A merchant account is an agreement between a merchant, an acquiring bank, Visa, MasterCard, and possibly American Express, Discover, Diners Club, JCB, etc.

The gateway processes transactions for merchants using each merchants own merchant account. In the same manner that a clerk in a retail store swipes a customer’s card through a box that processes that merchant’s transactions using that merchant’s own merchant account, the gateway processes merchant’s Internet transactions using each Internet merchant’s own merchant account.

The gateway is essentially the Internet equivalent of the swipe hardware found in retail stores, with quite a bit of enhanced functionality specific to Internet processing.

This means that merchants must contact their acquiring bank with any questions specific to their merchant account.

If you have questions as to why you are receiving a specific response to a transaction, you must contact your acquiring bank.

These questions include, but may not be limited to:

• Why is a transaction being DECLINED when the customer says the card is good?
• Why does the AVS response state that the customer’s address is not a match when the customer says the address information is correct?
• Why aren’t American Express or Discover transactions being accepted?

An Acquiring Bank is a bank that is responsible for acquiring the funds from credit card issuing banks for transactions that were processed by your customers. The Acquiring Bank then deposits these funds directly into the appropriate merchant’s bank accounts.

You must have a merchant account with an Acquiring Bank to process transactions through an online gateway.

Some banks use Merchant Service Providers to handle the support questions related to merchant accounts.

A Merchant Service Provider (MSP) is the company responsible for servicing your merchant account for your acquiring bank, and is generally associated with a credit card processor.

MSPs provide merchants with monthly statements and a Customer Service department to answer questions and resolve problems you may have specific to your merchant account.

You can usually find your MSPs Customer Service Departments Toll-Free phone number on the Welcome kit they should provide you with and on the monthly statement they send you.

CVV2 (Card Verification Value, Second Generation) is a three-digit value that is uniquely derived for each credit card account. It is printed in reverse italic characters on the signature panel of all Visa and MasterCard cards following the last 4 digits of the account number.

In a card-not-present environment such as the Internet, CVV2 lets a merchant verify that the cardholder does in fact have the card in his or her possession.

The Address Verification System (AVS) is a system when connecting to your customers issuing bank through your MSP’s processor, is able to verify whether the street address and Zip code entered by your customer is the same as the street address and Zip code that the customer’s issuing bank has on file.

AVS is a standardized system among the credit card companies with a fixed set of responses documented, where merchants have the ability to specify which AVS responses they wish to accept and which AVS responses they wish to decline.

AVS responses often relate to the rate you will pay your Acquiring Bank for processing your transactions, as well as your potential liability in the case of charge backs. For details on rates and charge backs, please refer to your original Merchant Account Agreement or contact your Merchant Service Provider.

Keep in mind that the AVS system currently offered by the credit card companies only verifies street address and Zip codes of cards issued by U.S.-based banks, and that the standard response returned by the credit card companies for non-U.S. issued

cards is Non AVS Participant Outside of U.S.

A chargeback occurs when a consumer or bank disputes a credit card transaction approved by a merchant, often due to fraud, and the merchant must return the value of the charge to the bank that issued payment. Typically, merchants also pay a fee or multiple fees when a chargeback is processed.

For each chargeback, the issuing bank – the bank that issued funds to cover the cardholder’s charge – provides a chargeback code to the merchant.

This numeric chargeback code corresponds with a description of the issue with the payment: Fraud, identity theft, insufficient

funds, data mismatch, customer dissatisfaction, etc.

Chargeback ratio is a measure of how many chargeback claims a merchant pays compared to the total number of transactions the merchant processes.

A chargeback ratio too high can lead to fees or higher costs from acquiring banks, and even the merchant being added to industry “blacklists” like the Terminated Merchant File (TMF) or the Member Alert To Control High-risk list (MATCH list).

Acquiring banks, which process merchant transactions, use these lists to determine which merchants are “safe” to work with, and which aren’t. Chargebacks present a risk to acquiring banks, and these banks work hard and collaborate to avoid merchants with high chargeback ratios.

Card brands like Visa and MasterCard also monitor chargeback ratio and impose strict fines and compliance requirements on merchants who exceed certain thresholds (typically a 100/1, or 1%, chargeback ratio).

Not all claims of fraudulent transactions or customer dissatisfaction are legitimate. In some cases, a consumer abuses the protections of the chargeback process to have his or her money returned when, in fact, the transaction was legitimate and the merchant faithfully fulfilled its duties. This is called friendly fraud.

Friendly fraud can be a major burden for merchants, especially in the e-commerce space. When a chargeback is requested, the burden of proof is on the merchant to show that the customer received what he or she paid for. Proving the transaction was legitimate can be arduous for a business, especially with card-not-present transactions.

TC40 data is information reported by issuing banks each time a consumer makes a fraud claim. Issuing banks report TC40 data to the merchants’ acquiring bank, other issuing banks, and card brands like Visa and MasterCard.

Each TC40 claim includes data about the merchant, the banks involved with the transaction, when and where the transaction occurred, and other details. Visa collects TC40 data under what it calls the Risk Identification Service (RIS). MasterCard dubs its TC40 data collection, in part, the System to Avoid Fraud Effectively (SAFE) report.

TC40 reports should not be confused with chargebacks. Chargebacks occur when the issuing bank requires a merchant to return funds when a charge is under dispute. If, and only if, the transaction is revealed as fraud, the issuing bank must file a TC40 claim.

The issuing bank is the institution that backs the cardholder’s credit card or other payment method. Typically, issuers are major commercial banks, e.g. Chase, Wells Fargo, Bank of America, etc. When the cardholder swipes, dips, or enters credit card data online, the issuing bank pays the charge and bills the cardholder.

Plainly stated, this is the bank that “issues” payment.

Issuing banks rely on card brands like Visa and Mastercard to facilitate the acceptance of payments across global networks. Most credit cards display a logo for both an issuing bank and a card brand. “Private label” credit cards, as well as cards issued by retail services, are ultimately backed by an issuing bank as well.

Some card issuers, like American Express and Discover, operate differently. These major brands not only issue credit cards, they maintain their own payment networks independent of Visa or MasterCard.

In cases of fraud, the issuing bank is the party that demands payment is returned on behalf of the cardholder.

What Is Affiliate Fraud?

Many merchants rely on affiliate advertising networks to direct traffic to their website. Affiliate sites, often as part of a network, post links or referrals to the merchants’ websites. The merchant pays the affiliate – typically on a pay-per-click (PPC) or commission basis. Big players in the affiliate space include: LinkShare, Google, Amazon, PeerFly, ClickBank, and many others.

Affiliate fraud occurs when an affiliate site abuses the PPC or commission based advertising model by “farming” clicks or initiates fraudulent purchases to collect unearned commissions.

“Click farming” is the practice of running a computer designed to “click” links on the affiliate’s web page. This generates pay-per-click revenue for the affiliate, paid by the merchant. However, the merchant derives no value from the clicks because there is no customer.

A card-not-present or CNP transaction is any transaction for which the physical credit card is not on location when the purchase is made. E-commerce transactions are the most prominent example of CNP purchases.

Card-not-present transactions require a degree of trust on behalf of the merchant, as the cardholders’ physical absence limits the merchant’s ability to verify the identity of the individual who initiates the transaction. CNP transactions, also known as MO/TO or MOTOEC for Mail Order / Telephone Order, are more likely than brick-and-mortar transactions to result in fraud and chargebacks.