opinion

Potentially Simple Solutions for Credit Card Fraud

Over the last few months I have been investigating and writing about consumer initiated fraud. I have been defining the issue, giving recent examples of the issue, providing data about the issue and demonstrating that it is a known issue and has been for quite some time.

Along with providing to you a solid foundation of understanding regarding the issue of consumer initiated fraud, I am going to propose some ideas on ways to actually tackle the issues that exist.

If the card associations and regulators can tout setting chargeback ratios and penalties for those merchants and acquirers who exceed those thresholds as successful in combatting fraud, then the same structure should work on the issuing banks.

To sum up my previous conclusions, consumers lie and steal at a rate that easily surpasses the restrictions for fraud placed on merchant accounts, online transactions suffer from a lack of systems that can guarantee the identity of the person entering the transaction information, online purchasing is targeted by fraudsters with computer programs to find and use card numbers and finally, merchants, the most impacted party, must bear responsibility for addressing this fraud as there is no incentive for anyone else in the chain of the transaction to take corrective action.

Issue 1: Online transactions suffer from a lack of systems that can guarantee the identity of the person entering the transaction information.

The ideal solution is that a system is developed which positively identifies the consumer and provides the proof that the consumer does, in fact, have the authorization to use that payment method. This is a very tall order, especially for an online transaction. There are companies in the marketplace which attempt to address this issue by performing some check on the consumer’s system, or take a snapshot of their credit card, running pieces of the data through databases, but none of these checks guarantee that the consumer is who they say they are or have the right to use that payment instrument.

Further, this is an additional cost to the merchant and there is no guarantee that this will result in a legitimate consumer. The only tool out there is provided by the card associations through their Verified by Visa and MasterCard SecureCode that provided the consumer jumps through all these hoops and eventually successfully transacts with the merchant, the merchant is off the hook for the consumer claiming the transaction was unauthorized. Any way you look at these solutions, it is the merchant again who is being forced to forgo sales in hopes that they are eliminating the bad transactions and not the good ones.

I think the relevant question here is, Does it make sense to have a chargeback ratio that is the same for all merchants and transaction types? At a minimum, a utility company, a mortgage company or even a property management company should be held to a much stricter set of rules then an ecommerce merchant. The first solution is to provide a different ratio standard for e-commerce merchants. This is not challenging to implement because ACH has a WEB designation on their transactions and the card associations have a Merchant Classification Code that designates the merchant type resulting in the classification already being clear.

Issue 2: Consumers lie and steal at a rate that easily surpasses the restrictions for fraud placed on merchant accounts, It is unrealistic to think that consumers will stop lying and stealing, especially when there is no real consequence for so doing. There is only the reward of getting something for nothing and their money back.

I believe that there are two actions that can take place to assist with this issue.

First, the majority of consumers simply want their money back and they do not want to call the merchant because that is like lying directly to someone’s face … which, for the most part, is still taboo. But if there were a return reason code that was not considered merchant fraud but more along the lines of buyer’s remorse or account misuse then everyone would be happier as the consumer would get their money back in the first call, the issuing bank keeps their consumer happy, the card associations still wave their “secure network” flag and the merchant wouldn’t have to bear the additional negative consequences that a chargeback creates. Keep in mind that the merchant still bears the financial implications of each negative sale on their business.

The second action has to be that every time there is a transaction that is returned as unauthorized or fraud, the consumer’s payment account has to be terminated and they have to get a new one. How perfectly suitable is that solution? If you really did have an unauthorized transaction on your account, then you and your bank should be very keen to shut down that exposure. The consumer incurs the additional headache of updating any automatic or stored billing options they have with others, and the waiting period for the new cards and checks but their account was compromised … isn’t closing the account and opening a new one the responsible thing to do? If someone stole their house keys, I bet they would change their locks, even if they knew the culprit. Issuing new accounts also costs the issuing bank money as they have the administration and the physical costs associated with account setup! Further, those nasty merchants and fraudsters would not have the new account information so the consumer’s and bank’s money and reputation are all safe and sound.

Issue 3: Online purchasing is targeted by fraudsters with computer programs to find and use card numbers.

This is a real problem for everyone who owns a business, a payment instrument, or the banks themselves. There is a lot of private enterprise out there creating great technology to address this issue and help merchants discover that a consumer is potentially fraudulent but as the systems get smarter so do the fraudsters and it is their business to crack the code to continue making money. As a result, this has to be a joint effort with the banks as it is only the banks that actually know if the account number is valid, if the name (or other data) on the transaction matches the account owner and if there are funds in the account.

The only realistic action is to have a different standard set for chargeback and unauthorized transactions on ecommerce merchants as described earlier.

Issue 4: Merchants must bear the responsibility for addressing this fraud as there is no incentive for anyone else in the chain of the transaction to take corrective action.

It is time for the regulators and card associations to return some balance to the networks. If the card associations and regulators can tout setting chargeback ratios and penalties for those merchants and acquirers who exceed those thresholds as successful in combatting fraud, then the same structure should work on the issuing banks. It is my belief that the consumer’s banks should also have to stay under a given ratio of chargebacks or unauthorized transactions that they initiate. After all, it is the issuing bank that takes the call from their consumer and processes the complaint that leads to a chargeback.

To support this concept, I analyzed a year’s worth of return data for ACH transactions. I grouped the return data into three groups: NSF, Invalids and Unauthorized. I then calculated the ratio of each banks returns to see the split of the three groups against their own returns. You would hypothesize that the ratios would be similar across the majority of banks. What I found was enlightening. The biggest banks in the nation generated twice as many unauthorized transactions compared to the average of all the banks.

One can postulate that those banks are getting their consumers off the phone, as quickly as possible, as happy as possible. There is a cost to customer support and those banks are motivated to keep those costs down. There were two notable exceptions though. The first was the bank that also was the originating bank. This bank had a balanced view of the situation because it would be their merchant they would be penalizing from their consumer as they are both banks in this scenario and thus responsible to the regulators for what they, as a merchant account provider, generate into the network.

The other exception was a large credit union where it was apparent that they took the time to know their consumers and caught true fraud as it happened and due to the personal relationship, consumers were less likely to lie to them regarding transactions.

Every solution which I have proposed would be easy to implement, would help address the problem and would not create too much of a burden on any one entity. However, I doubt that any of these items will ever be implemented. The reason is quite simple: there has been no merchant group to date that has banded together to stand up and say, enough is enough. There is no access to information for an individual merchant to really understand how big a problem this is, so as a result e-commerce merchants devise ways to be able to operate within the gray area of the rules so that they can mitigate the results of the all-too-unbalanced power of the issuing bank and its consumer. Quite frankly, who can blame them.

L3 Payments, along with other providers, is dedicated to providing merchants with the tools and knowledge to successfully operate within the current environment as well as provide a reasonable, experienced voice at industry groups and to the regulators to help maintain some sensibleness in the payments networks. In this continued effort, I welcome your stories, experiences and findings.

Melody L is chief operating officer for L3 Payments.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More