At Tern, we are committed to helping advisors build and protect their travel businesses. Many advisors we speak with spend a lot of time thinking about growing their business. What gets significantly less attention is protecting the business they’re working so hard to build. We get it. Understanding the nuances of chargebacks, and how this differs from PCI compliance, isn’t nearly as fun as crafting that next dream trip for your client. However, it still matters a lot.
This goal of this post is a starting point to help you understand this complex topic. It's not an all-encompassing guide. You should also note that it is meant for informational purposes only - we are not lawyers and aren’t giving legal advice.
As we built our new credit card authorization tool, we spent a lot of time understanding this topic. We invested heavily in conversations with travel industry lawyers and experts. As we launched the tool, what we quickly learned is that this is not a well-understood topic among travel advisors. With this blog post, we hope to help with that.
Let’s say a client calls you and says something along the lines of: “Oh, I’ll just give you my card details over the phone.” that sounds good to you, so you write down the card details in a secure spot. You make a cruise booking valued at $12,000. Life is good. You’re already dreaming of that commission check.
A few months later, shortly before the cruise, your client calls you. They have experienced a family tragedy and can no longer make the trip. Unfortunately, they declined the travel insurance you quoted them. The trip is non-refundable. They have no way to get the money back. You feel awful, they feel awful. It’s a mess.
Shortly after you hang up, the client comes up with an idea out of desperation.
They think, ‘I can just dispute the charge and my credit card will refund it’. They don’t know it, but they just triggered a chargeback putting you on the hook for the funds.
Their credit card company will automatically claw back the $12,000 from the cruise line. Since you entered the credit card on the cruise line's website you are (usually) on the hook in the eyes of the supplier.
The cruise line needs proof you had explicit approval from the cardholder to use their card with the cruise line for the amount charged. Unfortunately, you took the card details over the phone. There is no paper trail and now you may be on the hook for the $12,000.
That big commission check just turned into a nightmare.
Before we get into how we can prevent this mess in the first place, let’s talk about why a chargeback exists. When I was living in London, I was going through my financial statements. I started noticing some weird charges. Five visits to McDonalds, 14 UberEats transactions in a week, several student bars. I hadn’t made any of these purchases.
I called American Express and said I thought someone had stolen my card. They took me through transaction by transaction and we figured out which ones were legitimate and which weren’t. I was refunded in full for the fraudulent transactions. Phew.
Now that money didn’t come out of American Express' pocket. They turned around and initiated chargebacks with the merchants that sold the goods and services to the fraudulent user of the card.
UberEats, McDonalds, and those bars lost that revenue. They essentially gave away those goods and services because they were sold to a fraudulent user. As a cardholder, this is great. It keeps you from being financially ruined if someone steals your credit card. However, as a business owner, it opens up a risk.
Now you may be thinking "well the travel companies are the suppliers so they are responsible for chargebacks, right?" In most cases they pass that responsibility on to you via their Terms and Conditions. When you give them the credit card information you're saying you have permission to use that card for that charge. So in the diagram above you're the merchant that is on the hook for the cost of any fraud. That's usually fine until there is a fraudulent claim of fraud (yes it happens, a lot).
Most newer advisors we talk to say “oh I know my clients, they would never do that” when we talk about chargebacks. Most experienced advisors we talk to have a story (or many) about a client like in our example. In many cases, the client doesn’t realize that by charging back a trip they agreed to it hurts you. Chargebacks are misunderstood generally.
Still, they do it. Even if they knew full well they told you to book the vacation on the phone and agreed to the cancellation policy, when things go bad and desperation hits they look for any opportunity to get their money back.
You’re usually on the hook for proving to the supplier you had the right to use the client's card.
From the credit card company’s point of view, they deal with thousands of chargebacks a day. In 2021, the FTC received reports of 389,000 credit card fraud cases representing $32B in losses. That’s over 1,000 per day in the United States alone. According to Clearly Payments, travel is the second most common industry for chargebacks.
By default, credit card companies assume that their clients are telling the truth. So they usually initiate the withdrawal/withholding of funds immediately. The first person you’re likely to hear from is the supplier you used the card with asking you for proof of authorization so they can fight the chargeback. Unfortunately, fighting the chargeback isn’t as easy as just telling the credit card company what happened. Let’s dig into why.
What does that have to do with chargebacks? Well, if you read the American Express reference guide for merchants (aka companies who accept their cards), it says they can chargeback: “whenever Cardmembers bring Disputed Charges…” and that
“All judgments regarding resolution of Disputed Charges are at our sole discretion.” - American Express Merchant Reference Guide
That part is really important. They get to decide if they rule in favor of their client or the merchant. In 2023, 70% of American Express' new accounts were for premium products like the Platinum Card. These are cards where the holders pay Amex $600+ a year for the right to use the card. It’s reasonable to assume American Express would tend to rule in favor of such a large source of revenue unless there is truly compelling evidence that their client initiated a fraudulent chargeback.
In a scenario where you only have an unrecorded phone call, it is your word against the client's. In that situation, why would they trust you over their client? They won’t.
Another way to think about this is what would it take for a stranger to convince you that a long-time client is trying to defraud you? That’s the process a credit card company goes through every time someone disputes a chargeback.
Credit card companies don’t give clear guidelines on what is needed to overturn a chargeback. This is made more complicated by the “authorization” model that travel advisors use being quite uncommon in today’s payment world.
Still, if you have proof that the client authorized the charge in writing with the following information, you’ll stand the best chance of winning a dispute.
As mentioned above, another way to think about the burden of proof that is on you as an advisor: What would it take for a stranger to convince you that one of your clients was trying to defraud you. That’s what you have to prove to the credit card company.
One of the comments we’ve seen lately is that “XYZ system is PCI compliant and so it’s ‘safe’ for me to use. Unfortunately, PCI compliance offers no protections for chargebacks.
PCI is shorthand for Payment Card Industry Security Standards. You may also hear PCI DSS which stands for “Payment Card Industry Data Security Standards.” As the name suggests, it is a governing body that manages the security requirements of storing and processing credit cards.
There is a lot of tech that goes into protecting credit card information. We won’t go into it all here. What is important is that when you ask someone “Are you PCI compliant?”, what you’re actually asking is: “Do you store and process credit card information in accordance with the security standards outlined by the PCI organization?”
What you are not asking is just as important. You are not asking anything about how the organization helps protect you from chargebacks.
Let’s go back to my story above. UberEats, which the fraudster ordered a lot of with my card, is without a doubt compliant with the PCI regulations. So is McDonalds and every other store they visited with my credit card. Still, a chargeback was filed with every one of those companies when I reported the fraudulent charges because they securely charged a card from someone who didn’t have permission to use it.
Systems that travel advisors have been using for decades skirt the question of how they protect you from your biggest liability (chargebacks) by throwing out their PCI compliance. This confuses the two and does a great disservice to the industry.
Tern spent weeks talking with advisors, lawyers, and researching these topics before writing a single line of code for our credit card authorization flow. To be honest, I couldn’t have told you what a chargeback was in detail before we started this project.
We were shocked that existing systems rely on manual invoicing processes and duplicate data entry that discouraged a paper trail. Worse yet, some systems allowed advisors to store credit card information collected over the phone, all but guaranteeing they’d lose a chargeback if that information was disputed.
We were faced with a choice. Do we build the standard flow of custom invoices, which would be a lot easier, or do we build something that helps advisors manage their risk, which is a lot harder. We chose the latter. We also wanted to make it feel magical to your clients. It should feel as easy to authorize a trip with a travel advisor as it does to checkout online.
We’re incredibly proud of what we built and while no system can eliminate your risk (you can still do things that aren’t compliant if you tried), we’re proud that Tern makes it easy to do the right thing.
You can see a full demo of the feature here. In Tern, advisors drag and drop elements to build a trip on a board view (shown below).
This board view automatically creates a beautiful proposal. By clicking Approve, the client can click approve and automatically be taken to the authorization flow. It’s one unified flow that feels as easy as online checkout.
Once the authorization is completed, Tern automatically sends a PDF to the advisor and the client. Here is an example of the PDF that Tern generates when an authorization is made. Let’s take a look at the table from above and see how this automatically generated document helps fight a chargeback.
This feature took us months to design and build. We wanted to make it feel magically easy to do the right thing. Not only does this create a client experience that is 10x better than anything else out there but it helps advisors manage their risk.