August 19, 2016
3 Ways Merchants are Causing Unnecessary Credit-Card Declines
By Karisse Hendrick, Editor-at-Large, CardNotPresent.com
A recent CardNotPresent.com article on TC-40 reports looked at one reason issuers might decline a CNP purchase, perhaps leading to confused customers and lost sales. While having a high number of cardholder fraud claims (which are reported on the TC-40) is a likely cause of high declines, there are other actions merchants take or do not take that can lead to a high incidence of authorization declines by issuers. In this article we discuss three more ways that merchants may inadvertently be causing declines on cards that would otherwise be authorized and the steps some have taken to greatly increase revenue and retain their customer base.
Not capturing CVV
Known as CVV, CID and CVV2, the last three digits on the back of a credit card (or the last four on the front of American Express cards) are included as an extra security measure to confirm the person entering a card number in a CNP transaction has possession of the card. Because it is not required by the card brands and does not impact interchange qualifications, some merchants elect to not capture the CVV during checkout because they see it as an impediment that negatively affects conversion. Also, because this information often is included when hackers sell stolen card numbers to fraudsters, even if the person making the purchase supplies the CVV it is not a lock that it is the rightful cardholder. Some organizations, therefore, have elected to forfeit capturing this in exchange for more sophisticated fraud prevention tools. Some merchants, however, have found the humble CVV does have a positive effect on fraud without harming conversion.
A well-known online ticket merchant that was not capturing this information began experiencing an increase in fraud chargebacks. The company decided to see if having the CVV would help in identifying fraudulent transactions. The marketing department, of course, was worried one more data field in the checkout process would cause good customers to abandon their shopping cart, but they agreed to a three-month test, tracking sales and fraud rates.
Unsurprisingly, when the CVV matched what the bank had on file, it helped identify fraudulent transactions and resulted in fewer fraud chargebacks. The sales data, on the other hand, surprised both the marketing and fraud departments. Capturing this information resulted in a 5 to 6 percent increase in top-line sales. The comany attributed at least some of the increase to fewer customer service calls from confused customers who were unsure why their cards had been declined by this merchant but not others.
One of the reasons issuers decline transactions is their perceived risk of a merchant (TC-40s being one data point affecting that perception). This merchant learned the more data they send through to the issuer on a transaction, the less risky the bank perceives the merchant to be, resulting in a higher probability that more transactions will be authorized.
Not participating in 3D Secure
Similar to CVV, 3D Secure has a reputation for hindering sales. In some cases, cardholders can be prompted for an additional password or to answer security questions with their bank when 3DSecure is used. These situations have become increasingly rare, however, especially when a merchant has the ability to select which transactions will utilize 3D Secure based on various risk factors. More recent 3D Secure solutions enable merchants to use it in cases where an issuer has a history of challenging transactions, doesn’t participate in 3D Secure or determines the transaction has an elevated risk of fraud. Only using 3D Secure when necessary limits the impact to cardholders, addressing some concerns about conversion. When 3D Secure is utilized, liability for fraud chargebacks shifts from the merchant to the issuer. Interchange is reduced as well. But, there is a third benefit that many merchants utilizing 3D Secure have experienced—higher authorization rates.
In a recent case study published by CardinalCommerce, Amtrak shared that by selectively using 3D Secure, it not only saw a decrease in fraud chargebacks, but also realized a 2.6 percent improvement on overall authorization rates. Similar to when the ticketing merchant added CVV information, Amtrak found that providing issuing banks with more information about the transaction via 3D Secure provided more confidence in the transaction, and assurance that it was doing all it could to prevent fraud.
Performing a $1.00 pre-authorization
The practice of confirming a credit card’s validity by issuing a $1.00 pre-authorization was once a common attempt by merchants to prevent fraud and to verify the AVS (Address Verification Service) and CVV information before charging the full amount. Visa began issuing a “misuse fee” in 2009 for authorizations that do not result in a settled transaction, but this practice still occurs—sometimes it’s part of a hard-to-change legacy system or merchants simply may not be aware this is no longer good practice.
Because it looks a lot like card-testing (when fraudsters test the validity of a card with an unsuspecting merchant before selling the card for misuse) banks are suspicious of $1.00 authorizations and many decline transactions with merchants that perform them. So, a tactic merchants were using to fight fraud has evolved into an indicator of fraud.
Visa recommends any company still doing this to do one of three things: Optimally, discontinue use of pre-authorizations immediately and only send an authorization request for the amount of the transaction. If a legacy system makes it impossible to discontinue this practice, these transactions can be reversed or voided within 72 hours of authorization. Lastly, Visa introduced Account Verification, which allows for a zero-dollar authorization request, providing AVS and CVV verification without holding any funds. MasterCard has a similar verification process for CNP merchants. Not all processors have systems that enable merchants to process zero-dollar verifications. Consult with your processor to determine which option is best for your business.
As payment card issuers respond to the massive credit card breaches of the last few years and because there is an elevated risk of chargebacks due to fraud or customer dissatisfaction in CNP environments, issuers are taking a longer look at CNP transactions and declining more of them. CNP merchants can no longer assume that if a transaction is declined, it’s simply an issue between the cardholder and their bank.
If decline logs show a high amount of “general” or “processor” decline reason codes, this may be a sign that issuers are declining transactions specific to your business based on perceived risk. High call volume from frustrated customers, confused that their purchase did not go through is another symptom of this larger issue. As a general rule of thumb, the more information merchants provide in the authorization process, such as CVV and 3D Secure, the more issuers feel they are being proactive against fraud. The issuer also benefits from a successful transaction, in the form of interest and interchange, so declining a transaction is not optimal for them either. But, like merchants, they can only assess risk with the information provided, sometimes resulting in declines for the merchant. When merchants provide more details, this can ease issuer concerns, resulting in higher revenue and customer retention.