Best Practices for eCommerce API Payments
Whether you’re using Square’s API or one of our partners, accepting eCommerce payments is a great way to establish or grow your business. It’s also important to take additional precautions on these types of orders to prevent fraud and disputes. Even a successful payment could be from a card that hasn’t yet been reported as stolen or compromised.
Be Cautious of Requests for Immediate or Expedited Shipping
Additionally you can check to see if the shipping address is a private address. Mail drop locations such as UPS stores, and freight forwarders, are commonly associated with fraud and we do not recommend shipping to them.
Be Cautious of Large Orders for Expensive or Rarely Purchased Items
If the order seems out of the ordinary or too good to be true, you may want to request additional information from the buyer about their order.
Double-Check the Billing Address against the Shipping Address
If the addresses are not near each other or are in a different state or country, it may be an indication that your customer is not the cardholder.
Provide Tracking Information and Delivery Confirmations
If you’re shipping a product, make sure to keep the tracking information and a signed delivery receipt showing goods delivered to the cardholder’s billing address.
Obtain Acknowledgement of Services Rendered
If you’re providing a service, the card should be processed using a chip capable reader, like the Square Contactless and Chip Reader instead of via an eCommerce method. If you choose to accept an eCommerce payment for a service, be sure to have an itemized invoice with a statement of acknowledgement of services rendered to the cardholder’s satisfaction which has been signed and dated by the cardholder.
Obtain Acknowledgement of Terms and Conditions
At the time of checkout, have the cardholder electronically accept your terms and conditions of the sale, including your cancellation or return policy. Keep a record of this on file.
Utilise Risk Manager to Protect Your Business
Risk Manager is a tool that helps you spot and manage potential fraud from online payments you process with Square. You can create rules in Square Dashboard to trigger your own fraud alerts or to automatically decline suspicious payments. When you set up risk alerts, you can view additional details about suspicious payments, as well as options to issue a refund, block the payment card or dismiss the alert.
Read the Risk Manager FAQ to learn more.
Monitor Declined Cards
Declined cards can be a sign that someone is trying to pay using stolen credit card information. If you notice an order with mismatched billing and shipping information, review possible attempts to use multiple cards by logging in to your Dashboard, selecting Sales > Transaction Status. If a customer attempted to pay with multiple cards within a short time frame, refund the successful payment.
eCommerce Platform Merchants
Third-party eCommerce platforms (such as Bigcommerce and Ecwid) may offer additional solutions such as Signifyd to minimize your risk. While we currently don’t offer this option, you may be able to find a solution on these platforms that works best for your business.
eCommerce API Merchants
If you’re using the developer API, consider passing additional information to Square about your orders such as buyer email addresses and shipping information. More order details help us to better protect you.