Don’t Think You Have a Fraud Problem? Think Again.
You May Not be Looking in the Right Place
By Karisse Hendrick, Editor-at-Large, CardNotPresent.com
With the volume of card-not-present transactions rapidly increasing, fraud and other risks to revenue unique to card-not-present transactions also are on the rise. While more companies than ever have made a decision to dedicate resources to measuring, identifying and preventing fraud losses, there are still companies out there that think they do not have a fraud problem.
Given that fraudulent orders blend in well with legitimate orders, it is entirely possible for a company to have a fraud problem without knowing it—until, that is, it grows large enough to come to the attention of the card networks.
Often, the problem is you don’t know what you don’t know. But, even if you legitimately don’t have a problem with fraud, there are still ways you can lower decline rates, overall chargeback rates and payment processing fees.
It’s important to ensure that you don’t have fraud losses that you may not know about. To that end, here are some simple steps you can take that may uncover fraud where you think none exists.
- Know where to look : Most times, chargeback notices can be lost or overlooked by a department that may not understand they contain information to learn from, which can prevent future losses. If you aren’t the one receiving the chargeback notifications, find out who within your company owns the relationship with your merchant processor, and who is receiving your chargeback notifications and ask to review the last three months’ worth. If they do not have the individual notifications, ask to have them log into your merchant account to pull a report on the incoming chargebacks.
- Review the chargeback reason codes to learn why customers are calling their banks for a refund. If you have chargebacks with the reason code “fraud,” look up the orders in your order management system to see what they looked like when they were placed. If they look suspicious, look at the unique identifiers that made them appear that way and look in your orders for others like this. Once a fraudster finds vulnerability in a company, he will exploit it until he is caught or the vulnerability disappears. Chances are, similar fraudulent transactions will continue.
- Investigate non-fraud reason coded chargebacks, too . They may shine light on a process or issue that is causing customers to be dissatisfied, leading them to request a refund through their bank. You can review the cardholder documentation to learn what they are claiming and to address the issues internally. It is possible that you may have cardholders trying to take advantage of this system, and if that is the case, make sure you respond to the chargeback with the documents required for that reason code to attempt to get reimbursed for the debit to your account.
- Get your RIS Report . If you do not currently have a large amount of fraud chargebacks, but have an average order size of less than $30, you may have a fraud problem that you are not aware of. Because many issuing banks have policies to not pass on a chargeback if it doesn’t reach a specific threshold, there may be many customers reporting fraud that is not getting passed on to you. Contact your account manager or assigned risk manager to gain information about what is called your “RIS (Risk Identification Service) Report”. This can also be known as the TC40 report for Visa and the Safe Report from MasterCard. Because there is a lot of raw data in this report, and some can be quite lengthy, not all processors have the capability to provide the full details of this report, but they should be able to at least tell you the number of reports you have had in a recent time period.
- Check declined transactions . If you do have a high number of incidents on the RIS report, this could be impacting the decline rate at the point of authorization for new purchases. Because issuers have taken a loss on these transactions, and some use the information on this RIS report at the time of authorization, you could be missing out on a large chunk of business without knowing there is an issue. This is also true for a large amount of chargebacks as well. If you can gain access to this report, you can learn about fraud that you may not have known about, to be able to prevent future fraud. Merchants who have taken action on information gained from these reports have reported a decrease in declines, and an increase in authorizations after a certain period of time.
If, after looking at both your chargeback report and your RIS report, you still are satisfied with your fraud rate, the sad truth is that will probably change in the future. As e-commerce continues to grow, the bad guys will continue to be persistent. The liability is yours; do not ever become complacent. The companies that don’t pay attention to their losses and to suspicious order behavior are the companies that fraudsters exploit as soon as they identify a vulnerability at your store. And, as your competitors and other companies get better at fraud detection, fraud will naturally travel to the weakest link.
In addition to all of this, with the U.S. migrating to EMV cards in the card-present environment, industry experts have predicted a mass migration of fraud from card-present to e-commerce. Currently, nearly half all credit-card fraud occurs on counterfeit cards in the card-present environment. That fraud will almost certainly diminish when cards are much more difficult (and expensive) to counterfeit. Because the potential reward of committing credit-card fraud is so great, those currently committing fraud using counterfeit cards can be expected to cross over to card-not-present fraud. Data from the EMV conversion in Europe several years ago also substantiates this prediction. Whether you have fraud now or not, it is important for all card-not-present merchants to be aware of the possible impact on fraud that EMV may cause and to be prepared.
Beyond assessing your company’s exposure to fraud, there are several more opportunities to save money and to be more efficient in your payments process that could potentially save your company a great deal of money. In a follow up article next week, we will share ways that other companies have done this and explain how you can impact your payments metrics to increase sales and decrease operations costs.
To learn even more about the topics discussed in this article, register to attend the CNP Expo , where you will learn best practices from leading card-not-present companies.