Taking transactions over the Internet can be profitable but it 
can also bankrupt a small business. Accepting online transactions 
means accepting additional responsibilities as a merchant. These 
responsibilities include knowing and understanding your risk 
exposure and your liabilities.

You are 100% liable for all losses sustained. And, if there is an 
excessive amount of fraud or unauthorized transactions through 
your merchant account, your fees and discount rate could be 
raised, your funds could be held, or your merchant account could 
be closed. Be aware that authorization codes only mean that the 
cardholder has funds available for that transaction and does not 
verify the sale.

When possible, also use CVV2 (Card Verification Value). Ask the 
customer for the CVV2 information on the back of the credit card. 
If that person cannot supply you with that information, that is a 
sign that you may not be dealing with the actual cardholder.


Be Aware of High Risk Countries

When receiving an order from an International country it is 
recommended that you obtain the card issuing bank information to 
verify the legitimacy of the person giving you the credit card. 
Indonesia, Nigeria and other areas of Africa, and Singapore are 
the highest risk areas for accepting credit card transactions as 
most fraud is generated through these areas.


Minimize Risk

To help minimize your risk exposure, take the time to learn about 
AVS (Address Verification System) if your merchant account is set 
up with this feature. If the address does not match, you may not 
want to ship any product without verifying through the card 
issuing bank.

Also be aware that AVS does not work with International 
addresses. Always check the AVS response codes.


Best Practices

Be alert for transactions with several of the following 
characteristics:

 * First time shoppers
 * Larger than normal orders
 * Orders consisting of several of the same items or orders 
   composed of big ticket items
 * Orders shipped "rush" or overnight
 * Shipping to International addresses
 * Transactions on similar credit card numbers
 * Orders shipped to a single address but made on multiple 
   cards
 * Multiple transactions on one card or multiple cards with 
   a single billing address but multiple shipping addresses.


Ask the customer for the preprinted numbers above or below the 
first 4 embossed account numbers, name of the card issuing bank 
and for the customer service phone number on the back of the 
credit card. If they cannot provide this information, more than 
likely this is not the actual card holder.


Site Data Requirements

Card Associations have mandated that merchants, who store account 
holder data (account information, cardholder information, and 
transaction information) in an electronic commerce environment, 
keep this information in a secure manner. This is to ensure that 
merchants are adequately protected against hacker intrusions and 
account data compromises.

Hacker break-in's can have potentially dangerous consequences on 
merchants. There could be a disruption in your merchant service 
and loss of consumer confidence with your business.

 * Do not store CVV2 information.
 * Destroy all unnecessary data.
 * Use Network Security tools to protect website (firewalls). 

Scott Burke; President of iMAX Business Solutions in 
charge of sales, strategy, and execution and thus is 
responsible for managing all aspects of the company's 
marketing, communications, new accounts, and support. 
scott@cmscreditcards.com
http://www.cmscreditcards.com/