Website Security and Merchant Chargeback Fees

Stealing credit card information and identities is big business and can cause you a lot of headaches.

Fortunately with credit card theft the individual usually doesn’t have much to worry about, you call your card company and file disputes with the charges.  The funds are returned to your account.

The other unfortunate aspect to credit card theft is, to offset these disputes the merchants end up footing the bill.

When you charge back on your credit card, the merchant that billed your card pays a premium for every occurrence.  This generally ranges from $15-$30 per each dispute with the merchant.

For a small business this can be devastating to business. 

Let’s say you are selling physical items on your website.  The item costs you $20 wholesale, you sell it for $30 or $40 dollars.

Someone purchases with a stolen credit card, you ship the items.  Now the customer whos card was stolen disputes the charge. 

You’re now out the $30 in fees to your merchant account along with the $20 for the item, add on shipping and you can see how costly this can be.

Not only does the credit card process charge you (good luck winning these cases), they also add it to your chargeback ratio.

Get too many of these you’ll get a call from your processing company and they’ll explain how they are putting a percentage of all your funds in reserve.

This means, they will withhold a percentage of your transactions processed. So the next time you charge a customer $20, they’re going to charge you the normal processing fees, and they’ll tack on an addition % to keep in a reserve account.

Slowly, over time these funds will be released to you (generally 30-90 days) as the reserve is maintained.

However, as a small business owner this could end up being your entire profit margin putting you in a cash flow crunch.

Small Business Ecommerce need to protect themselves

It’s unfortunate but if you run an ecommerce site and accept credit cards, this needs to be on your mind. You need to be aware of the risks.

Depending on the monthly volume of transactions you are currently doing, just a few chargebacks can set off the alarms at processing companies and potentially put you out of business.

So what can you do?

You need to have the proper security measures in place. think of it as a cost of doing business.

Be grateful you don’t have a $1,000+ a month in storefront rent.

You need to keep your website applications up to date.

If you are running WordPress and woocommerce, make sure it’s up to date. Woocommerce has had several vulnerabilities over the years.

It’s even more important if you are running woocommerce addons, there’s been several addons with very high severity security vulnerabilities.

Entrust a Developer

You should have identified a developer you can trust or someone who can maintain your website.

Someone who can check your website on a daily basis and keep things up to date.


  • Spot checking orders.
  • Look for suspicious orders outside the areas of your customer base.
  • Enable security protections inside your merchant account (CVV code, zip code matching, etc)
  • Confirm any suspicious orders by calling the customer (require a phone number)
  • Look for anything suspicious around the contact information (phone number area code not matching delivery location).
  • Only ship to address matching card, do not ship to another address.
  • Notice if someone is EXTREMELY urgent to get their order, willing to pay an insane amount for fast delivery
  • Larger than normal quantity of orders

If you receive ANY Customer complaints about credit card theme

You need to IMMEDIATELY act if you receive ANY customer complaints about credit card theft.

Acting may mean temporarily putting your website in maintenance mode while your developer looks for any files that may have changes in the last 24-48 hours.

So your SEO isn’t affected, if you can pause ordering or disable the checkout process until you can research the issue.

Have your developer compare the current files to a known good backup from a few weeks prior. This can hint at any newly added files or modified files which should then be reviewed.

If you are running WordPress scan your site with our scanner. Additionally check and search for all your plugins to see if there is a new vulnerability.

If you are using Wordfence or Sucuri plugins, scan your files to see if anything has changed.

In Conclusion

Credit card theft is a huge problem. The impact to online small businesses is enormous.

Letting Website Security be an afterthought will eventually put you out of business.

Leave a Reply