Website Requirements for Cruise Lines

The following best practices should be taken into consideration by cruise line companies when building their websites and designing their service policies:

• Require website membership to book cruise reservations. By requiring customers to become website members, merchants can collect additional information that can help assess risk. When creating member profiles:
  
  • Verify customer data before storing it.
    
  • Implement strong security measures such as secure data storage and limited employee access to protect sensitive customer information.
    
• Collect, verify and store email addresses. Customers should be asked to provide a valid email address during the registration process. An invalid email address may be an indicator of risk.
  
• Issue confirmation numbers for cruise reservations. Issuing reservation confirmation numbers helps assure customers that their cruise bookings were successful and will be honored on the date of the trip. Merchants should build their systems to support customer reservation confirmation inquiries.
  
• Issue a cancellation number to the cardholder. A cancellation number must be issued when a cruise is properly canceled. Cardholders should be advised to save their cancellation codes.
  
• Clearly display change your fee policy and pricing. Informing customers in advance of the terms and conditions of your change fee policy and the amount of fees that will be assessed if booked itineraries are changed helps reduce customer inquiries and disputes. This information should be prominently displayed on your website so that customers can review it before purchasing tickets.
  
• Clearly display refund rules on both your booking and confirmation pages. Making refund policies available to customers can help preserve customer relations when they cancel their cruises. Displaying refund rules on both your confirmation and booking pages helps educate customers about your refund policy prior to ticket purchasing and then it reinforces this policy after the booking has been made.
• Determine whether or not to allow third-party sales and establish appropriate policies. By allowing tickets for cruise passengers to be purchased by third parties, merchants increase sales but also increase their risk exposure. For example, a criminal may use the information from a legitimate card to fraudulently purchase a ticket in his or her own name. Merchants should consider implementing the following best practices:
  
  • If you decide to allow third-party purchases over the internet, adequate procedures should be established to minimize your risk exposure. For example, you may require that third-party purchasers have the same last name as the ticket recipient or to accompany the ticket recipient during the travel.
    
  • If you decide not to allow third-party purchases over the internet, adequate procedures should be established to direct third-party purchasers to your physical sales offices.
    
• Capture and save Internet Protocol (IP) addresses. It is important to know the IP addresses of the Internet Service Providers (ISPs) from which customers make purchases. A database of these addresses can be used to develop your fraud-screening tools based on transaction characteristics.

Best Card Acceptance Practices for Car Rental Companies

The following best card acceptance practices should be taken into consideration by merchants selling airline tickets:

• Obtain an incremental authorization approval if the car rental period is extended. When a customer wishes to extend the rental car period beyond the time frame of the original agreement, an incremental authorization approval needs to be obtained for the additional transaction amount that will be generated by the car rental extension. The following best practices should be applied:
  
  • Standard authorization procedures should be followed to obtain an approval for the incremental transaction amount.
    
  • If a "decline" response is received, the customer should be contacted and an alternative payment method should be requested for the amount that was not approved.
    
• Settle only for the cumulative approved authorization amount if an incremental authorization was declined. Applying good settlement practices will help minimize chargebacks, processing costs, and potential losses when card issuers decline incremental authorization requests.
  
  • Submit a settlement transaction for the total approved authorization amount without including any amount for which authorization has been declined.
    
  • Obtain an alternative form of payment for the declined incremental amount.
    
• Submit an authorization reversal if the originally approved authorization amount exceeds the actual car rental cost. In some cases, the actual cost of a rental car may be less than the amount previously estimated for the authorization approval. To complete settlement and to avoid tying up the customer's credit, an authorization reversal must be submitted for the difference between the authorization amount and the actual rental agreement.
  
• Understand and apply the final authorization and the 15 percent rule. At the end of the car rental period, authorization is required in the following instances:
  
  • If there was no previous authorization the total transaction amount must be authorized.
    
  • If there was a previous authorization, and the actual final transaction amount is more than the previous authorization amount, the "15 percent" rule needs to be applied to determine whether or not an additional authorization is required. To do this:
    
    • Add 15 percent to the previously authorized amount.
      
    • Compare the total (sum of authorization plus 15 percent) to the actual transaction amount.
      
  • If the actual amount is more than the total, an additional authorization is required for the difference between the original authorization and the final transaction amount.