Internet transactions - 'Seller Beware!'
With Watson Burton LLP Law Firm
Online shopping is big business. UK online spending is expected to top £30bn this year, and UK internet shopping sales were up 35.4% on a like-for-like basis in July from a year ago.
However, as businesses make their products available online to try to get a share of this increasing market, they must consider a new fraud risk. “Card not present transactions” is the term describing transactions where the merchant is not in physical contact with the customer and is therefore unable to ask for a signature or a PIN number to verify the identity of that customer. This increases the risk of fraud.
The main problem for internet sellers is that when they sign up with an ‘acquirer’ who will process their online transactions, they may not be obtaining the service that they believe they are.
Acquirers will authorise a transaction based on the card details provided by the customer. However, sellers must realise - and some do not - that authorisation is not authentication. Authorisation does not guarantee that the card is being used by the genuine cardholder, and it does not guarantee payment. Authorisation simply means that the card being used has not been reported lost or stolen and that there are sufficient funds available at the time of the authorisation. If the transaction turns out to be fraudulent, then the seller will have to repay the card issuer the sum ‘paid to them’ by the fraudster.
So what can the seller do to protect themselves from such liability? Internet Authentication is available but is not included in basic processing services offered by acquiring banks and payment processors.
Two systems of Authentication are ‘Verified by Visa’ and ‘Mastercard SecureCode’. These are systems which create a trust chain throughout the internet transaction, verifying the cardholders’ identity. The key benefit to sellers using either of these services is that in doing so they shift the liability in the event of a chargeback away from themselves to the card issuer. They are therefore not out of pocket if they are the victim of a fraudulent transaction.
However, many sellers do not realise that they are not protected without an authentication service until a chargeback is made by their acquiring bank. At this point, it may be too late and the seller will suffer losses unless they can recover the goods sold. Due to the skill of many internet fraudsters, this may be almost impossible.
The acquirer should advise the seller of the risks by providing a ‘Merchant Operating Manual’ when the processing system is first implemented. It is up to the seller to read this carefully in order to understand what their liabilities are. If required, the seller may wish to seek legal advice on the exact wording of agreements with acquirers and any documents provided by the acquirer pre-contract.
If you have any queries in relation to this article, or any other commercial fraud matter, please contact Tim Dennis at Watson Burton LLP (email: email@example.com).