Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

When a fraudulent credit card CNP (Card Not Present) transaction is made, mercha

ID: 656290 • Letter: W

Question

When a fraudulent credit card CNP (Card Not Present) transaction is made, merchant is liable for the chargeback.

For that reason, our company implemented a policy where we ask a photo of customer's card only showing the last 4 digits before we clear the payment. We ask them to send it via email which I think is a security risk because it could be unencrypted.

Our company provides electronically delivered financial services. So we only ask for billing address, we never deliver physical goods.

What's the better approach of verifying card ownership? (complying to PCI-DSS)

Explanation / Answer

I would suggest implementing Verified by Visa and Mastercard 3DSecure.

Ask your acquirer about enabling these services on your merchant account. Those 2 services will shift the liability to the customer provided that the correct VbV/3DS password/OTP authentication passed.

You could also select to reject cards that do not have VbV/3Ds enabled, or you could pass those transactions and take the chargeback risk.

If the financial services you provide only are "useable" in a specific country due to laws and such, I would suggest putting a geoIP lock on your site, and also ask your acquirer (or set it up in your merchant Control panel if they provide such facility) to lock so only cards issued in country X is accepted.

If you also want to use AVS (Address Verification System), I would suggest the user has to enter their billing address at sign-up, then you send a physical snail-mail with a one-time code required to activate account. Then only this billing address can be used. Changing of billing address deactivates account and sends a new snail-mail code to the new address. This also both adds convenience to the customer (he does not need to enter his billing address all the time), auditability (you have a real address for the customer to give to the police in case of fraud), and security (since the address is both verified by snail-mail and against the credit card).

Related Questions

When a diamagnetic object is placed near one pole of a strong magnet, the object
Question #2097374
When a dielectric material is introduced between the plates ofa parallel plate c
Question #1736951
When a disk rolls on a surface without slip, the velocity of the point of contac
Question #1853864
When a distribution of scores is normally distributed, 15.87% of the scores in t
Question #3049984
When a distribution of scores is normally distributed, each score can be assigne
Question #3049991
When a disulfide linkage is formed, the compound containing this new linkage has
Question #511871
When a diver jumps into a lake, water leaks into the gap region between the dive
Question #1300346
When a diver jumps into a lake, water leaks into the gap region between the dive
Question #1497717
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
When a force is applied to an object with mass equal to the standard kilogram, t
Next
When a fresh, uncooked beef roast is sliced into two, the surface of the meat fi

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.