With the advent of EMV—a smart chip-based technology that protects credit card issuers, holders and merchants against fraud—the processing of credit cards has changed in the United States. Prior to EMV (which stands for Europay, Mastercard and Visa), pizzeria owners and other merchants were usually not held liable for accepting a stolen or fraudulent card. Instead, the credit card issuer took the loss as part of doing business. With EMV, the liability has shifted, and we business owners can get stuck with the bill.
The more sophisticated credit card criminals use skimmers and trappers or hack into the databases of large corporations to steal the information they need. They rarely target a small business like an independent pizzeria, but we do face a fraud threat that’s growing rapidly. If you offer delivery, you must be familiar with the dreaded merchant services chargeback. Before EMV went into effect in October 2015, pizzeria owners stood a pretty good chance of defending themselves against chargebacks and keeping the money that was charged fraudulently. With EMV, the credit card issuers have shifted liability to the retailer. And that’s where things get complicated.
As owner/operator of Precinct Pizza, one of the nation’s busiest pizza restaurants with a large delivery component, I wrestled with this problem, like everyone else in the business. After working closely with my POS provider, I developed a solution to the delivery chargeback problem, and I’m writing this article to share what I learned with my fellow operators.
Rick Drury worked with his POS provider to incorporate a few simple but effective tweaks to reduce credit card fraud.
A Growing Problem
There are two ways to cover yourself against fraudulent chargebacks. You must either make sure to get a carbon- copy imprint of the credit card or be able to prove the order was delivered to the cardholder’s home address.
Getting the imprint is especially problematic. Sure, it seems like it would be simple to tell your drivers to get an imprint for every transaction, but this might frustrate or insult your customers, who will get the impression you don’t trust them. It’s also time-consuming. My pizzeria does about 1,000 deliveries a week, and 85% of customers pay with a credit card. Even if every customer had his card ready to present to the driver, I estimate it would take an additional 15 seconds to obtain the imprint, adding about four hours a week to our drivers’ delivery time. Additionally, credit cards with raised or embossed numbers are going the way of eight-track tapes, thanks to online credit card processing and the increased security of chip cards.
The switch to EMV negatively impacts pizza delivery. Face-to-face transactions aren’t nearly as much of a problem—most criminals don’t want to stand face-to-face with their victims. In more than 10 years of business, Precinct Pizza has dealt with only two or three chargebacks from face-to-face transactions, and I believe most of them were from customers simply trying to get a copy of their receipt. Delivery orders, however, which are all done by manual entry—either over the phone or by the customer online—have recently become a nightmare for Precinct Pizza.
In our first 10 years of business, Precinct Pizza processed more than $16 million in credit card transactions and lost only a few hundred bucks in fraudulent delivery transactions. But we have seen a huge increase in delivery fraud recently. From October to December 2016, we dealt with 57 fraudulent transactions, resulting in more than $4,000 in chargebacks, all leading to losses for Precinct Pizza. And that’s not even counting the $20 our credit card processor charges for every fraudulent transaction. Some processors charge more than that, up to $60 per fraudulent transaction.
So what’s the solution? One company offers credit card readers that can be used with smartphones for magnetic- strip or chip cards. But unless you use that company’s POS system, it may be difficult to reconcile your books each day. I don’t think you should buy a POS system just for this feature. Your pizzeria’s POS system should be designed with pizza in mind.
I came up with my own custom features and then worked with my POS provider to tweak our system. All of our fraud occurs on delivery orders, and nearly all of it occurs with customers who have never ordered from us before. These customers have zero lifetime orders registered in our POS system. There were a couple of exceptions in which criminals placed multiple orders before we caught them, but the single common thread in these fraudulent transactions is the customer’s lack of history with Precinct Pizza. Each one had zero lifetime orders when they started using fraudulent credit cards to buy pizzas from us.
—Rick Drury, Precinct Pizza
Employees at Precinct Pizza are trained to ask their dial-in customers if they’re prepared to show their credit cards upon delivery of their pizzas.
With this information in mind, I contacted my point-of-sales system provider and presented my ideas about how to prevent fraud in the future. My POS company has always been open to my suggestions about feature improvements and has implemented many of them for me, with others still in the works. On the following pages, I will detail the POS-related changes I recommend.
1 The lifetime number of customer’s orders should be shown on the delivery ticket. With the number of lifetime orders printed on the delivery ticket, the manager will quickly know if this is a regular customer or a new one. If it’s a new or relatively new customer who’s paying by credit card, the manager can be sure to tell the delivery driver to get an imprint of the card. Remember, as long as you have that imprint, you’re covered.
This feature can also help your manager make better decisions in regard to routing deliveries. Imagine you’re the manager in charge of routing deliveries on a very busy day. You have two deliveries to send out, each in opposite directions but roughly the same distance away, and just one driver. Which delivery gets a higher priority? If one customer has 186 lifetime orders and the other has only two, I would take care of the customer with two lifetime orders first—that customer is new and you want to impress him. The customer with 186 lifetime orders obviously likes your business and would forgive a late delivery. This is another reason why listing the lifetime number of orders on each delivery ticket is helpful, regardless of credit card fraud.
2 Some credit card orders trigger a special pop-up window. When a customer with fewer than five lifetime orders tries to pay with a credit card, a pop-up window appears on the POS system’s screen. This pop-up appears for online orders on the customer’s screen as well as on your own store’s computer screen for phone orders. The alert on the customer’s screen states, “When our delivery driver arrives, he will need to make an imprint of your credit card. Will you be able to provide the card to the driver upon arrival?” Depending on whether it’s an online order or a phone-in, the customer can click or answer “yes” or “no” in response. With a “yes” answer, the order proceeds as usual, and the delivery ticket is printed with a line on the driver’s checklist that says, “Get CC Imprint.” But a “no” answer brings the ordering process to an immediate halt. (If the customer is using a fraudulent credit card, he will mostly likely discontinue the order at this point anyway.)
—Rick Drury, Precinct Pizza
3 An imprint-received notification should be added to the customer’s profile. For new or relatively new customers, we added a box to their customer profiles that reads, “CC Imprint Received.” Once a driver has received the imprint from a new customer, he is required to go into the customer’s profile and check this box so we don’t have to keep inconveniencing the customer over and over. Once this box is checked, the pop-up window described above will be disabled for that customer in the future. You can also choose to override the pop-up window for well-known customers who don’t have a lot of lifetime orders on the system. Additionally, an operator might want to bypass the anti-fraud features for commercial deliveries—all of the fraud that I have experienced has occurred on residential deliveries.
If you want to continue requiring a credit card imprint even for customers with a longer lifetime order history, you can go that route. Personally, I doubt that someone who has ordered once, used a credit card and given us an imprint, would then use a fraudulent card in subsequent orders. It just does not seem likely.
4 Require security code and ZIP code authentication. For all orders, we now require the card holder to input his three-digit security code and his ZIP code before finalizing the order. This adds another layer of security.
These new features may not eliminate fraudulent credit card orders entirely, but I estimate they’ve saved me at least $1,000 per month since I implemented them. An annual savings of $12,000 isn’t pocket change, so most pizzeria operators with a delivery component can benefit from these tweaks to their POS system!