Best Practices for eCommerce API Payments
Whether you're using Square’s API or one of our partners, accepting eCommerce payments is a great way to establish or grow your business. It’s also important to take additional precautions on these types of orders to prevent fraud and disputes. Even a successful payment could be from a card that hasn't yet been reported as stolen or compromised.
Be Cautious of Requests for Immediate or Expedited Delivery
Additionally you can check to see if the delivery address is a private address. Mail drop locations such as UPS stores and freight forwarders are commonly associated with fraud and we do not recommend delivery to them.
Be Cautious of Large Orders for Expensive or Rarely Purchased Items
If the order seems out of the ordinary or too good to be true, you may want to request additional information from the buyer about their order.
Double-Check the Billing Address with the Delivery Address
If the addresses are not near each other or are in a different state or country, it may be an indication that your customer is not the cardholder.
Provide Tracking Information and Delivery Confirmations
If you’re delivering a product, make sure to keep the tracking information and a signed delivery receipt showing goods delivered to the cardholder’s billing address.
Obtain Acknowledgement of Services Rendered
If you’re providing a service, the card should be processed using a chip capable reader, like the Square Contactless and Chip and PIN Reader instead of via an eCommerce method. If you choose to accept an eCommerce payment for a service, be sure to have an itemised invoice with a statement of acknowledgement of services rendered to the cardholder’s satisfaction which has been signed and dated by the cardholder.
Obtain Acknowledgement of Terms and Conditions
At the time of checkout, have the cardholder electronically accept your terms and conditions of the sale, including your cancellation or return policy. Keep a record of this on file.
Monitor Declined Cards
Declined cards can be a sign that someone is trying to pay using stolen credit card information. If you notice an order with mismatched billing and delivery information, review possible attempts to use multiple cards by logging into your Dashboard, selecting Sales > Transaction Status. If a customer attempted to pay with multiple cards within a short time frame, refund the successful payment.
eCommerce Platform Merchants
Third party eCommerce platforms (such as Bigcommerce and Ecwid) may offer additional solutions such as Signifyd to minimise your risk. While we currently don't offer this option, you may be able to find a solution on these platforms that works best for your business.
eCommerce API Merchants
If you're using the developer API, consider passing additional information to Square about your orders such as buyer email addresses and delivery information. More order details help us to better protect you.