Best Practices

How to use best practices to protect against disputes and fraudulent payments.


In response to the elevated disputes faced by many merchants in the travel and entertainment industries due to COVID-19, Visa and MasterCard have issued guidelines for resolving them. These guidelines relate specifically to goods and services canceled directly due to a government order or prohibition.

For all industries, the best actions you can take are to proactively communicate with your customers and issue refunds where appropriate, especially when requested.

Creating an effective dispute and fraud prevention strategy that best suits your business can help prevent fraud from occurring. By employing some of these best practices as part of your overall strategy, you can avoid excessive chargebacks and reduce potential customer burden and losses.

Contact Customers to Confirm Their Order

Contacting customers by phone or email to confirm their details before fulfilling an order can give you time to verify that a payment is legitimate. Contact information that doesn’t belong to the customer or fails to work may indicate a fraudulent payment. A nonsensical or evasive answer is also typically a good indication of potentially fraudulent behavior. Keep in mind that even phone or email responses can’t guarantee that the person responding is the true cardholder.

Verify Your Customer’s Identity

For some, verifying the identity of customers can be beneficial. Asking your customers to connect their Facebook or LinkedIn accounts, for example, can serve as further proof of their identity. Connecting a social networking account doesn’t prove who a person is, but it’s an extra step that a fraudster might not take. Of course, some legitimate customers may not want to go through this additional process, and your conversion rate may suffer as a result.

Refund Suspicious Payments Immediately

Refund any payments you suspect are fraudulent as soon as possible. In the Merchant Portal, select the payment and click Refund with the reason fraud. This refunds the payment and reports it to us so that we can further improve our fraud detection.

Manually Review Payments

Here are some considerations when manually reviewing a payment:

  • Does the billing address match the shipping address?
  • Has the billing address been verified by AVS? Does it also match the card’s country of origin?
  • Does the customer’s email address match the cardholder’s name?
  • Is this an order that the customer has asked to be expedited?
  • Have multiple orders from different credit cards originated from this same IP address?
  • Has this customer made many order attempts that have been declined?

If you’re unsure about a payment when you’re reviewing it, you should always contact the customer by phone or email. If a payment’s billing and shipping address don’t match, look into the shipping address using Google Maps & Street View to find out more. A common tactic that fraudsters use is to have orders shipped to a freight or mail forwarding service or storage facility that forwards the goods to their actual location.

Use Auth and Capture When Creating Payments

Credit Card payment attempts are processed in two parts. The payment is first authorized by requesting authorization for the amount of the purchase from the card issuer. After a payment is approved, it’s then captured immediately afterwards and the amount deducted from the card.

Auth and Capture is the process of performing these two steps at separate times. The authorization can be made first, which holds the amount on the card and appears on a customer’s statement as a pending transaction. The payment can then be captured up to seven days later. Capturing a payment completes the transaction and the funds are deducted from the customer’s card. If a payment is not captured within the time limit, the authorization is released.

Similar to delayed shipping, this method can allow enough time for potential fraud to come to light, giving you the option to carefully review the transaction.

Set a Custom Statement Descriptor for Each Payment

The statement descriptor is the line that appears on customers’ card statements with information about the company that’s associated with a payment. One way to use a statement descriptor is to insert a short, random code that your customer then has to verify. When you suspect a transaction might be fraudulent, you can contact your customer and ask them to give you the code that is shown on their online statement.

You can ask for your default statement descriptor to be changed to something more unique that you know. While this method cannot help against a fraudster that may have access to a cardholder’s online card issuer or credit account, this is extremely rare. Using the statement descriptor in this manner can provide reassurance that the customer is likely to be genuine.

Card Type Limiting

You can set limits on which type of cards to accept, either by brand, (e.g., MasterCard), or by funding type (e.g., pre-paid). This can be particularly helpful if you see excessive fraud from certain card types.

Delay Shipping Orders

If you’re shipping physical goods, consider delaying the shipment of goods by 24-48 hours. This time gives cardholders a chance to spot any fraud on their accounts. However, not all cardholders check their statements on a daily basis, and their card issuer may not proactively contact them about the transaction.

Customers that request overnight or expedited shipping should be considered higher risk, as the increased cost of such services is of no consequence to fraudsters. One tactic you can use to identify these types of payments is to offer same day or overnight shipping at a very high cost - many times more expensive than any other shipping option you provide.

It’s far less likely that any legitimate customer would pay such a high cost, but a fraudster would want the goods to be shipped as soon as possible and have no regard for the additional cost. You can then manually screen any customers that opt for the expensive shipping option and scrutinize the order to determine if it looks genuine.

Ship to a Verified Address

Shipping to a verified billing address which has passed postal code and street address checks is always the safest option. When using an address that has not been verified, you cannot prove that the order was shipped to the legitimate cardholder if the payment is later disputed.

This doesn’t prevent you shipping to a different address, though you should do all you can to mitigate the risks involved. For instance, you may only want to ship orders to a different address for returning customers you already know to be legitimate, or who provide a fully verifiable billing address. In addition, any of the following could indicate the payment is suspicious:

  • The order is much larger than normal, or is only for your most expensive products
  • The customer changed the shipping address after placing the order
  • The customer requested expedited shipping
  • The products ordered have a high street resale value
  • The shipping destination is vastly different from the billing address or the card’s country of origin (e.g., billing address is US, shipping address is UK)

Reviewing the order and the shipping address information can help you determine whether or not the order presents an unacceptable risk to you.

Create Rules to Manage Incoming Payments

You can ask our fraud team to setup rules to manage how your business handles incoming payments, blocking any that you would consider suspicious or placing them in review. You should also be aware of common types of fraud and make sure your business is best able to identify fraudulent payments.

Automatically Block Payments or Place Them In Review

You can use QorCommerce's tools to create a highly effective fraud prevention strategy. Using rules, you can adopt methods that evaluate payments based upon your specific criteria and take the appropriate action automatically. You can also create rules that use multiple criteria, allowing you to allow or block payments that meet multiple conditions.

Benchmarking Your Dispute Rate

Your account’s dispute rate is an important metric to use when reviewing the efficiency of your disputes and fraud prevention methods. You should also consider it a trade-off, estimating an acceptable percentage of disputes you’re willing to accept, compared to the revenue you might lose by blocking risky payments. A dispute rate of 0.8% may be acceptable if working to reduce it further would risk blocking a substantial amount of legitimate revenue. Your disputes and fraud prevention strategy should work to maximize your revenue while keeping your dispute rate as low as is acceptable.

Even with all these methods, it’s still possible for instances of fraud to occur. We provide detailed information about disputes and fraud so you can be as informed as possible as users are ultimately responsible for them.

It’s important that you regularly evaluate your strategies to make sure they’re effective and keep up with different ways fraudsters may try to commit fraud. Working together, with our fraud team, QorCommerce's tools and your vigilance can work best to avoid disputes and fraud.


If you require assistance with a dispute, please contact QorCommerce support.