SecurityCents Blog

Insights on payment data security, payments news and trends

Chargebacks with EMV PIN Pads


I get asked all the time about how to prevent chargebacks in the lodging space. It’s an interesting issue because hotels receive credit card transactions from several different sources and the rules will vary by channel. The simple answer is that the hotel has the best chance to win a dispute/chargeback based on fraudulent reason codes when the hotel reads the chip on the card when the guest arrives.  For card-not-present transactions and for those hotels still handling magstripe transactions, winning dispute/chargebacks based on fraudulent reason codes is much more difficult.

Again hotels process many types of transactions depending on the reservation channel, so let’s look at a few examples.

First, if the transaction comes from  an Online Travel Agency (OTA) reservation (some examples are Expedia, Priceline, Trivago, etc…), the  guest pays the OTA for the room with their credit card and the OTA pays the hotel for the room with a single use credit card delivered to the hotel electronically. The hotel will then charge that card (usually day of check-in) as card-not-present, based on the rules established. The hotel also must charge the card only once and in the full amount. If it is partially charged, the card will no longer be accepted. It is a single-use card; it cannot be used for incidentals either. The OTA would be the one to accept the charge if it is charged back/disputed. The rules for those circumstances would be in the agreement between the hotel or brand and the OTA. The site would need to talk to the brand, OTA, or CRS (Central Reservation System) provider about those rul

Second, if the transaction comes from a third party reservation for a group booking, or a supervisor is booking a reservation for an employee that doesn’t have a credit card, once again the hotel is not going to have a card presented at check-in. This is a risky transaction and should be considered carefully. If the hotel does a lot of these type of transactions they should look at a solution from someone such as Sertifi or B4Check-in. Solutions such as these send a secure email to the guest, the guest agrees to terms, signs a contract, and provides a payment method. Even though there is a contract, the credit card industry rules still consider this as a card-not-present transaction. In case of a chargeback/dispute for fraudulent reasons, the hotel might win if the hotel has an ISO or acquirer that will go to bat for them but otherwise there are decent chances that the hotel will not win. A hotel could take the guest to court as they did sign a contract, but it would likely cost the hotel more to contest than what it gets back. However, what I find interesting is when the guest signs that contract, it appears as if it is a legal document and that seems to significantly reduce the risk of fraudulent chargeback/disputes. John Stojka, co-founder of Sertifi, says their users “can eliminate up to 70% of fraud cases for transactions that use their solutions.” It’s not a guarantee but seems to be quite effective at ensuring the hotel gets paid for these types of transactions.

Third, if the guest does not cancel per the hotel policy (24 hours to 5 days out depending on the rate/model they purchase), the hotel has the right to charge a no-show fee, usually an amount equal to the cost of the first night’s stay. In this case, the guest never showed up so the hotel does not have a card to insert in the device or a chip to read. Obviously, this would also be a card-not-present transaction. If the guest disputes the charge for the no-show fee with their card issuer, there are reasonable chances that the guest will prevail. There are some protections specifically for T&E that say if the hotel clearly displayed the cancellation policy and the guest expressly agreed to it then the hotel will be able to retain the payment. This is why many travel sites require people to check the box that says you ‘read and understand’ when they book a hotel or a flight.

Fourth, many hotels have followed a policy of checking the guest in on the day of arrival (before the guest arrives) and charging the guest’s card on file at that time to make sure it is valid and they have funds. This is a very bad idea in an EMV world. [Checking in the guest with a card on file is a card-not-present transaction, which increases the risk of chargeback/disputes. Also, if the hotel does this and then reads a card when the guest arrives, the hotel may double charge the guest. This practice is outdated and should be avoided. Either the guest shows up and they can pay or they don’t and the hotel charges a no-show fee. In general, there is no value in checking them in card-not-present before they arrive with the exception of the 3 cases above where the hotel will never have a card presented.

The best way for a hotel to reduce or avoid chargebacks for fraudulent reason codes is to make sure the guest inserts his card at check-in and the chip is used for the authorization. That said, with some PMS systems, if the hotel doesn’t follow the procedure correctly, the hotel can read the chip and get back a token without actually authorizing the card. The auth is performed using the token retrieved from the chip read. That would also be a card-not-present transaction and will show up in BizPortal™ as “keyed” (key entered). Users should review the PMS instructions for authorizing using the chip very carefully and ensure staff are trained appropriately. Merchant Link monitors and provides reporting to keep tabs on this but the hotel operator should be checking his reports daily to ensure that all of the chip read transactions are showing up correctly. If significant numbers of transactions are showing up as key entered, the hotel needs to make sure all the front desk agents know the right procedures.

*Note – In the internet booking age, hotels get a lot of web based reservations via the OTA’s so 100% card present will be impossible. The best we usually see is about 70%.

We hope this will help you minimize the number of chargebacks lost, and maximize your card present qualified transactions.