Payment fraud can be one of the most significant problems a self-storage operator faces. The scope of annual merchant-service fraud is approximately $3 billion dollars per year in the United States, or about 10 percent of total electronic transactions.
As it relates to electronic payments, fraud occurs in three main forms: “friendly,” internal and external. Friendly fraud refers to when an individual purchases goods or services with the intention of using consumer-friendly rules to get out of paying for them. External fraud occurs when a customer provides a merchant with false information, e.g., a fraudulent credit-card number. Internal fraud is when a trusted employee steals from the merchant through various techniques.
In a self-storage environment, friendly fraud is not likely. Your greatest defense is you have the ultimate control to access a customer’s unit if payment is not valid. Your biggest risk is at the end of the lease when you relinquish a tenant’s goods.
At this point, the customer can file a chargeback claim, and you must be prepared to respond to an inquiry or chargeback issuance from the payment processor. If possible, get an electronic swipe of the card if it’s a credit card or ask for a debit card instead. When a credit card is keyed in rather than swiped on a terminal, never assume the charge will survive a chargeback—it won’t.
External fraud will also have minimal impact on a storage operator. The presentation of a stolen card for a recurring charge like rent is rare. This is because, on average, the rightful cardholder will be aware of any unauthorized activity within 45 days and cancel the card. In most cases, this occurs within days of it being stolen or lost.
Your greatest area of concern is internal fraud, which happens when an employee with access to the payment system abuses the privilege to steal money. Internal fraud can go on for years before it is discovered. Many experts in the payment industry believe the majority of these cases are never exposed.
The most common form of internal fraud is the issuing of inappropriate credits. For example, an employee might issue a credit to a friend’s credit card against a merchant charge that never occurred or issue a credit in excess of the original charge amount. He might also issue a partial or complete credit to a customer with the intention of charging less for rent or retail product than he should.
With these tactics in mind, it’s imperative that you have a specific set of audit procedures to monitor payment activities. Following is a recommended six-step protocol to reduce merchant-service fraud. When possible, separate and rotate these activities, and conduct audits on a random but frequent basis:
- Understand the merchant-service statement.
- Control all voids.
- Investigate all charge-backs.
- Monitor all credits.
- Look for patterns.
Understand the merchant-service statement.You should have a solid understanding of the basic elements of your merchant-service statement. These include the statement cycle, format, location of specific information and terminology. The statement should never be mailed to the facility office but to an off-site location where independent monitoring can occur. If you aren’t comfortable monitoring your own statement, hire a payment professional to assist.
Control all voids.When possible, require a manager to authorize and verify every void before issuance, and independently monitor the components of each. The following information should be recorded: the reason for the void, the employee who issued it, the date and time of the void, all the associated receipts, and the signature of the customer to whom the void was issued.
Investigate all charge-backs.Handle charge-backs similarly to voids. For each, log the reason it occurred, the employee who initiated the sale, the date and time of sale, and the credit-card number from which the chargeback derived. You should develop a detailed information trail on all chargeback activity, auditing each one not only from the perspective of the particular event, but looking to see if a larger system or organizational issue needs to be addressed.
Monitor all credits.The same type of log is necessary for all credits. Make note of the reason for the credit, the employee who issued it, the employee who made the sale, the date and time of the sale and credit, and the account number used for the initial payment. This information must match the account for which the credit is issued. You’ll also need the signature and phone number of the customer for auditing purposes.
Look for patterns.This is singularly important. Often a pattern emerges in void, chargeback and credit activity, and this should prompt a detailed evaluation. To establish a base pattern for the business, review the last six months of merchant-service statements, tabulating norms. Make careful note of the following:
- Percentage of downgrades
- Types of downgrades
- Percentage of each downgrade type
- Percentage of charge-backs
- Percentage of voids
- Percentage of credits
- Percentage of transactions by card type
To determine the meaning of any pattern, you’ll need a set of benchmarks against which to compare data. Establishing them takes a lot of work, but it’s a surefire way to reduce internal fraud. If you don’t wish to do this yourself, hire a consultant with the experience necessary to handle the task. Ask the vendor about his experience, which database he uses, and whether the database contains information regarding your specific payment processor and market (geography and business type).
Vigilance is the key to preventing lost profit in any business. Use these auditing procedures, and you’ll reduce the likelihood of friendly, external and internal fraud.
Ross Federgreen is a co-founder of CSRSI, which provides an integrated approach to the analysis, design, implementation, deployment and management of electronic transaction services and systems. Since 1999, the company has helped more than 350 public and private institutions reduce the cost of acquiring money and minimize the liability exposure related to payment transactions and customer data. Its products include the Credit Card Analysis System. For more information, call 866.462.7774, ext. 1; e-mail email@example.com; visit www.csrsi.com.