opinion

Invention of Lying

The Invention of Lying: ”It’s a great flick if you haven’t seen it. I think it captures the reality of today’s payment landscape. Those who make the rules, do so in the perceived environment of the consumer being truthful.

This mindset is apparent when examining the rules and regulations for the ACH network. The rules are very clear with everything they define. However, there is one element of a transaction for which there is no accountability. This oversight would be the person who enters the transaction information into the website.

I think there are some very simple things that can be done to start to address the issue without putting more burden on the merchants while still being reasonable to the interests of the rest of the stakeholders.

At first glance you would not notice this oversight because the rules are very clear that a payment transaction has the following parties: a receiver (consumer), an originator (merchant), an ODFI (the merchant’s bank), an operator (Federal Reserve), an RDFI (the receiver’s bank) and a receiver (the bank account holder). Can you see it now? I’ll give you a hint: receiver is there twice. Yes, the receiver is both the consumer and the account holder. This initially seems reasonable. In what society would someone who does not have signing authority on an account use that account information online? It just wouldn’t happen in this day and age, would it? Nah, I don’t think so … well, perhaps once in a while but not at any rate that would really be worth considering for further examination, right? WRONG! This is a known issue that just keeps getting ignored and as a result, keeps getting worse.

In my search for any indication that someone has investigated this problem, I came across a few items that we should not ignore.

The first item is a survey that was published in the Journal of Marketing in October 1978. The title of this publication is “Fraudulent Behavior of Consumers. The other side of fraud in the marketplace: consumer-initiated fraud against a business.” This survey was conducted in an era during which consumers were mainly transacting in a face-to-face environment. The ACH network was only four years old and there were very few, and closely controlled, transactions flowing through its network.

The article started out by framing the annual cost of retail-level fraud by consumers. They reported that annually fraudulently cashed checks totaled at least $1 billion; fraudulent redemption of coupons was worth $100 million; store losses due to shoplifting translated into a $150 tax per family passed on through higher prices, and because of these abuses, business spent $2 billion on store security. It is important to remember that these figures represent values from 35 years ago. Using https://www.dollartimes.com/calculators/inflation.htm let us determine that only using the rate of inflation to get today’s values you would simply multiply each of those figures by 3.63. Astounding numbers, even without considering the natural growth of consumer initiated fraud.

The survey looks at 15 different fraudulent situations but I chose four as representative of the mindset and opportunity afforded the consumer in an online environment.

I chose “shoplifting” because that is a consumer stealing, with no attempt or intention to pay. We see this everyday in the news concerning people downloading copyrighted content for free. I chose “using a worthless check” because this represents people knowingly using a payment instrument that will fail. This is also an interesting one because, for the most part, this act is a criminal offense. “Dishonest coupon use” was defined as people handing coupons over to the check out that contained coupons for items they did not purchase. “Invalid warranty claims” were knowingly making a warranty claim for an item out of warranty. These last two I equate to consumers who knowingly state to their bank or a merchant that they did not authorize a transaction as well as those consumers who claim both fraud and a refund to make some money on their double dip.

One of the aspects investigated was people’s attitude toward various fraud situations. Shoplifting .9 percent said it is NOT wrong and another .8 percent said it is not serious. In terms of using a worthless check 1.7 percent said it is understandable and 13.1 percent said it is not serious. Dishonest coupon use had 2.6 percent state it is not wrong, another 29.3 percent saying it is not serious. Invalid warranty claims sat at 1.4 percent not wrong, 9.7 percent understandable and 36.1 percent saying it is not serious.

The survey then asked respondents to evaluate the situations from the behavior of their friends. The respondent selected either most of the time, once in a while, very seldom and never. The results for shoplifting were 9.5 percent most of the time, 1.7 percent once in a while. Using a worthless check had 7 percent most of the time and 9.5 percent once in a while. Dishonest coupon use scored 7.8 percent most of the time and 18.9 percent once in a while. Invalid warranty claim sat at 22.2 percent most of the time and 34.7 percent once in a while.

Finally the survey asked respondents about what they perceived as appropriate actions related to each of the situations. The potential responses were management should: do nothing, take preventative action, give warning or notify authorities. Related to shoplifting, 1.7 percent responded do nothing, 0 percent take preventative action, 59.5 percent said give warning. Using worthless check rated .9 percent do nothing, 6.1 percent take preventative action, 60 percent give warning. Dishonest coupon use posted results, 2.6 percent do nothing, 6.9 percent take preventative Action, and 26.7 percent give warning. Invalid warranty claim reported, 2.8 percent do nothing, 13.9 percent take preventative action and 29.1 percent give warning.

I encourage you to read the entire publication as it really does investigate and evaluate the issue of consumer initiated fraud.

Another mention of consumer initiated fraud was found in this paper published by the Philadelphia Fed https://www.philadelphiafed.org/consumer-credit-and-payments/payment-cards-center/publications/discussion-papers/2002/fraudmanagement_042002.pdf, In November 2001, The Philadelphia Federal Reserve office hosted a workshop on fraud management in the credit card industry. This report detailed various aspects of fraud and not just the consumer initiated fraud that a merchant receives. There are a couple paragraphs out of this publication that I want to share.

“In the Internet world there is no such connection. The order flows anonymously from a computer that can be located anywhere with no ability for the merchant to authenticate that the card number presented is associated with the actual cardholder. At this point there is no authentication system that has been generally adopted by all parties (credit card associations, issuers, merchants and consumers). Smart cards used with readers attached to computers offer one possible solution; but to date there has been little interest by consumers or computer manufacturers to invest in this technology. Issuers broadly indemnify cardholders from Internet fraud; therefore there is little incentive for consumers to make such investments. Association rules allow issuers to charge back these fraudulent transactions to merchants, which further diffuses incentives to tackle the problem.

“Another factor, according to Buttafogo, is the percentage of Internet fraud transactions that may be classified as “familiar fraud.” A transaction may be legitimately initiated by the cardholder for a product that could be considered dubious in nature, (i.e., pornography on the Internet). When confronted by a family member the individual may deny knowledge of the transaction and then report it as fraud. A legitimately billed transaction can then be reported as “never received” and reversed by the issuing bank. The U.S. Banker in a December 2001 report on cyberfraud titled “I Didn’t Do It” suggested that pornography charges like these probably accounted for half of all online fraud.

“Buttafogo then spoke about an even more insidious abuse in the card not present Internet environment. Computer programs, such as CreditMaster and Credit Wizard, are easily available on the Internet, and can be used to generate sequences of 16-digit credit card numbers from valid bank identification numbers or BINs (the first six digits of any card number). This enables the criminal to quickly transact multiple fraudulent sales from online merchants whose security does not block sales to sequential numbers. According to Buttafogo, these programs are the favored tools of organized gangs who are believed to be responsible for a significant percentage of the dollar losses associated with Internet fraud.”

To sum up the above discussion, consumers lie and steal at a rate that easily surpasses the restrictions for fraud placed on merchant accounts, online transactions suffer from a lack of systems that can guarantee the identity of the person entering the transaction information, online purchasing is targeted by fraudsters with computer programs to find and use card numbers and finally, merchants must bear the responsibility of this fraud as there is no incentive for anyone else in the transaction chain to take corrective action.

I think there are some very simple things that can be done to start to address the issue without putting more burden on the merchants while still being reasonable to the interests of the rest of the stakeholders. I will address these options in the next issue. In the meantime, ensure that your gateway and your merchant account provider can clearly articulate their current fraud measures and that they are continually working on your behalf to identify fraudulent transactions such as blocking sequential numbers to reduce the cost of fraud for your business.

Melody L is chief operating officer for L3 Payments.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More