A big part of controlling the costs and risks of accepting credit cards is knowing what’s normal and what needs to be investigated.
 
Lack of knowledge can be extremely costly to your business. In any area where serious cost and risk control can occur, they must occur. Risk is central to accepting credit cards: What is the risk of not getting paid and, once paid, of not keeping the payment? Controlling cost and risk associated with credit cards is doable.
 
Four areas must be understood: how you accept credit cards; what type of cards you accept; what types and percentages of downgrades you receive; and evidence of fraud.

1. How do you accept cards? Merchants accept cards with the cardholder either present or absent. It is more risky, and therefore more expensive, if you accept cards without the cardholder present. In the grocery business many examples of card acceptance in the absence of the cardholder exist. These include taking orders over the telephone and the Internet with payment by credit card. If you can avoid this practice, do.
2. What type of cards do you accept? The majority of cards presented today are debit cards, rather than traditional credit cards. The risk of non-payment on a debit card is less than on a credit card. Among the reasons for this are: that a credit card is an open line of credit with many rules that favor the consumer over the merchant; that a debit card is tied to the cardholder's bank account; and that in PIN-driven debit card transactions a second form of identity is required, which increases the odds that the card presenter is legitimate. If your customer base includes a large number of international card transactions, travel and entertainment card transactions or corporate card transactions, your risk, and therefore your expense, increases. If you can encourage the utilization of debit cards, do so.
3. What types and percentages of downgrades do you receive? Merchants need to understand the types and percentages of downgrades they receive each reporting cycle. The most basic form of analysis requires that the merchant have knowledge of his or her own pattern of downgrades. This includes the types and percentages of those specific downgrades on a seasonally adjusted basis. Once the types are understood, it is critical to receive from the processor the definition of those downgrades and to find out why you are receiving them.

 Downgrades occur in any instance where a processed transaction does not meet the qualification standard for your processing relationship. Qualification is driven by the parameters that the provider places in his agreement with the individual merchant. They vary significantly and can literally be made impossible to meet by the imposition of additional requirements. Once this baseline pattern is established, deviation from it can be a sign of fraud as well as of an error in procedure, protocol or processing. Each downgrade you receive increases the expense of processing and subjects you to greater risk of termination. Know your patterns.
 
Is there evidence of fraud? Look at your statement. Note the number of credits, the number of chargebacks, the number and types of downgrades, as well as any change in the percentage or pattern of these findings.
 
Cafe and restaurant operations are extremely risky for many reasons, including the ability of the staff to increase tips and to steal electronic track data with the use of a wedge. A wedge is a device that allows the copying of credit card data from the magnetic stripe. These activities must be carefully understood and monitored.

Internet and MOTO (mail order/telephone order) environments are the subject of significant fraud because the credit card is not present during the transaction. The best rule of thumb is, whenever possible, to obtain an imprint of the card. For example, when a home delivery is made, if the order was paid for by a "called-in,' credit card, the delivery person should obtain an imprint of the card. In the Internet environment, as much information as possible should be obtained, including billing address and CVV (card verification value).

Once the number and type of risk factors are established for a particular operation, these results need to be compared to an independent database so that predictive modeling can occur. If a merchant does not have access to such a database, then at a minimum he should regularly compare his results from statement to statement to look for changes in patterns.

The most practical approach is to use independent, formal benchmarking and analysis. If that's not possible, then construct a monthly graphic for a period of at least six months and record the following to establish a baseline:

• Number and percentage of credits
• Number and percentage of chargebacks
• Number and percentage of total downgrades
• Number and percentage of each type of downgrade
• Number of transactions
• Types of transactions
• Cost of all categories of qualified and non-qualified transactions
• Cost of all categories of fees and surcharges

Once a baseline is established, monitor this for pattern changes. When a change is identified, investigation is required.