Credit cards are the primary payment method for online purchases, reaching over 70% of sales in Brazil. One of the key advantages is that cards are practical: you get an immediate approval, without having to go to banks, and you can also pay in installments.
Credit cards work differently in each country, and in Brazil is no different. We’ll cover the Brazilian way of doing online business in another post, but here I’d like to point out a few secrets that even most locals are not aware:
1. Your name doesn’t count
Have you noticed that websites ask for the cardholder’s name? Well, that information is useless. The name is not verified. Some merchants check if the package’s recipient is the cardholder, that it stops there. In Brazil (and in other countries too) there is no automatic validation of the cardholder’s name.
I’ve seen many purchases being made for Chuck Norris or Luke Skywalker where the payment was approved. (Some argue that if the cardholder is Chuck Norris then the payment will always be approved, but I won’t get into that!)
Of course I don’t recommend you do that, because if the merchant does check this, your order will be held for review or even canceled.
2. Your tax ID also doesn’t count
Requesting a person’s tax ID (or CPF as we call) is very common here, unlike in the US. Merchants use for to generate invoices and run credit fraud checks. What most people aren’t aware is that, just like the name, the CPF is not verified. There is no way to tell that a card belongs to a certain CPF.
How could someone validate that? Just issuing banks know what cards belongs to whom, but for many reasons – cost, complexity, security – this information cannot be queried.
3. Your billing address counts a little…
Finally, something that is checked! Or maybe not quite. AVS (Address Verification System) is widely used in the US to check if an address belongs to that credit card by checking it with the issuing bank. But in Brazil things are not that easy.
The main problem is how street names are abbreviated. For instance, you say you live on Nossa Senhora de Copacabana Ave, but in the bank’s record it’s listed as N. S. de Copacabana Avenue. The system won’t be able to tell it’s the same address. When you add other variables (Apartment number, building name) it gets even trickier. So while AVS exists in Brazil it’s only partially accurate, if you check for the ZIP code.
4. All cards are smart
In Brazil all credit and debit cars are Chip and PIN, and it’s been like that for several years now. EMV cards are more secure because they require a PIN to be entered in the POS to authorize a transaction, and PINs are harder to steal. It’s possible, and I have personal experience with that, but it’s way more unlikely.
This means that for years brick-and-mortar shops have had the benefit of liability shift, so if someone comes into their store with a stolen card and it gets approved, the banks are responsible. Merchants trust chip and PIN so much that hardly anyone is asked for an ID when making a card payment.
E-commerce is another matter entirely, as 3D Secure is just beginning.
5. Credit card is still the safest way to buy online
Yes, your card might be stolen, copied and used for fraud. But it’s not your fault that the website was fake or that the merchant wasn’t able to protect themselves from attackers. You are protected against unauthorized charges. If your card was used for fraud, you can simply call the bank and ask for a refund.
Other payment methods work differently. If you pay a fake Boleto you can’t go to the bank and ask for your money back. You’d have to fight in court, which takes considerably more than a call to the bank.
About Konduto
We are a startup developing an innovative technology to bar e-commerce frauds. Our intelligent anti-fraud monitors the client throughout his purchase journey in your site and evaluates the transaction in real time – our answer is given in less than 1s! We detect only the purchases that are really suspicious, approving more orders and reducing the costs with frauds. Send us an e-mail on hi@konduto.com