Many merchants are under the misconception that if they receive an authorization for a transaction, then there is no fraud risk for that transaction.  This is not true in any case, and especially not true for e-commerce merchants.   It is important for e-commerce merchants to understand e-commerce card acceptance rules in order to mitigate their risk.

All e-commerce merchants:

1. Must receive an authorization.   If the card is not reported stolen and the funds are available, then the transaction will most likely be approved.  E-commerce merchants MUST understand that an authorization does not prove that the card is valid or that the card is being used by the actual cardholder.
2. Are subject to their issuer's card not present chargeback rules.  This means that an e-commerce merchant can be held financially responsible for a transaction even if it has been approved by the issuer.  This is due to the increased fraud risk associated with no signature and no card imprint.
3. Are eligible to participate in Verified by Visa or other card issuer sponsored merchant risk mitigation programs.
4. Must enter an accurate ECI (Electronic Commerce Indicator) with each transaction.  This indicator is sent by the payment gateway and notifies the issuer that the transaction is an e-commerce transaction to assist the issuer in making an informed authorization decision.
5. Must be in compliance with the Payment Card Industry Data Security Standard.
6. Must never store Card Verification Value 2 (CVV2) or other card security codes as they pertain to the issuers.

This is just some of the very valuable information contained in Visa's E-Commerce Merchants' Guide to Risk Management.  NMA highly recommends that all ecommerce merchants click the preceding link and familiarize themselves with this important document.