operation payback debrief_ebook_sv
TRANSCRIPT
563457568674 563457568674 563457568674
23%
0004
48
0004
48
0004
48
0004
48
DAT
A 6.
01
DAT
A 6.
01
DAT
A 6.
01
DAT
A 6.
01
DAT
A 6.
01
DAT
A 6.
01
DAT
A 6.
01
DAT
A 6.
01
DAT
A 6.
01
23%
OPERATION PAYBACKEVENT DEBRIEF
INTRODUCTION
Realex Payments invited some of the top names in e-commerce to attend our Operation Payback event in the Churchill War Rooms in order to discuss the challenges that they face in identifying and managing fraud, and the improvements that they would like to see across the industry.
This e-book summarises the key topics of this discussion.
OPERATION PAYBACK EVENT DEBRIEF
THE CHALLENGES OF CHARGEBACK MANAGEMENT
Chargebacks can represent a substantial loss to merchants in terms
of lost revenue, stolen goods and financial penalties from banks and
the card schemes. Merchants need to address chargebacks but feel
that they don’t get the support that they need from acquirers, issuers
and card schemes.
The schemes state that acquirers should be investigating and defending chargebacks on merchants’ behalf, but don’t appear to be exerting much pressure on them to do so. Similarly, there is a feeling that chargebacks are not being adequately investigated by issuers and that cards are not being cancelled in all cases where a chargeback has occurred. This places the burden of responsibility of defending against fraud firmly on the merchant, and leaves the chargeback system open to abuse - customers can simply charge back in cases where they are not entitled to a refund.
LACK OF INVESTIGATION FROM ACQUIRERS AND ISSUERS
Merchants need to be properly informed to effectively combat fraud. However, there is a lack of transparency over the processes that actors in the payments ecosystem use to handle fraud and chargebacks. For example, it is strongly suspected that card issuers are employing ever more sophisticated methods of automatic fraud detection, but because they operate in such an opaque manner, it is difficult for merchants to understand how those systems impact transaction processing.
This implies that merchants may not have visibility over their effective fraud rate – if issuers are declining suspect transactions on merchants’ behalf, but not sharing that information, then merchants can’t see the wider trends in fraud. This leaves merchants exposed to the fraudulent transactions that the issuers do not identify. Furthermore, a merchant with a high rate of fraud may be considered high risk by issuers, but if the merchant is not aware of their true fraud rate, they will not be able to address the issue effectively and may experience a higher rate of declines over time.
These issues of transparency persist throughout the transaction lifecycle. Merchants report that they are not being provided with enough information to dispute chargebacks – the burden of responsibility is entirely on the merchant to prove the legitimacy of a transaction – and they find themselves unable to integrate this information effectively with their fraud management processes. Merchants are aware that there is more detailed information available about trends in fraud management, but they are not being provided with access to this information.
LACK OF TRANSPARENCY
OPERATION PAYBACK EVENT DEBRIEF
The charges and penalties associated with handling chargebacks are steadily increasing, exerting additional financial pressure on merchants already struggling to manage fraud. It is widely suspected by merchants that this upward trend is at least partly associated with the introduction of new regulation on interchange, with issuers and acquirers increasingly seeing chargeback fees as a valuable stream of revenue in an environment where there is downward pressure on transaction processing charges.
This trend is particularly problematic for digital goods merchants and those processing low-value transactions, because the cost of a chargeback may exceed the value of the transaction itself. This is a source of frustration for merchants as they are being penalised for chargebacks but are not receiving the support they require to prevent them.
CHARGEBACK FINES
The rules governing chargebacks overwhelmingly favour the consumer, which makes it difficult for merchants to effectively identify and manage fraud. This issue is not confined to card transactions. Under the rules of the SEPA Direct Debit Scheme for example, consumers have almost unlimited chargeback rights, and financial institutions are compelled to make it as easy as possible for the customer to dispute a charge. This has led to a situation where customers are successfully charging back transactions without providing any evidence or going through a dispute process.
CONSUMER-CENTRIC PAYMENTS ECOSYSTEM
THE CHALLENGES OF CHARGEBACK MANAGEMENTOPERATION PAYBACK EVENT DEBRIEF
Friendly fraud, whereby a payment is made by the genuine cardholder and charged back in order to obtain a refund, is a significant issue for subscription payments. Customers who have forgotten to cancel subscriptions can simply charge back payments, claiming that they haven’t logged in or used the service. Merchants can do little to prevent such situations and it is very difficult to win disputes.
FIRST PARTY OR “FRIENDLY” FRAUD
Merchants can reduce their exposure to chargebacks with 3DSecure. However, 3DSecure causes friction in the payment process and was designed without consideration to mobile payments. This can hurt conversion.
It is hoped that these issues will be successfully addressed by 3DSecure 2.0, but there is no clear timeframe for its release. An interim solution is to process only high risk transactions through 3DSecure, but merchants need more information in order to effectively identify such transactions.
BIN data would be useful here as this would provide merchants with relevant information like the card’s country of origin and issuer. However, BIN databases are very difficult to obtain. Furthermore, for payment methods that use tokenisation, e.g. Apple Pay, the acquirer does not have visibility over the card number.
3DSECURE – FRICTION AND LACK OF TRANSPARENCY
THE CHALLENGES OF CHARGEBACK MANAGEMENTOPERATION PAYBACK EVENT DEBRIEF
TOWARDS BETTER FRAUD MANAGEMENT PRACTICES
All of the actors in the payments ecosystem have a responsibility to share
in the burden of managing fraud and chargebacks. More collaboration is
required to ensure that fraud can be identified and tackled. Merchants
need to use all of the tools available to them to ensure that they don’t
become a soft target for fraudsters in an increasingly sophisticated
payment processing environment.
The discovery of major security breaches, like the recent incident at TalkTalk, hits the headlines, but the likelihood is that merchants are only aware of a fraction of the security breaches that occur. Merchants are at risk from account takeover and must ensure that their level of authentication matches the threat. Fraud managers can stay one step ahead by building solutions with the assumption that customer login data has already been compromised.
Two-factor authentication and enforcing password changes can help, but in the future, other methods of authentication, like biometrics, may be required. Meanwhile, traditional authentication methods, such as 3DSecure, are a vital tool in minimising liability; however, they should be applied tactically to ensure that they do not have too great an impact on conversion. For example, merchants may choose to forego authentication for known customers, even though this may mean losing the shift in liability for subsequent transactions.
MORE FOCUS NEEDS TO BE PLACED ON STRONG AUTHENTICATION
While collaboration between merchants can result in a loss of competitive advantage, the need to defend against fraud renders it necessary. Understanding other merchants’ approaches to fraud management can be beneficial, and shared data can help merchants to identify fraud more easily. However, there are barriers to sharing data in the form of regulatory issues and consumers’ reluctance to allow data sharing. A common phraseology or terminology for Terms & Conditions may help to ease consumer concerns about the integrity of their data when shared.
MERCHANTS MUST COLLABORATE TO SHARE INTELLIGENCE AND DEVELOP BEST PRACTICE
OPERATION PAYBACK EVENT DEBRIEF
Raw issuer response codes can be used to determine the exact reason for a decline in many cases, including those cases where the transaction was declined on the grounds of suspected fraud. TC40 reports, which aggregate data on chargebacks, can help merchants to keep up to date with emerging trends in first and third party fraud. These valuable sources of data are supposed to be made available to merchants, but unfortunately, acquirers are often reluctant to share. Merchants need to leverage their acquirer relationships and press for access.
MERCHANTS NEED TO LEVERAGE ACQUIRER RELATIONSHIPS TO ACCESS VALUABLE SOURCES OF DATA
There is a lack of trust between merchants and issuers that hinders collaboration. Issuers appear to think that merchants recognise fraudulent transactions and continue to process them, while merchants are frustrated at the lack of visibility over issuer decline logic. An increase in chargebacks will lead to an increase in declines which is bad for issuer and merchant. It would be preferable to have more collaboration and transparency – this would help merchants to reduce chargebacks by improving their fraud management. PSPs may have a role to play in facilitating a better understanding between merchants and issuers.
MERCHANTS AND ISSUERS MUST RECOGNISE AND WORK TOWARDS THEIR COMMON GOAL – ELIMINATING FRAUD
TOWARDS BETTER FRAUD MANAGEMENT PRACTICESOPERATION PAYBACK EVENT DEBRIEF
New techniques for identifying and managing fraud are emerging all of the time. Some of these techniques become established best practice. For example, IP geolocation and device reputation services initially emerged as cutting edge technologies but are now considered to be a basic component of effective fraud management. However, others may prove to be less effective.
Machine learning and “big data” approaches may prove to be a powerful tool in the future but could significantly impact customer conversion if not managed properly. In particular, there may be issues with transparency of decision making, and merchants who employ machine learning algorithms could be accused of profiling. Authentication by social footprint has also received a lot of attention, but it may not be entirely reliable; in many cases it may be relatively trivial to spoof a customer’s social media presence.
Trialling new services may carry an overhead in terms of cost and customer conversion; however, the most forward thinking merchants are willing to trial emerging technologies to see what benefits they can bring. Smaller merchants need to be aware of the risk of not keeping up with current trends: when larger merchants implement new technologies, fraudsters may simply turn their attention to less sophisticated merchants who are seen as “soft” targets.
MERCHANTS NEED TO KEEP AN EYE ON EMERGING TRENDS IN FRAUD MANAGEMENT
TOWARDS BETTER FRAUD MANAGEMENT PRACTICESOPERATION PAYBACK EVENT DEBRIEF
OPERATION PAYBACK EVENT DEBRIEF
Fraud is becoming increasingly difficult to detect - there is no easy way to identify and manage clean fraud and first party fraud. Emerging technologies and techniques may be employed to minimise these threats in the future, but for any such approach, a period of trial and error is necessary before it comes into widespread use. However, issuers, acquirers and merchants already have valuable information and insights that can benefit each other if shared. Currently there is a lack of collaboration and transparency between these parties and among merchants themselves. If this is addressed, it will help all to achieve their common goal of reducing fraud.
Realex Payments recognises the need for shared data and we allow merchants to reinforce their fraud detection with data intelligence from 68 billion transactions processed annually through Visa and CyberSource. Realex Payments’ fraud offering also provides the fraud detection checks that should form part of any well-equipped fraud defence, like device reputation checking, IP geolocation and velocity checking. We understand the need for merchants to trial various configurations in order to optimise their fraud management, and we provide access to the analytical tools that allow merchants to do so quickly and without affecting conversion.
Our fraud tool has a market leading user experience with an interface design that is based on extensive research on end users goals. It caters for the needs of different user types – for fraud managers, setup must be straightforward and intuitive, while fraud analysts need to be able to efficiently manage and action queued transactions.
We also recognise the importance of demonstrable return on investment. We provide merchants with full visibility over the transactions that they are holding or blocking, and their associated value, so that they can easily assess the effectiveness of their fraud configuration and its impact on conversion and revenue.
CONCLUSION
