8

Missing Money and Solving Chargebacks

August 9, 2007

In the past few weeks, I’ve mentioned some “missing money” a few times – QuickBooks telling me I earned more this year than I could account for in my bank accounts. I think I finally found that today while going over things again and figuring out how July went (worse than May and June, better than April). Chargebacks weren’t being accounted for in one of the columns I thought they were included in on one of my merchant account statements. Totaling over $10,000 so far this year, that seems to account for the discrepancy. Still my best year yet, but it could’ve been better by that much.

I hate harping on this subject, but it’s still my primary problem. A chargeback isn’t just a lost sale but often comes far enough after the order is processed that I lose the cost of providing the services purchased as well. I already have MinFraud scrubbing every credit card transaction; those with a high score are thrown out before they hit the payment gateway, and those with medium scores get a look over before I accept them. I still miss that 7% of sales made with stolen cards somehow.

The only solution I’ve had posed when I ask people in the banking industry, and people running similar businesses, is to call every customer and verify the order before accepting it. That’s just not going to work for me.

  • I won’t call them myself – if that level of involvement in the business is required, then suddenly the perceived margins drop way below acceptable levels for me, and I’d rather not be in that business at all. I value my time, specifically my free time, too much for that.
  • There’s not enough margin to outsource calling customers on a daily basis to verify orders and still pay myself comfortably. The calls would be per order, while the profit per order isn’t substantial enough. I receive 25-35 relatively small orders on the average day, and it’s in aggregate that they become substantial.
  • Automated telephone verification – the kind MaxMind and DialVerify offer – is not a solution I can live with. I’ve been on the brink of implementing MaxMind’s phone verification several times, and already coded up a gateway for adding it to my shopping carts. But I don’t like the user experience at all – trying to force out a “billing” phone number from each customer, making them sit at a phone to place an order so they can verify it, and then the expectation that if I’m requiring a working phone number, I’m also going to answer pre-sale questions over the phone. I’m not; my goal is to be hands-off as possible. My phone number is on billing statements, but I don’t want to be selling over the phone to potential customers, or answering followups from those that just ordered and weren’t sure exactly what they were ordering, and I think I’ll be setting that expectation.

I’ve yet to have anyone I reached out to provide other advice. But I’ve come up with some of my own. Stop accepting credit cards. Only accept PayPal, like I did back when I first started targetedvisitors.info in 2004. These days, PayPal is more appealing than ever — well over 100 million accounts, and the account optional checkout process was made extremely streamlined and sleek this year. There are four main benefits:

  1. Except for customers in countries PayPal doesn’t support, there’s no real loss in payment options. With the account optional checkout being prominent and clear now, it’s simple to pay with a credit card. The only difference is the payment takes place on PayPal’s website instead of my own.
  2. PayPal takes the burden of initial fraud scrubbing, and they do it well. My reversal rate with PayPal is probably under 1%, just where it should be.
  3. If a chargeback does occur, it’s against PayPal, not me. My ability to accept credit cards on low risk sites like W3Counter (no chargebacks in its history) is kept safe, and PayPal helps fight chargebacks on my behalf since they have a stake in it too. I’ve had them win before; they can do it without a tangible item.
  4. Fraud perpetrated through PayPal is usually noticed by either PayPal or the account owner much faster than the 1-2 months it takes for credit card charges to be noticed on a consumer’s statement. Usually it happens between 1-3 days, which means if the order slipped past us all and I already started providing service, I’ve only invested a small amount into that customer so far. I can recover most of my costs by canceling the order while it’s mostly unfilled.

I’m going to think this over some more, but I’m also going to start working on the code now. I don’t want to alienate my best customers, who repeatedly order on company credit cards, so I can’t drop it altogether. The goal would be to seamlessly provide the multiple payment method checkout when an existing customer is placing an order, and streamlined PayPal-only checkout for new customers. I don’t need to change any part of the website or leave any evidence there used to be choice – simply send the customer to PayPal at the payment stage as I do now when they do choose. There are a couple reasons I think this could actually improve the bottom line:

  • The losses due to chargebacks are high enough that it would take a large increase in cart abandonment due to lack of payment options or being sent off-site to result in lower net profit.
  • I expect the complexity, inconvenience, and surprise at automated phone verification of credit card payments may cause higher cart abandonment than offering only PayPal would.
  • A streamlined checkout process with less steps, where billing information isn’t collected, and a payment option choice screen isn’t needed, means customers get from the purchase decision to payment faster, resulting in a lower abandonment rate.
  • I’ll spend less time developing new fraud screening techniques, less time reviewing orders, and less time processing chargebacks due to fraud.

By capturing the customer’s name and address from the PayPal IPN postback after payment, I can maintain the integrity of the current database while doing this. That means if I were to test it, and saw an unacceptable drop in sales due to the change, I could revert to the old checkout process without any holes in the necessary data. I would still have my merchant account, so I don’t lose the benefit of multiple processors in case I were to have a problem with one. I think this may be worth trying.

Categorized under: Business, Marketing, Security

8 comments

  1. August 9th, 2007

    Zach Holman wrote —

    I’m presuming much of this stems from the fact that you offer a service that is necessarily quick and intangible (in that you can’t recoup what you lose)? I’m probably going to head into credit card territory for the first time with a new site in the next few months, and I’ve been reading all of your issues hoping I would somehow dodge that bullet.

    In terms of PayPal… it seems like your points on it are pretty on the money to me. Amazon’s new payment service might be worth taking a look at if you haven’t already… it’s brand new, which brings with it both positives and negatives, but I’d have to think that Amazon has some pretty comparable experience dealing with transactions like PayPal.

  2. August 9th, 2007

    Dan wrote —

    I think that’s accurate. I think the closest industry is web hosting which faces many of the same problems I do with fraud. Stolen cards are being used to buy things that can be used immediately to make more money. Often it’s clearly a double hit — web hosting set up the same day advertising is bought at one of my sites, and that web hosting is used to house a phishing site, or an innocuous looking site that later has adware/trojan installers added to it once the order is approved. The infected machines remain beneficial to the fraudsters even after the cards they used are canceled.

    I am definitely following Amazon’s payment service. I tried to get into the beta but it was already filled; I waited long enough and got into the EC2 beta, so I’ll be patient for now. I’m very excited about the platform Amazon is building out, and the fact that both Google and Microsoft seem to be building out in the same direction: computing, storage, and service platforms for the rest of us to run our services on. Amazon’s FPS offers many of the same benefits as PayPal, with Amazon’s millions of customers a few clicks away from paying, and the burden of fraud screening on them, although it sounds like integration will be more difficult.

  3. August 9th, 2007

    Zach Holman wrote —

    Although they do have ample APIs and supporting documentation, from a cursory glance it seems. But yeah, Amazon in particular is getting pretty interesting. S3 is extremely interesting… a bucket-load of top sites are using it. I kind of wish I had some use for it- it looks like it can be pretty helpful.

    I think I’ll let you check out FPS first… with things like financial transaction systems I don’t mind not being the first-mover here. :) The blogosphere seems to like the idea so far though.

  4. August 9th, 2007

    Jason wrote —

    Dan, an important question is: How much of your sales come from the countries that are not supported by PayPal? Also, from my experience, those are the countries that mostly perpetuate the fraud anyways. But, I guess with a stolen PayPal account it doesn’t matter what country you come from, only what country the account is from. Hum… Chargebacks tick me off too.

    Another question. What percentage of fraud comes from clients with a low fraud score? Are most of them coming from the middle ground? Maybe you can implement the phone verification for only those with a middle fraud score?

  5. August 9th, 2007

    Dan wrote —

    I identified a fraud account with a score of 0 yesterday; MinFraud was OK with it, while I knew other indicators meant it was definitely a stolen card. I’ve also had chargebacks for as little as $1.95 — the cheapest order someone can place to test if a card is working. If I were to do phone verification, it would need to be on every credit card order.

  6. August 9th, 2007

    Roger Stringer wrote —

    The thing with Amazon’s FPS service is they only open their payment system to customers with a US credit card, for me, being in Canada, that both cuts out my participation and quite a few of my customers as well.

  7. August 9th, 2007

    Dan wrote —

    Have some patience – the program isn’t even in public beta yet. It wouldn’t make sense for them to restrict it to U.S. cards when Amazon.com, whose accounts the whole thing is based around, operates in so many countries around the world.

  8. August 9th, 2007

    Dan wrote —

    Good news for me. I got into the FPS beta. It’ll be a few business days before they approve or decline the application, and before I can finish the bank account verification step.

    9. View Comments:

Leave a Comment