August 19, 2016
Is EMV Card Reissuance Infecting Subscription Merchants?
Netflix not the only one feeling the burn of increased declines
By D.J. Murphy, Editor-in-Chief, CardNotPresent.com
Last week, a consequence of the U.S.’s shift to EMV card technology impacting card-not-present commerce made headlines —just not the one everyone had anticipated. On-demand Internet streaming-video provider Netflix attributed less-than-expected subscription volume to the mass re-issuance of cards with chip technology. Thus began a very public debate about whether Netflix was sounding a legitimate alarm, with many more subscription companies to follow, or blaming a convenient scapegoat to explain earnings that might not have pleased all its investors. CardNotPresent.com used the kerfuffle as an opportunity to reach out to subscription experts—merchants, service providers and issuers—to determine if Netflix’s claim is plausible and could become a trend affecting other subscription companies. And, if so, how merchants can minimize the impact.
Understanding the issue
Netflix has attributed its dip in subscriptions to “involuntary churn” due to the reissuance of EMV cards. Involuntary churn is when a subscriber wants to remain a customer, but can’t, for reasons such as payment failure, communication problems or chargebacks. Declines on recurring transactions are the biggest reason for involuntary churn. Subscription merchants classify declines as “hard” or “soft.” Soft declines usually indicate funding issues and are more likely to receive an authorization after “recycling” the transaction (trying to run the card again). For hard declines, a successful authorization cannot be obtained and, generally, a new card number is needed.
To manage hard declines, merchants typically have two choices. They can ask customers to update their cards. But busy consumers might not do so until they need the service again and it provides an opportunity for the customer to decide they no longer need the service. Alternatively, merchants can enroll in Account Updater services through either a merchant processor or gateway. This service allows merchants to upload card information on hard declines and receive updated information from the issuing bank—ideal for retailers using a subscription pricing model.
While Account Updater is a beneficial product for reversing hard declines and preserving revenue without any action on the customer’s part, however, not every issuer uses this service. Additionally, issuing banks can select how they participate. So, while one might provide a response, it may not be the new card number. It could be “Account Closed” or “Contact CH,” even if the customer received a new card. As one of the merchants contacted for this article said, “Account Updater is a huge benefit, but it definitely can’t be relied on as a silver bullet.”
Subscription merchants contacted by CardNotPresent.com confirmed the problem Netflix reported in its earnings call is real and not confined to the streaming service. Sources within several prominent merchants have seen an increases in the decline reason codes “Do Not Honor” and “Invalid CC#”—both considered “hard declines” in most cases—since August of this year, which is about when issuers began their massive reissuing efforts in earnest.
All of the merchant sources, who wished to remain anonymous, said their companies participate in Account Updater. However, in the last few months, they have seen an increase in the response “Bank does not participate” (exact response can vary by provider) from the product. According to a statement from Netflix to the Wall Street Journal last week, this accounts for about 40 percent of their hard declines. When Account Updater does not result in an updated card number or expiration date, the standard best practice is to contact the customer to request updated card information. Because this can take weeks, if not months, that revenue is delayed. The impact of this reduction in revenue, of course, varies by the size of a merchant.
“It may be a small percentage, which would have a small impact on a smaller merchant, but a much larger impact on a larger merchant,” said the head of payments for one of the largest subscription-billing companies in the world.
This is not the first time subscription merchants have seen similar spikes in involuntary churn. Last year, in the wake of two large high-profile data breaches, millions of cards were re-issued. Merchants saw the same spike in “Do Not Honor” and “Invalid CC #” decline response codes then as they are now. This resulted in an increase in card numbers being sent to Account Updater, with some, but not all, new card numbers provided. Because this spike in hard declines is again coinciding with a massive reissuance of credit cards, merchants are siding with Netflix, echoing that EMV is having a negative impact on their recurring revenue.
Not everyone agrees
Some industry experts are not as convinced EMV is to blame. Dan Burkhart, CEO and founder of Recurly, a company that specializes in recovering recurring revenue, continually studies decline reason codes and Account Updater activity for a large group of merchant clients. While he agrees some merchants are seeing higher declines, it’s not always because the card has been reissued with a different number.
“The broad majority of cards being reissued include the same account number and a revised expiration date. In those cases, the Account Updater will provide the revised expiration date,” says Burkhart. “We are keeping close tabs on the EMV A/U matter. We definitely saw an increase in replacements beginning in April, and have actually started to see the normalization process beginning to happen, which is what occurred post Target breach. So, my opinion (based on the data we’re seeing) is that the industry awareness is reaching peak visibility just as we’re now trending down the ‘back slope’ of recovery from increased match rates for replacement cards.”
Julie Conroy, research director at Boston-based Aite Group, says regardless if the new chip card number is the same or different, banks have been addressing the issue in other ways.
“These capabilities have actually been in place for some time as a result of the vast number of data breaches that resulted in card reissuance (where every card number was by necessity different),” she said. “Many of the large issuers and processors have the ability to tie the re-issued card number to the old card number, and will honor recurring transactions for many months on the new card, while others are providing emails to cardholders providing a list of all of their recurring-billing relationships that need to be updated. Mass reissuance of new cards is nothing new in this day and age of escalating data breaches. We surveyed a number of merchants last year to understand whether the data breaches and subsequent reissuances were having an adverse impact on their subscription business (particularly the Target breach, where around 80 percent of impacted cards were reissued). The majority of merchants we surveyed said that there was very little or no impact. With EMV, many issuers are keeping the card numbers the same, so the effect should be even less.”
What to do?
If you are a merchant with a subscription-based business, it is important to look at your own data to determine for yourself if your business has been impacted by reissued chip cards. Reviewing decline rates and reason codes is the best way to do this. If you are seeing a spike in declines, the merchants we spoke to offered these best practice suggestions:
- Participate in Account Updater and ensure your provider is passing on the most transparent reason codes that provide the best insight into issuer response codes
- Ensure that your Merchant Category Code passes on a recurring flag with subscription transactions. Issuing banks that do allow charges on the old card will only do so if this flag is present in the transaction.
- Ensure you are not passing on the CVV on recurring transactions, as this usually changes when a card has a new expiration date. If a bank provides an updated expiration date via Account Updater or still allows transactions on cards with the old expiration date, it may not authorize the transaction with an old CVV code.
- Consider working with a partner that specializes in recurring transactions. This may be a merchant processor or a gateway, but outside expertise could be a good alternative to hiring an internal resource to manage these payments.
- Review customer communications when a card has hard declined. Consider A/B testing with different wording to find the communications that customers respond to most, by updating their card numbers.
- Consider having a strategy specific to large reissuance of cards, such as EMV or large data breaches. This may entail more e-mail communications during a shorter time period, calls to customers or a more aggressive retry strategy.
As of September 15, Visa said its issuing banks had issued 151 million chip-embedded debit and credit cards—about 21 percent of total Visa cards in circulation. Separately, MasterCard said 40 percent of its credit cards in the U.S. are now chip-enabled. Hundreds of millions of cards remain to be reissued over the next few years. So, if the EMV migration is, indeed, to blame for an increase in involuntary churn for subscription companies, it’s only going to get worse. And, with the continued fear of more high-profile data breaches, mass reissuance of cards may become a “new normal.” It is important for merchants to study their own data and react to what it is telling them, creating a multi-leveled strategy to regain the customers that may fall through the cracks due to canceled cards.