Lincoln Jalandoni In Compliance, Merchant, Technology & Equipment

PCI DSS: A Critical Part of Fraud Protection

In today’s landscape of increasing fraud, the Payment Card Industry Data Security Standard (PCI DSS) is more important than ever for business security. Educating customers about PCI DSS can strengthen relationships and improve retention.

What is PCI DSS?

PCI DSS encompasses technical and operational requirements for security management, policies, procedures, network architecture, software design, and other protective measures. These are crucial for preventing credit card fraud, hacking, and other security threats.

Why Educate Customers?

Educating customers about PCI DSS helps them understand the value of these standards in maintaining secure payment environments. For self-education, refer to the PCI Compliance and Validation QRG. Share this resource with customers new to the topic. For those with a basic understanding, recommend the Merchant Resources page on the PCI Security Council website for deeper insights.

Importance of PCI DSS Annual Validation

PCI DSS validation is a snapshot in time. As businesses evolve, their security measures must adapt. Encourage customers to conduct periodic reviews and revalidate their compliance regularly to stay protected.

Customer Tips for Securing Payment Devices

With increased foot traffic in warmer weather, remind customers to secure their point-of-sale terminals:

Location Matters – Place payment devices in easily monitored and controlled areas.
Secure Devices – Use cable trays and securing mechanisms.
Alarm Systems – Physically secure and alarm all remote or self-service payment environments.
Routine Inspections – Maintain a list of all payment devices and inspect them regularly for tampering or substitution.
Secure Storage – Store devices securely when not in use, such as in a locked cabinet or under surveillance.
Record Attributes – Document the serial number, model, operating system, and authorized user information for each device.

Reporting Lost or Stolen Devices

If a payment device is lost or stolen, customers should:

Contact Law Enforcement – File a police report and retain it for further instructions.
Notify Premier Services – Report the incident and request the Terminal ID (TID) be deleted from the host to prevent transactions.
Replace the Device – Submit an Add Equipment Services (AES) request to replace the missing device.

Benefits of Reporting Security Events

Reporting incidents allows Elavon to evaluate the impact and take necessary actions, such as account notifications or closures, to protect personal information. Failure to report can expose businesses to reputational risks, negative press, and dissatisfied customers.

Educating customers about PCI DSS and the importance of securing their payment devices is essential in today’s fraud-prone environment. By promoting regular validation and security measures, businesses can maintain strong, secure relationships with their customers.

Jodi Goddard In Business Services, Compliance, Merchant, Partnerships, SOCi Partners

Reasons to use Integrated Payments

An integration software

Reasons to use integrated payments most people open their businesses because they are passionate about specific services or products. However, accepting payments is one of the most significant pieces to operating a business, and one of the most cost-effective ways is to take advantage of integrated payments.

Here are a few reasons to consider using integrated payments for your business.

Reduced Human Error

When data input becomes repetitive, the chance of human error increases; it takes one number difference when keying in a transaction. Using an integrated payment option eliminates the risk for you.

Safe and Secure Software

Having EMV, tokenization, and end-to-end encryption provides a higher standard of security. Tokenization takes the place of sensitive cardholder information that the issuing bank can only unencrypt during authorizations. To maintain customers’ trust, you must ensure that privacy and security are constantly updated. An integrated payment option provides customers with just that while creating loyalty to your business.

Real-Time Updates

Gone are the days of spending hours on accounting and extra trips to the bank. An integrated payment means your money will go to the correct account and update the balance within minutes unless you like waiting for checks to clear.

Cash Flow

An integrated software payments speed up cash flow meaning more money in your account is streamlined.
More ways to pay means more transactions and better cash flow. Adding online payments increases the opportunity to process transactions 24/7 whether the office is closed or customers need to make installment payments. In addition, having a more stable cash flow allows you to earn cash flow-dependent decisions such as maintenance.

Schedule with a Payment Professional by calling 866-921-2982 and find even more reasons to use integrated payments!

Check out our affiliate partner program for more information on implementing an integrated payment system combined with your software for increased revenue and growth potential.

Jodi Goddard In Compliance, Payment Processing Industry

Safe-T + Cybercrime

What do you know about Safe-T and cybercrime? Brush up on the facts with this quick read.

In 2020, data showed a record of $4.2 billion that was lost to cybercrime. The year before? It was $3.5 billion. It’s hard even to fathom that significant increase in just one year, mainly because that same report shows cybercrime incidents reported to the FBI have gone up by almost 800% since 2011, from $485.3 million to $4.2 billion.

Utah, unfortunately, is at the top of the list, 5th place to be exact, for victims of some type of cybercrime. The victims each lost an average of $9,562. In all honesty, this number is probably a lot bigger since many people are too embarrassed to admit someone who committed fraud took advantage of them.

A word of advice: don’t click on links in texts! It’s not just email that is being used for fraud. Changing passwords frequently is a good first line of defense, also, it’s ~~probably~~ best to ignore the IRS or FBI calling you with a robotic voice announcing your arrest; we all know that is probably some guy eating TV dinner leftovers and wasting his intelligence. So, don’t get outsmarted by that guy.

Now we know the cost of a scam can run if you’re the average victim in Utah, but what if it’s a breach within the business?

Now we’re talking with much higher stakes. Not only are you going to be paying high fines or retribution, but you’re also going to be paying in the reputation department.

A Solution: Safe-T

Safe-T Security Solutions provides end-to-end encryption, tokenization, and PCI breach protection. Using Safe-T as part of your payment solutions protects sensitive card data from the Point of Interaction (POI) throughout the lifecycle of transactions. Additionally, it covers customers if fraud occurs.

Let’s ensure that you have the correct level of Safe-T that corresponds with your business size to provide the utmost protection. Think of it like car insurance; it’s there for a terrible day when something comes out of the blue and knocks you sideways. You didn’t plan on totaling the car that day, risking your life, just like you wouldn’t plan a security breach and jeopardize your livelihood. You’re fine until you’re not.

You insure your health, your car, your phone, why wouldn’t you ensure that you’re doing the best for you and your customers.

Safe-T is just one example of the many solutions we offer to assist with cybersecurity, PCI, and maintaining a safe and secure payment processing system. Are you interested in other solutions? Check out THIS page or this blog post.

Jodi Goddard In Compliance, Payment Processing Industry

Stripping the Stripe

Magnetic Stripe

Electronic payments started In the early 1960s when IBM, one of the main innovators of the magnetic stripe, then allowed banks to encrypt the card information onto the magnetic tape. The magnetic stripe developed to payment terminals and EMV (chip) cards, having real-time authorization and higher security. The magnetic stripe has been a part of the electronic payment system on every card for decades.

Way back when credit cards were up and coming, it was a pain point for business owners. First, they were required to handwrite sensitive customer information. Which then turned into using a knuckle buster, a flatbed imprint that records the card data onto carbon paper. If a customer were trying to use a stolen credit card, the business owner would have no idea. Next, the credit card companies used to circulate a list of bad account numbers. Then the business owner needed to cross-compare their customers’ credit card numbers against the list provided.

Now the chip cards have microprocessors with the latest security, including near field communication, or NFC. NFC uses radio frequency identification technology (RFID) to create a wireless link. Once activated, data can transfer to the other device when a few centimeters apart. In addition, an even better method, biometric technology, is being added to the mix for another layer of security.

Homage to the History

France was the first to use a chip card in the 1960s. However, it was not well received at first and took years to catch on. The main issue was different cards wouldn’t work with every terminal, and this is what lead to the evolution to a global EMV chip technology standard. In Europe, it took until the 1990s until there was an EMV standard, which became the more preferred way to pay. The United States was very behind and didn’t adopt EMV until 2014-2015. The results speak for themselves. For instance, counterfeit fraud decreased by 87% from September 2015 until March 2019. Not only was the fraud a huge decrease, but the EMV card volume went up. In March 2019, it equaled 99%, which is inconceivable to think it was only 1.6% in September of 2015. Today EMV accounts for 86% of face-to-face transactions globally.

It’s no coincidence that more than half of Americans would strictly use a chip card over any other payment method because of the higher security. In addition, roughly 81% of Americans are cool with ditching the magnetic stripe, and 92% reported they would increase the usage of a sans stripe card.

Expedited Change

Usually, how we pay used to take years to become a universal thing (here’s looking at you, the US, with your decade-late swap to EMV) anyway, typical hasn’t been much of a thing since the pandemic started. There was a huge push for contactless payments. In Q1, MasterCard reposted 1 billion MORE contactless transactions compared to Q1 in 2020. Globally Q2 showed 45% of in-person transactions were contactless. The younger generations are increasingly willing to explore new payment options. Meanwhile, 66% of the surveyors said they would not try new payment methods in the older generation if the pandemic didn’t happen.

Full Circle

And now we’ve come full circle where the swipe is phasing out, just like the knuckle busters did, in favor of better technology. By 2024 MasterCard will not require the magnetic stripe, and while by 2033, they shouldn’t have any stripe cards in circulation. It’s anticipated that by 2027, the magnetic stripe will be put to rest in 2027 once it becomes the norm in the U.S.

It will be interesting to see what changes happen in the next few years. We know payments will always be a part of that, so join Platinum Payments and be kept up to date with any rules or regulations. Our payment professionals are trained weekly to make sure they can offer the best to their customers.

See what you can qualify for, no strings attached. 866-921-2982

Jodi Goddard In Compliance, Finance, Payment Processing Industry

Executive Order to Improve Cybersecurity in the US

White House executive order to improve nation’s cybersecurity

Who remembers back in May when President Biden signed an executive order to improve the nation’s cybersecurity? It was all about protecting federal government networks, and most people were happy with it.

This executive order is a huge and much-needed step in the right direction to strengthen US cybersecurity by removing barriers to collaboration around cyber threats, which is important for an effective cyber response.

The Executive Order makes an impressive contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur.

This order is also aggressively aiming to improve cybersecurity that is being sold to the government. Because the government can use its power to demand improvements in software security standards, they now have the goal of software vendors having established software development life cycles within the next year.

As someone in the payment processing industry, we have the opportunity to help organizations of all sizes grow with the changing technology and requirements to have greater operational efficiency. As always, we are watching to see the ripple effects in the future for electronic payments. Platinum Payments likes to stay ahead of the game and be aware of any upcoming changes to assist our clients better.

It might be time for a security check or at least changing the passwords. Get with your payment professional today to ensure that your PCI compliance is up to date keeping you and your business protected. You’re fine; until you’re not, let’s not wait until it’s too late.

Jodi Goddard In Business Services, Compliance, Finance, Merchant, Payment Processing Industry, Technology & Equipment

6 points of a secure payment gateway

Payment gateways and security will always go hand-in-hand. It is not only a requirement to be compliant, but more importantly, you are protecting yourself and your customers. So here is a quick refresher on getting back to basics.

End to End Encryption
End-to-end encryption is taking original data and turning it into ciphertext. The merchant and the processor are the only ones privy to that sensitive information preventing hackers and other fraudulent problems.

3D Secure
Think of your security, but with steroids. 3D has the consumer create a password for their credit card. From that moment on, each transaction will need to be verified with the customer. This is next-level security that everyone should be using.

Tokenization
Tokenization is swapping the digits on a card with random characters, making it a single-use transaction code. Tokens are useless to anyone who tries to decode them without the encryption key. When there isn’t anything stored, there isn’t anything to steal.

PCI DSS Compliance
In 2006, the card brands established the Payment Card Industry Data Security Standard (PCI DSS) or PCI. The rules and regulations act as guidance to assist merchants in providing secure payment solutions.

To maintain cyber defenses:

1. Only purchase and use validated payment tools at your POS or shopping cart website
2. Do not store cardholder information
3. Have a firewall on your PC as well as Network
4. Encrypt cardholder data transmission
5. Instruct your staff about security & cardholder data protection
6. Never use an open or unsecured network

Secure Socket Layer (SSL)

The SSL certificate validates a website’s authenticity and permits an encrypted connection on websites hosting payment gateways. eCommerce websites need to provide an SSL to validate their online identity and keep all sensitive information private and secured. If you were to forego the SSL certificate, you are also foregoing a good reputation and happy customers. No one will be willing to enter their private information into a site that isn’t trustworthy and has a bad reputation.

Secure Electronic Transaction Protocol (SET protocol)

Visa and MasterCard created SET, a security protocol to secure credit card payments online. The majority of eCommerce transactions are going through SET, and it’s a must for small business owners to include it in their online payment gateways.
SET uses a digital signature to collect the card information and blocks it out, preventing anyone else, including the merchant, from gaining access to such sensitive data.

We have resident specialists who focus strictly on eCommerce and can answer all of your technical questions. Shoot us a quick message today and let’s get started!

Jodi Goddard In Compliance, Merchant, Payment Processing Industry, Technology & Equipment

Password Spraying Attacks

Once upon a time, in 2019, a multinational software company took a huge hit to their security. The hackers took business documents from a shared drive by accessing their IT infrastructure by a password spraying attack, a process to expose weak passwords. According to the Data Breach Investigations Report, over 80 percent of hacking-related breaches involved either stolen (or lost) credentials or brute-force attacks.

There is no way to prevent a spraying attack but you can detect or even stop them.

Hackers security passwords spraying

What Is a Password Spraying Attack?

Typically brute force hackers will target single accounts by testing multiple passwords. Cybersecurity allows for security protocols to detect suspicious activity and locks the account. Password spraying is the flip side to that where they are using a basic password against multiple user accounts. Trying a single password on many accounts before attempting another password on the same account is a workaround for normal lockout protocols, which allows the hacker to try more passwords. For that reason, password spraying attacks are frequently successful.

Any hacker who targets a large number of usernames and works with a large enough stash of common passwords is bound to be able to compromise some accounts. In addition, hackers will target users who use a single sign-on (SSO) authentication in hopes of gaining access to credentials that will give them access to multiple systems. Once an account has been accessed in an attack, the victim typically loses temporary or complete loss of sensitive information. On a business level, that would mean disrupted operations, revenue loss, and the risk no one will trust you again after a reputation hit.

How to Detect a Password Spraying Attack

Even though countermeasures may not automatically detect a password spraying attack, one indication is a high number of authentication attempts, especially failed attempts due to incorrect passwords. Typically an attack would lead to a spike in login attempts. Hackers use automated tools to attempt thousands of logins within a short time, typically coming from a single IP address or device.

How to Decrease the Risk of Password Spraying Attacks

Require multi-factor authentication for all users.
Establish strong policies for resetting passwords after lockouts.
Attend regular user training to ensure all users understand the threat of password spraying and maintain secure passwords.
Set up alerts on the activity you see as suspicious, including single actions like a user gaining admin privileges or a sequence of actions within a specific timeframe.

It is crucial to delete successful attacks because even the briefest access could be detrimental. A sound cybersecurity protocol requires a broad, proactive approach that secures layered protection to block as many attacks as possible. Consider implementing some of these factors, or it may be time to do a review of everything.

Check out this post for ransomware what to watch for.

Jodi Goddard In Compliance, Payment Processing Industry, Technology & Equipment

Ransomware

What Do You Know About Ransomware?

Other than it’s terrifying and you pray it never happens to you.

In the Verizon 2020 Data Breach Investigations Report, the entire goal of a ransomware attack is “to disrupt operations badly enough and long enough that the organization will pay the ransom.” The average ransom in Q2 2020 was $178,254 — a 60% increase from Q1.

What Is Ransomware?

Ransomware is when a hacker has encrypted data, so the victim cannot access any systems or data until the ransom has been paid. Then and only then will they release the decryption key. While a business is frantically trying to figure out a ransomware attack under the threat of destruction or publication of sensitive information, their operations are also at a standstill.

The Challenge in Detecting Ransomware

It’s almost impossible to detect a ransomware attack fast enough to deter any damage. Hackers will use social engineering techniques, which help influence a person to act on something that might not be in their best interest. These techniques used will install ransomware and even military-grade encryption to jumble sensitive information. It’s a type of trick to build trust to make fraud easier.

Once a device or other endpoint is infected, the ransomware will start to reproduce itself throughout the network in 3 seconds on average. Typically the victim becomes aware of the attack once the ransomware has encrypted their data and the hacker demands payment.

How Did You Get That Infection?

Probably from something on this list.

Spam and phishing emails — Ransomware creators usually act as legitimate users to trick others into downloading something malicious. Having a strong email security system that verifies who sent messages and checks email attachments is extremely important.

Malicious websites — Some websites host malware and phish for sensitive information like login credentials. This requires user interaction like clicking on fake ads, social media links and entering their personal information in fake login fields. Reviewing the company browsing policies to enable safe browsing is a must for protection.

Infected removable drives — Flashdrives can have malware that will install automatically when it’s connected to a computer. Making sure your computer is running security cans of removable drives.

Malicious apps and plug-ins — Malware is bundled with software that is being shared from a third-party website. Make sure you know what you’re installing and only download software from official websites. It is also wise to have permission settings to block installs.

Types of Ransomware

Locker ransomware — This type of malware restricts access to the infected device.
Crypto ransomware — Considered the most dangerous type of ransomware, this malware blocks access to stored data and files. The user’s data is held while the hacker demands a ransom to give up the decryption key; however, paying doesn’t guarantee you will get the key.
Mobile ransomware — Mobile Ransome starts on a mobile device and then is passed on to a computer. In most cases, it will then show a message claiming that the device has been locked due to some illegal activity.

How to know if you may have ransomware

Unusual file system activity, like hundreds of failed file modifications (the ransomware attempting to access those files)
Increased CPU and disk activity for no apparent reason (the ransomware removing data files and encrypting data.)
Blocked access to certain files (ransomware encrypting, deleting, renaming, or relocating data)
Suspicious network communications (ransomware and the hacker’s server.)

Best Practices for Ransomware Detection

No business is immune to cybersecurity threats, but several best practices will reduce your risk of falling victim to a malware attack and enable you to spot attacks in progress.

Education + Employees

Education about what to do when coming across a suspicious email or link should also contain information about red flags to watch for malicious emails, such as:

Corporate-looking email accounts
Suspicious file attachments
Suspicious links
Monitoring your systems
Monitor for suspicious activity.

Things that can Help

Scanning system files for abnormal activity, such as. Hundreds of failed file modifications. Log all incoming and outgoing traffic. Define the baseline for normal user activity and proactively look for irregularities. Promptly investigate any unusual activity.

Create Honeypots

A honeypot is a lure for hackers which contains fake file repositories that look legitimate. When a hacker goes after a honey pot, it is easier for you to see the activity and remove the malware. The earlier the discovery, the faster you can protect your infrastructure from being compromised.

Software Solutions

Use a type of software with antivirus / anti-ransomware tools that will warn you of threats.

Check email content

Configure email settings to automatically filter incoming mail and block suspicious messages from entering the inbox.
Reject files with certain extensions in mail attachments, such as executable files.
Ransomware is an especially challenging form of malware to detect and protect yourself against.
By implementing some of these tips or reviewing the current settings, you can ensure the sensitive information is protected.
It is also recommended to educate employees about red flags and vulnerabilities, establishing processes and systems for preventative monitoring, and installing anti-ransomware software and tools. Organizations can effectively mitigate ransomware when employees are updated to the ever-changing types of fraud.

Hopefully, you now know a bit more about ransomware and can either implement new policies or be reminded to review the current setup.

Interested in more fraud? Check this.

Jodi Goddard In Compliance, Merchant, Payment Processing Industry

How to Avoid Chargebacks and the MATCH list

Chargebacks can a ticking timebomb. Here's how to fix it. If you are looking for ways to avoid chargebacks and the MATCH list these ideas are easy to implement. Schedule your appointment with a Payment Professional for a free analysis, we know we can help!

How to Avoid Chargebacks

Chargebacks can be a ticking timebomb. Here’s how to fix it.

If you are looking for ways to avoid chargebacks and the MATCH list, these ideas are easy to implement. Schedule your appointment with a Payment Professional for a free analysis, we know we can help!

Chargeback Prevention

Make sure the first four digits of the embossed or printed card match the four digits printed below.

Chip & PIN cards should be processed on EMV terminals, this way the customer can enter their PIN and verify the transaction.

Match the name and card number on the transaction receipt to make sure the magnetic strip is not counterfeit.

If you are unable to swipe a card, make sure the slip is signed by the customer and shows the transaction date, authorization code, purchase amount, your information (your name, location), and description/itemization of goods or services.

Card-Not-Present Transactions + Higher Risk Of Chargebacks.

Keep a transaction record – By keeping a record of problematic customers, you are ready and able to spot high-risk transactions. Save yourself by blocking specific credit card numbers and future purchases!

Address Verification Service (AVS) – A fraud reduction tool to verify the cardholder’s address prior to completing the sale (ask a payment professional about this, it’s amazing!).

Know your customers – Avoid chargebacks by having a relationship with your customers. For instance, call the customer to confirm the item number or delivery address.

Customer service phone number – The customer service phone number should be printed on the receipt making it easier for customers to resolve disputes via the phone VS chargeback process.

CVV2/CVC2 security – A security feature printed on the back of cards, which you can verify as an additional security check.

3D Secure transactions – If you accept online payments, ask your payment professional for a 3D Secure transaction authentication system. Used correctly with a cardholder’s security code you are protecting yourself and the customer from most cases of fraud chargebacks.

Cancellation Tips

If you’re not careful with cancellations things can get dicey fast and you could put yourself in jeopardy real quick. Also, it may be wise to make sure there is an unsubscribe option.

To avoid canceled recurring transaction chargebacks, take immediate action and update the CRM.

Customers should be aware of your cancellation or refund policy in writing.

Be sure to have your refund/cancellation policy clearly printed on the transaction receipt.

Online Purchases

The refund and cancellation policy should be on your checkout screen with an “I agree’’ button the customer must click on to complete the transaction.

If your policy is no refunds or in-store credit only, this information needs to be included on the receipt.

Refunds need to be done with the original credit card, remember not to refund credit card purchases with cash or check.

If a customer did not receive their goods or services, a non-receipt of goods chargeback may occur.

A “decline’’ code indicates that the card issuer does not approve the transaction. Do not try to force it through anyway.

Avoid duplicate transactions

• Process one transaction at a time through your POS terminal

• Balance your deposits at the end of the day

Unfortunately, chargebacks will always be a thing. Hopefully, you feel like some of these tips will help you minimize chargebacks, save money and that your stress level is no longer a frustrating ticking timebomb either.
Ask your Payment Professional for more details.

Jodi Goddard In Banking, Compliance, Merchant, Payment Processing Industry

Chargebacks 101

Chargebacks are a major pain point for business owners, and will only get worse. Especially with fraud skyrocketing at unprecedented rates, thanks 2020.

It is much easier to add steps to prevent chargebacks than it is to fight one.

What Is a Chargeback?

This happens when a customer disputes the legitimacy of a transaction, or when an item is returned. Charges are disputed for many reasons: if an item wasn’t received, duplicate charges, technical issues, or a cardholder’s information was compromised.

Types Of Chargebacks

True Fraud

When an unauthorized purchase is made with a credit card it is considered true fraud. Once the customer realizes they were a victim of fraud they will call the bank, file a dispute, and claim the charge was made without their knowledge or permission. The bank will reverse the charges and deposit the funds back into the customers’ accounts. (Great for the customer, not so great for you).

Merchant Error

Merchant error charges are directly a fault of your business. It could have happened because card information was keyed incorrectly, the transaction went through twice, or you failed to deliver the product.

Other errors could be caused by system failures or issues within your business. Processes such as bad customer service, unwanted recurring payments, authorization errors, or fulfillment issues can exacerbate the problems.

Customers could file chargebacks related to recurring payments if you are billing them regularly without their knowledge or consent. Hopefully, you canceled the recurring charges when they called in the first time and avoid this altogether.

Authorization Error

Authorization errors can happen when a merchant decides to override a declined transaction, especially if this override is done with a voice authorization. It can also be a result of multiple deposits made to complete a single authorization.

Having solid steps for inventory management, shipping processes, and a good customer service department will be your biggest asset. It is really important to be quick about refunds so customers will go to you with complaints rather than going straight to the bank. Read this blog to check if authorization fraud could be a potential issue for you as well.

Friendly Fraud Chargebacks

Friendly fraud happens when a customer makes a purchase with their own credit card and then disputes it directly with their bank. This happens frequently within the eCommerce space and the costs add up quickly. A common scam to watch for is when a product was delivered but customer claims they never received it, or they sent it in for a refund and didn’t get their money back.

Long story short is the customer knows exactly what they are doing and will file the chargeback with their bank for the direct refund. Be prepared to deal with a hefty amount of fraud if you play in the e-commerce world because your transactions are 100% card-not-present purchases.

Chargebacks + Merchants

Chargebacks add to the expenses of a merchant’s retail operations because they end up eating the costs for chargebacks. If a business starts trending with multiple chargebacks they are at risk of penalties, fines, loss of their merchant account. Unfortunately, if you have too many instances you are risking being placed on the MATCH list. The MATCH list identifies merchants by the number of disputes and chargebacks they have that show they are high risk.

Steps Of Action For A Dispute

If you happen to find yourself in a dispute, we recommend talking with all team members before reaching out to the customer. Find out the steps staff members took to resolve the issue. Reach out to the customer once you have a grasp of the situation.

Find out what they are disputing, take notes on the information the customer gives you.
Contact the processing bank
Be quick and organized with your facts and documentation.
Keep open communication.
Provide your documentation to the bank, such as photos of completion, contracts, work orders, receipts, etc. The more documentation you have, the easier it is to prove it belongs to you.

Schedule a time with a payment professional for a quick business analysis.

Compliance