder’s bank creates a chargeback chargeback to the merchant via BOQ (i.e. the card • Always refund a sale value to the same card that the transaction is reversed and your nominated account is transaction was originally processed on, and retain debited with the amount of the sale). evidence of the refund processed.

NB: An authorisation obtained on a fraudulent • Never process a refund, direct to a Bank account, / counterfeit card only confirms that the funds by cash or by other means. were available at the time of the transaction. This authorisation does not confirm that the cardholder Cancelled Recurring Transaction is the one making the transaction and therefore Definition: The cardholder (merchant’s customer) can result in a chargeback to the merchant, and at contacts their Bank (Issuer Bank) to notify that they times, the loss of either goods or services. have cancelled a recurring transaction however it is still appearing on their card statement. Hints on how to minimise this type of chargeback The ‘retrieval request’ (dispute) did not resolve the issue and therefore the cardholder’s bank creates a Cardholder did not recognise the merchant’s name: chargeback to the merchant via BOQ (i.e. the card • The merchant’s name is the single most important transaction is reversed and your nominated account factor in the cardholder’s recognition of the is debited with the amount of the sale). transaction appearing on their card statement. Hints on how to minimise this type of chargeback Therefore it is critical that the merchant name, while reflecting the merchant’s ‘Doing Business As’ • Always process the cancellation in a timely manner. name, also be clearly identifiable to the cardholder. • Send notification to the cardholder advising the The merchant will need to supply more information cancellation request has been processed. around their merchandise, location and items the cardholder purchased. Cardholder did not authorise or participate in the transaction – fraudulent / counterfeit transaction: • Where possible the merchant should obtain the CVV2 from the cardholder (the 3 digit security number on the back of the card) – this helps validate that the customer is in possession of the card at the time of an order (it still however, might not mean the genuine cardholder is the one making the purchase); • Be aware of urgent requests for quick or overnight delivery from the customer, as it can be a sign for possible fraud; • Be aware of customers who are ordering above your usual transaction size and don’t care about additional costs that may be involved; • Customer has asked for goods to be delivered to a Post Office box. Fraud / Counterfeit Cards / Skimming How to safeguarding against skimming EFTPOS skimming occurs when a customer’s card and/ What is a fraudulent transaction? or PIN data is illegally copied with the intent to create counterfeit cards or use compromised card data to A fraudulent transaction occurs when a card account conduct unauthorised transactions. is used through the theft of the account holder’s card number and card details. This can occur in several ways: Criminals will look to either compromise your EFTPOS terminal or replace your EFTPOS terminal with a similar • Stolen / lost card; and looking terminal they have already compromised. • Counterfeit cards (mainly created via skimming). The following checks should routinely occur to assist identify if your terminal has been compromised: NB: An authorisation obtained on a fraudulent / counterfeit card only confirms that the funds • Ensure the Merchant ID (MID), Terminal ID (TID) and were available at the time of the transaction. This trading name on the receipt has not changed; authorisation does not confirm that the cardholder • Confirm that the make, model and serial number is the one making the transaction and therefore (located on the back of the terminal) of the EFTPOS can result in a chargeback to the merchant, and at terminal has not changed; times, the loss of either goods or services. • Confirm the terminal location hasn’t changed;

Hints on how to minimise fraudulent • Confirm the condition of the terminal has not transaction changed: • Where possible for all MOTO transactions obtain the −−Is not damaged or appears to have been tampered CVV2 3 digit number with; • Recognise suspicious orders, such as: −−Cables are not missing or additional cables added; and −−Transaction requests that are above your average purchase value; −−Increase or decrease in number of stickers on terminal or the colour of the terminal is slightly −−Delivering to overseas addresses; different. −−Customers who do not care what the value of the • Ensure the area surrounding the EFTPOS terminal is purchase is or additional costs (such as shipping / clear to reduce the ability to hide cameras. postage);

−−Delivery to post office boxes; NB: Verifone is BOQ’s 3rd Party Terminal Provider. −−Rushed request where the cardholder advises they There is a set process in place regarding a Verifone needed to goods immediately; technician visit to your site. Verifone technicians will always: −−Customers using more than one (1) card to purchase the goods or services. • Make contact prior to their visit, and should never attend your site unannounced; Chip card processing • Ask for the nominated contact when arriving at the merchant site; and A card which has a microchip embedded means the card contains security data and software which • Show their identification immediately on arrival at provides greater protection for you and the Bank your site. against fraudulent or counterfeit activity. There are only two (2) ways to process a chip card If you believe your terminal may have been through your terminal: compromised or are suspicious of receiving fraudulent / counterfeit information please contact the Merchant • ‘Paywave’ and ‘Paypass’ / Contactless Transactions; Help Desk on 1800 700 226 and select option 3. and • Dipping the card into the merchant terminal.

Protection of PIN Entry Encourage the cardholder to cover the PIN pad when entering their PIN to prevent the possibility of sighting by a third party. PCI-DSS-Protection Cardholder Websites Information BOQ suggests for further information you visit The following guidelines will assist in minimising the the below websites: risk of cardholder data being compromised, as well as assisting to protect your business against potential • www.apca.com.au liability and costs associated with investigations: • www.pcisecuritystandards.org • Always store all cardholder information in a • www.visa.com.au secure environment only accessible by authorised employees / personnel; • www..com.au/merchant • After required timeframe (12 months) destroy all cardholder information resulting in unreadable Contact Information documents, e.g. shredding; For more information please refer to your Merchant • Never accept or store any cardholder information Agreement or contact the BOQ Merchant Helpdesk on via email; 1800 700 226 and select option 3. • Never swipe or insert a card through a device other than your EFTPOS terminal which has been approved You can also visit and installed by BOQ; www.boq.com.au/merchant • Never sell, buy or exchange any cardholder information other than to BOQ or when legally requested; and • Never ask for or retain under any circumstance any cardholder’s PIN data.

55680 BOQS001677 V1 06/17