ARC has created this reference document to help travel agencies better navigate the industry’s latest payment card acceptance, risk mitigation and chargeback management procedures. Whether you are new to the air travel industry or a seasoned expert, this valuable resource will help you and your agency:
The contents of this guide have been excerpted from Section 6 of the Industry Agents’ Handbook (IAH), pages 153–164, which outlines the responsibility of ARC-accredited agencies when accepting payment cards (credit, debit and charge cards) on behalf of ARC participating airlines. This section frames the expectation for ARC participating airlines and agencies when managing chargebacks procedures, best practices on payment card acceptance and risk management. To view this section or the full IAH, click here.
Please note that this guide will be updated by ARC as new technology, procedures and best practices are introduced or when payment card company rules change.
It is highly encouraged that you share this guide with your staff so you all can become familiar with the latest payment card acceptance and chargeback management procedures.
The goal of Section 6 of the handbook is to:
The procedures are based on payment card company rules for card acceptance and chargeback management in the travel industry. These procedures will be updated as new technology is introduced or payment card company rules change.
To reference terms in this document, search ARC’s industry glossary.
The following outlines procedures for agents accepting payment cards on behalf of ARC participating airlines:
It is important for agents to follow the above procedures. If the procedures aren’t followed, airlines may not be able to obtain payment from the payment card companies, which may result in fees associated with improperly authorized transactions or in a chargeback. The agent is financially responsible for the sale, associated fees and chargebacks.
To summarize, given the challenges in the travel industry with validating the identity of cardholders, agents are encouraged to review best practices for card acceptance risk management, and chargeback management. This information will help identify ways to attempt validation of the cardholder identity and obtain proof that the identity of the cardholder was validated in the event of a chargeback. The goal of the best practices outlined in this section is to help agents create a fraud prevention strategy and identify opportunities to obtain necessary documentation to reverse a chargeback should there be a claim of fraud or a dispute over the terms and conditions of the sale.
The following is a list of the payment cards processed by ARC and their respective two-character designator:
|AS||Alaska Airlines Commercial Card|
|DS||Discover/Diners Club International|
|JC||Japan Credit Bureau (JCB) International|
|TP||Universal Air Travel Plan (UATP)|
The Payment Card Acceptance Chart shows the acceptance of various payment cards by each ARC participating airline. The chart also shows the restrictions some airlines have for accepting payment cards on their behalf. A blank box indicates that the airline does not accept the payment card. The definition for each code immediately follows the chart. In some cases, the letter “E” follows the acceptance code. This means the airline accepts the payment card with additional exceptions to the acceptance criteria. The additional airlines’ exceptions, when applicable, are listed immediately following the definition of the applicable code.
Agents should refer to the Airline Payment Card Acceptance Chart to ensure instructions are followed when accepting payment on behalf of airlines.
Please click here to view the Credit Card Acceptance Chart
Under the Fair Credit Billing Act (FCBA), consumers in the United States are protected against “inaccurate and unfair credit billing and credit card practices.” Therefore, cardholders not involved in a transaction billed to their account, or who did not receive the product or service promised, have the ability to initiate a dispute on a transaction or “charge- it-back.” As a result, merchants* (airlines and their agents) must engage in a process to respond to chargebacks or risk financial responsibility for the associated loss.
When a cardholder initiates a chargeback, the dispute is submitted to the airline’s payment processor who works with the airline to obtain the information necessary to support the transaction. The information provided must prove that the actual cardholder participated in, and/or authorized the transaction. Airlines maybe in the best position to respond to some chargebacks types (e.g., fraud or services not rendered) because they may have proof that the cardholder took the flight. If other evidence is required to attempt a chargeback reversal, the airline is expected to contact the agent prior to the close of the chargeback response window to obtain additional information about the customer and the transaction.
Agents are encouraged to review the best practices for chargeback management in this section to determine what documentation to provide the airline, and therefore the payment processor, to have the best chance to reverse a chargeback. Payment card chargeback response timeframes vary by payment card company. Therefore, to have the best chance of success in defending against a chargeback, agents are encouraged to immediately respond to airline requests for supporting documentation and no more than five days from receipt of notice.
The payment card companies have regulations and requirements for the supporting documentation necessary to successfully dispute chargebacks. In addition, they allow for “compelling evidence” to be provided by the merchant for consideration in a chargeback dispute. For a fraud chargeback claim, merchants must provide proof that the cardholder was involved in, and authorized the transaction. For service related chargebacks (e.g., refund not received or services not rendered), proof that service was provided or that the terms and conditions of the sale were accepted prior to the transaction taking place is required.
When responding to chargebacks, in an attempt to reverse the chargeback, agents are encouraged to provide documentation that demonstrates:
Obtaining proof demonstrating that these three things were done is very challenging for merchants, particularly in the travel industry, and there is no guaranty that the documentation will resolve the chargeback. Additional information about responding to chargebacks is included in Best Practices for Chargeback Management section below.
If the airline is unable to obtain a reversal of the chargeback from the payment card company, the agent assumes financial responsibility for the debit memo issued as a result.
This section provides information to help agents make informed decisions about payment card acceptance and the associated risk of fraud. The best way to reduce the risk of fraud is to “know your customer” and to know the behavior of typical customers to the agency. When a customer is someone unknown or falls outside the typical pattern, it can be a red flag depending on the agency business model. A red flag means additional verification will help in making an informed decision about accepting a transaction. Most agents don’t know all of their customers, so agents are encouraged to put tools in place to collect information that assists in validating the identity of the cardholder and assesses the risk of fraud. This can be challenging in a card-not-present environment in general and particularly in the travel industry.
Travel agents and airlines sell services, so unlike a traditional retail merchant that sells shoes or electronics, there isn’t a product to mail to the cardholder address. Mailing tangible goods to the cardholder is one way to demonstrate that the cardholder was involved in the transaction, but with e-tickets this option isn’t available. Additionally, global distribution systems (GDSs) don’t make credit card terminals available to travel agents in the U.S. In a brick-and-mortar retail environment, credit card terminals are available so electronic information can be collected via a “chip” card as proof that the card was present and valid. Because these tools aren’t available in the travel agency distribution channel for airline ticket sales, agents aren’t able to fully validate that the card was present and valid. Finally, the infrastructure to support 3-D Secure (Verified by Visa, MasterCard Identity Check, Discover ProtectBuy) isn’t available via the GDSs, which means that online travel agents (OTAs) are unable to authenticate the cardholder identity and receive the associated protection against fraud chargeback claims. Additional information about 3-D Secure follows.
The large majority of transactions in the travel agency distribution channel are card-not-present, which makes it challenging to validate that the customer is the cardholder and increases the risk of fraud. Agents are encouraged to have a risk management strategy in place to help manage the risk of fraud. The first step to creating a risk management strategy in a card-not-present environment is to become knowledgeable or have someone within your organization that is knowledgeable about fraud prevention and the tools available to manage the risk of fraud. It is important to be aware of current trends and tactics used to perpetrate fraud, so the strategy can be consistently updated. The challenge for travel agencies is to weigh an acceptable level of risk against potential negative impacts (i.e., friction) to the customer.
Because liability for card-not-present transactions falls on the merchant (airline, and therefore, travel agent), many travel agents and airlines have developed sophisticated systems to manage risk. These systems generally include the following to assist the agent in making decisions about whether or not to accept a transaction:
While fraud detection technology continues to evolve, this approach has become a best practice for managing the risk of fraud. The information that follows describes some of the tools that can be used to manage the risk of fraud and chargebacks. The use of these tools does not protect the agent from loss if a chargeback is received, but they are helpful to evaluate the risk of fraud.
In addition to managing the risks associated with payment fraud, agents should consider what information to collect about the customer or cardholder and the transaction in the event of a chargeback or a need to collect payment directly from the customer following a chargeback. This includes data such as proof that the terms and conditions of the sale were accepted by the cardholder and full address and contact information in the event a chargeback is received and the customer needs to be contacted.
Address Verification Service (AVS) is a tool offered by American Express, Discover, Mastercard, Visa, JCB and Diners Club International. It allows merchants to verify that the numbers in the billing address provided by the customer match the billing address associated with the card. AVS can be an effective tool for validating customer identity because, in many instances, individuals perpetrating fraud do not know the customer billing address. However, it is important to note that in some cases individuals perpetrating fraud may know the customer billing address. Therefore, using AVS does not provide a merchant with protection against fraud or chargebacks.
AVS is available through the following GDSs by card type (Note that these tools may not be available on all platforms within the GDS; therefore, to obtain information about the availability of these tools on a specific platform, contact the GDS):
|GDS||American Express||Diners Club International||Discover||JCB||Mastercard||Visa||UATP|
Visa (CVV2 - Card Verification Value 2), Mastercard (CVC2 - Card Verification Code 2), Discover (CID - Card Identification) and American Express (CID – Card Identification) each provide a valuable service that allows agents to validate the unembossed code (three or four digits) on a card. Validating that the unembossed number on the card matches the number associated with the card attempts to demonstrate (but isn’t proof) that the customer has a valid card in his/her possession. This prevents individuals with stolen payment card numbers from using the numbers to make fraudulent purchases. This tool has been proven to be a valuable risk management tool; however, as with AVS, using CID, CVV2 or CVC2 does not provide protection against chargebacks. The following is an example of how CID is represented on a Discover card. It is similar with other cards, but as shown in the case of American Express, the CID is often on the front of the card.
Note: Never write down or retain the unembossed number associated with a customer’s card.
CID, CVV2 and CVC2 are supported by the GDS for the following card types (Note that like AVS, these tools may not be available on all platforms within the GDS; therefore, to obtain information about the availability of these tools on specific platform, contact the GDS):
|GDS||American Express||Diners Club International||Discover||JCB||Mastercard||Visa||UATP|
All payment card companies require merchants to obtain a payment card authorization for every transaction in the travel industry. In the travel agency distribution channel, authorizations are obtained via the GDS at the time of ticketing. Standard card authorization procedures are outlined in the Card Acceptance Procedures.
A standard authorization generally validates that the card number is valid and that the funds (i.e., “open to buy”) are available on the account. American Express and Discover offer an enhanced authorization service that will allow a merchant to validate additional information about the cardholder. The following are phone numbers agents can use to obtain additional information about cardholders.
American Express 1 (800) 528-2121
The American Express Voice Authorization Service offers the ability to verify information about the cardholder including cardholder name, street address, zip code, and phone number. To use the service, have the card number and the information to be verified. The system has intuitive prompts to walk through the validation.
Discover Network 1 (800) 347-1111
The Discover Voice Authorization Service offers the ability to validate the Card Identification (CID) on the back of the card and to conduct a cardholder name verification. To use CID, have the three-digit code on the back of the card available. To use the cardholder name verification option, have the cardholder’s first and last name.
When calling the Discover Voice Service, have the following information available and follow the voice prompts:
3-D Secure — Online fraud management tools (Verified by Visa, MasterCard Identity Check, and Discover ProtectBuy)
The major payment card brands offer online merchants a tool called 3-D Secure, however, only Visa, Mastercard, and Discover offer the tool for use through the travel agency distribution channel for airline ticket transactions. 3-D Secure allows online merchants to authenticate the identity of a cardholder through a cardholder-generated personal identification number (PIN), a one-time use code or other identifying information associated with the account. While the underlying technology of each system is called 3-D Secure, it is uniquely marketed by each card brand.
3-D Secure is available for online merchants with a direct interface to the customer. This means that the cardholder must be the one directly inputting the payment card information into the merchant website. 3-D Secure works by authenticating the cardholder on the merchant website through an interface between the cardholder and the entity that issued that card (e.g., card issuing bank, Discover). Online merchants that use 3-D Secure use third-party authentication providers, to directly interface with the card issuer so the cardholder can authenticate themselves.
The benefit of 3-D Secure is that when authentication occurs or is attempted, merchants are protected if a cardholder claims the transaction was fraudulent. In other words, the liability for the fraud chargeback loss is taken by the card issuer rather than the merchant. For 3-D Secure to work in the travel agency distribution channel, infrastructure changes by online travel agents (OTAs), GDSs, ARC and payment card processors are required. ARC has made the necessary infrastructure changes to support 3-D Secure. Travel agents interested in using 3-D Secure are encouraged to contact their GDS representatives to request that changes are made to support their needs. For additional information, please contact the ARC payments team at firstname.lastname@example.org.
Many merchants effectively manage their fraud risk through the use of transaction-scoring tools that analyze information available at the point of sale to identify transactions that appear high-risk. Some agents develop tools internally while others partner with third-party providers of fraud-scoring tools. Real-time (or near-real-time) transaction-scoring tools use four key sets of data to analyze risk:
Analysis of this data provides merchants with information to manage risk. Scoring tools use the data available to expedite the processing of low-risk transactions and flag high-risk transactions for further analysis. Fraud scoring providers generally offer a user interface the merchant can use to quickly analyze high-risk transactions. Many of the largest travel industry merchants use fraud scoring tools, along with a set of other fraud prevention tools and tactics to identify and reject fraudulent bookings.
Fraud against Travel Management Companies (TMCs and agents that manage corporate accounts) has grown in recent years as social engineering schemes have become more sophisticated. Fraudsters often manipulate agents managing corporate travel accounts by posing as an employee of the corporation. Agencies that manage corporate travel accounts need to have procedures in place to ensure that agents validate they are ticketing for the actual corporate customer. The following are tips to reduce the risk of fraud tied to managing corporate accounts:
A small percentage of transactions take place face-to-face, and card-present fraud (aka counterfeit, lost/ stolen) rates are low, however, whenever accepting payment cards in a face-to-face environment, it is important to attempt validation of the cardholder identity and retain information about the cardholder that provides proof in the event a chargeback is received. To do this in an environment where the card is present, a chip card reading terminal is required. Given that the GDSs don’t do not currently make card terminals available to support airline ticket sales through travel agents, the only way to demonstrate that the card and cardholder were present is to obtain a signed and imprinted Universal Credit Card Charge Form (UCCCF).
With the growth of Europay, Mastercard and Visa (EMV) chip card technology in the U.S., a manual card imprint on a charge form no longer meets the burden of proof that the card is valid if the cardholder claims fraud and therefore disputes the charge. In other words, a signed UCCCF is no longer considered proof that the cardholder is present and the card is valid. Payment card company rules state that liability for card-present fraud (i.e., counterfeit or lost/stolen) loss falls to the entity (card issuing company, e.g. American Express, bank or merchant) that doesn’t support the chip technology. Therefore, since GDSs don’t offer chip reading terminals to travel agents, the agency is responsible in the event of a loss due to the agent’s acceptance of a counterfeit or lost/stolen card.
Although a UCCCF no longer provides a remedy for a card-present fraud chargeback, it can be provided as “compelling evidence” in an attempt to reverse the chargeback. This is why it is still considered a best practice to obtain a signed and imprinted UCCCF.
The following includes instructions for completing a UCCCF.
Note: Retain the signed, imprinted form in a secured location so it can be provided as compelling evidence in the event of a fraud chargeback.
Agents who know their customers have a lower risk of fraud than agents accepting transactions from unknown individuals. Information is critical when evaluating the risk of fraud. A merchant (airline, and therefore, agent) can start to evaluate the risk of fraud by evaluating the data available about a transaction and the customer.
The following are examples of data points often available about a transaction that can help evaluate the identity of a cardholder and/or the risk that the transaction could result in a chargeback. Please note, none of these items alone provide a full evaluation of the customer or the transaction, but when used together paint a more complete picture that can be used to evaluate risk. For additional information about red flags for fraud prevention, the “Payment Card Acceptance Red Flags” guide is available on the ARC website at https://www2.arccorp.com/support-training/fraud-prevention/best-practices/.
It is important to note that individuals perpetrating fraud are able to find ways to work around well-known red flags. Most travel agents know and understand typical customer travel behavior for their business. When travel trends fall outside the typical behavior, the risk tends to be higher. Agents are encouraged to stay informed of the latest fraud trends and be aware of customers that display behavior that is not typical for the agency.
In addition to fraud-related chargebacks, merchants can receive chargebacks for cardholder claims related to the service or a refund not received. When a service or refund related chargeback is received, the agent is required to provide proof that the terms and conditions of the sale were disclosed and accepted by the cardholder. As noted below, how the information is disclosed and accepted will differ depending on how the sale takes place (i.e. online, face-to-face, phone). Most “terms and conditions related disputes” are about the customer’s ability to refund or change a ticket and the associated fees. Therefore, regardless of how the transaction takes place, it is important to provide clear and concise disclosure of the rules at the time of purchase. Additionally, if a chargeback is received, the agent must provide proof that the cardholder was informed of the rules.
Face-to-face – Provide the customer with a written disclosure of the terms and conditions and ask them to sign it to acknowledge receipt. Retain it in case of a dispute.
Online – Include a “click-to-accept” of the terms and conditions of the sale. Include a clear and concise list of the key terms followed by an online check box. Obtain a screen print of your system in case of a dispute.
Phone – Read the key terms and conditions to the customer and request they acknowledge that they understand. Proof that this disclosure was completed is difficult to obtain, however, merchants have some success providing a recording along with a transcript as proof in case of a dispute.
The ARC Debit Memo Working Group is a group of travel agencies, airlines, GDSs and other industry partners focused on reducing or eliminating debit memos. When looking at debit memo reasons by dollar amount, payment card chargebacks are the highest category. Chargebacks are a pain point for both agents and airlines. While the best way to reduce chargeback debit memos is to reduce fraud, there is also an opportunity to reduce debit memos by disputing chargebacks that are received. For example, in a “friendly fraud” situation, there is an opportunity to provide data that demonstrates the cardholder was involved in and authorized the transaction. Following are some key steps to help successfully reverse chargebacks.
It is important to know the difference between friendly fraud and true fraud when deciding if, and how, to respond to chargebacks. It can be challenging because in both cases the chargeback is generally identified as “Fraud” or “No Knowledge” by the credit card issuer. Friendly fraud occurs when a cardholder participated in and authorized a transaction, but claims that the card was used without the cardholder’s knowledge. True fraud occurs when payment card data is stolen and used to purchase tickets without the knowledge of the cardholder.
The distinction between true fraud and friendly fraud is important when managing chargebacks because it is impossible to provide proof that the cardholder was involved and authorized the transaction when their card information was stolen and used to make the purchase. Therefore, merchants are encouraged to attempt to determine which chargebacks are friendly fraud versus true fraud before taking the time to respond to fraud chargebacks. Unfortunately, only friendly fraud chargebacks can be won.
There are two ways to reverse a chargeback. First, provide a remedy, which the card companies specifically define as evidence that the dispute is invalid. Second, provide “compelling evidence” that provides confirmation that the cardholder was involved in and authorized the transaction.
In the U.S. travel agency distribution channel for airline e-tickets, the information required to remedy (i.e., reverse) a fraud chargeback 100% of the time is not currently available. There are two main reasons why this is the case:
The good news is that in the event of a Visa fraud chargeback, if an airline provides proof that the cardholder was on the plane, the chargeback will be reversed. This can be challenging for the airline because the name of the cardholder is not provided on the chargeback. Therefore, the airline would need to provide documentation on all fraud chargebacks in the hope that some are reversed. Other payment card companies will consider proof that the cardholder was on the plane as “compelling evidence”, but not a remedy that would reverse the chargeback.
In summary, to increase the odds of reversing a fraud chargeback, the agent needs to provide proof that the true cardholder was involved in, and authorized, the transaction. Absent this proof, it’s unlikely that a fraud chargeback dispute will be settled in favor of the merchant (airline and, therefore, agent).
The payment card companies use the term “compelling evidence” to describe the documentation merchants can provide to prove that the identity of the cardholder was validated and that the cardholder was involved in the transaction. While compelling evidence may be considered by credit companies when reviewing a response to a chargeback, it does not provide a guarantee of remedy (i.e., reversal of the chargeback). The following are some examples of documentation that may be considered “compelling evidence” by some credit card companies and, when presented together, may demonstrate that the cardholder was involved in, and authorized, the transaction:
When an agency receives a chargeback notice from an airline, in an attempt to reverse the chargeback and/or avoid the loss, they are encouraged to do the following:
Any ARC participant that accepts payment cards as payment must keep all payment card numbers and personal information secure, whether in hard copy or electronically, and be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Additional information about PCI-DSS requirements can be found on the ARC website at https://www2.arccorp.com/pci-data-security-standards/
The best way to reduce the risks associated with payment card acceptance is to know your customer. Travel agents who meet customers face-to-face are in a better position to reduce exposure to fraud and chargebacks. It is important to keep in mind that as fraud prevention tools become more effective in card-not-present environments, fraudsters seek new avenues for perpetrating fraud. Therefore, it is important to remain vigilant and be on the lookout for customer behavior or ticketing patterns that are not usual for the agency.
There are many tools available to help merchants manage the risk of payment card fraud. For cardnot-present transactions, tools like Address Verification (AVS) and Card Identification verification (CID, CVV2 and CVC2) are available through the GDS. These tools, when used in conjunction with other red flags for fraud, allow merchants to review transactions and evaluate risk at the basic level. Tools like 3-D Secure, along with others tools that do device fingerprinting, online or mobile behavior evaluation, and machine learning, allow travel agents to evaluate transactions by employing a more sophisticated set of tools.
If you experience fraud or suspect fraud, please contact the ARC fraud prevention team at (703) 816-8137 or via email at email@example.com.