VISA e-Commerce Guide to Risk Management: Travel Agencies
VISA e-COMMERCE GUIDE TO RISK MANAGEMENT
by Gerri Bryce
Ok, I got lazy today. Not an impressive way to start the week, but I got good reasons to be. Out from the treasure trove of high risk merchant account providers I spotted a copy of VISA's e-Commerce Guide to Risk Management. What a blessing for all of us, although the guide could have practically been buried in the box for eons. And even if it was, most high risk merchants have unfaithfully forgotten VISA's attempt to enlighten them when it comes to doing business online anyways.
It's just that the playing field is never the same as doing it with a brick store. Otherwise, VISA wouldn't bother.
For this time I'd focused on Travel Agencies, as being a traveler I've always been concerned about airline ticket and travel planning frauds. Read the guide, get wise, and outdo the scammers!
E-COMMERCE START UP
Recognize your potential sales agent liability. Understanding your risk exposure can help you take appropriate steps to minimize it, and protect your agency from losses associated with customer disputes and fraud.
As a sales agent of an airline, for example, your agency may be liable for the entire amount of an airline ticket if it is disputed by the customer or purchased with a stolen account number. To mitigate risk, you need to establish e-commerce policies and procedures that address the following factors:
1. An approved authorization request indicates that the account is in good standing. However, the response is not proof that the legitimate card holder is making the purchase, nor is it a guarantee of payment. In most cases, therefore, airlines are liable for fraudulent card not present transactions even when they were approved by the Issuer.
2. Even if a travel agency is not a Visa merchant subject to Visa regulations, the airline partner is. In most fraud-related cases, the airline transfers financial liability to the travel agency partner as part of the contractual agreement.
1. Require website membership to book airline tickets and other travel series such a hotel accommodations and car rentals. By requiring customers to become members of your website service, you can collect additional customer data that can help you assess risk. When establishing member profiles:
-Verify the customer data that you collect before you store it.
-Ensure that strong security measures such as secured data storage and limited employee access are in place to protect sensitive customer data.
2. Capture and retain Internet protocol addresses. It is important to know the IP addresses if the ISPs from which your customers make purchases. With a database of these addresses, you can develop fraud-screening tools based on transaction characteristics.
3. Display a website notice that the customer's billing addresses will be verified. If you access Address Verification Service (AVS) offline, you may encounter address verification failures long after your customer has completed booking. By letting customers know that the billing address will be verified, you can prepare them to understand potential address inquiries later. This website notice should clearly state that airline tickets cannot be issued until the customer's billing address has been verified by the Issuer.
4. Require a waiting period of at least four to six hours between ticket purchase and flight time. Tickets purchase just before a flight may indicate fraud risk. To protect your company from potential losses, you need adequate time to verify the validity of the customer and payment card before travel begins.
VISA CARD ACCEPTANCE
1. Ensure that your agency name and toll-free telephone number or URL address appear on the card holder statement with your airline partner's name.
Customer inquiries and disputes can be avoided if your travel agency name and contact information are included in the merchant descriptions that appear on the billing statements of your customers. Work with your airline partners and Acquirer to ensure that card holder statements give your customers an easy way to recognize their bookings with your agency and an easy way to reach you when they have questions.
2. Clearly disclose all terms and conditions of the sale. Before making the decision to buy, your customers should know all of the terms and conditions of the booking at hand. Always tell your customers the following details:
-the agency fee will be billed separately from the reservation fee (airline ticket charge, hotel charge, etc.)
-the amount of the fee
-when the fee will be billed
-what name will appear on the cardholders statement
By clearly disclosing this information, you can ensure quality of service and avoid unnecessary customer disputes later. For best results, require the customer to click and accept the disclosure statement displayed on your site.
1. Queue large-value bookings for fraud review, High-dollar transactions may increase your exposure to fraud and customer disputes. You can mitigate risk and its associated costs by reviewing this type of booking carefully before settling with your airline partner,. For best results, queue large transactions for review and call the cardholders involved to verify booking data.
2. Track key fraud characteristics. To ensure effective control, you need to track known fraud transactions, identify all key characteristics of these bookings, and store the information in an ever-growing database that you can use to make risk assessments. Focus on such characteristics as:
-passenger names, addresses, and telephone numbers
-card holder names, addresses, and telephone numbers
-e-mail addresses, IP addresses and ISPs
-transaction times,. amounts, air carriers, classes of service, and travel itineraries
3. Screen higher-risk bookings. This practice can help you detect and prevent fraud before it happens. Be sure to screen bookings with such characteristics as:
-passenger name different from card holder name
-first or business class tickets
-electronic tickets or tickets not delivered to billing address
-date of travel less than six days after ticket purchase
More of VISA's e-commerce protocol will come in the future articles. Just be reminded that for every high risk merchant account service you render to your customers, there's always a great percentage that your customers may be hackers or spammers. It pays to destroy their modus operandi.