PINless Debit Card Networks

The purpose of this article is to familiarize the key merchant services industry players with the advantages of integrating with PINless debit card networks.

The largest credit card associations, such as Visa and MasterCard, maintain large card networks through which payment card transactions can be processed. When a card transaction is processed, card network charges a certain interchange fee for handling of the transaction (more detailed information on transaction processing cost models and structure can be found in our respective article).

Some banks also created their own card networks called debit networks. For instance, every US-issued card, including those, carrying Visa or MasterCard logo, can be processed through at least two debit networks. Generally, a logo of a debit network, which can be used with a given card (for example, Plus, Interlink, etc.), can be found on the reverse side of the card. ATMs often work through debit networks as well, and usually, logos of supported debit networks are shown on the ATM.

Traditionally, there was an advantage for a merchant to integrate with PINless debit card networks, for several reasons, including funding delays. The primary reason, however, was considerable saving on the interchange cost as compared to the cost of equivalent transaction processed through Visa or MasterCard network.

In 2011, after Durbin Amendment (initially designed to reduce the burden of fees imposed by processors on merchants) was adopted, Visa and other associations were required by law to reduce the maximal interchange rate which they were allowed to charge for debit card processing.

If previously Visa could charge 2.5 to 3 % of transaction’s amount for debit card processing, after the Amendment the maximum interchange amounted to 0.95 %. After the Durbin Amendment was adopted the price difference for merchants integrating with PINless debit card networks versus regular card networks would only represent 10 to 20 basis points. As a result, some merchants, who were previously interested in and considered the prospect of PINless debit card network integration, changed their minds and lost their interest, because potential savings of 10 to 20 basis points could not provide a sufficient incentive (especially, for small and medium-sized merchants).

Although for small and medium-size merchants the advantage of PINless debit card network integration became really insignificant, on large processing volumes even 10 basis points still make a difference, especially in view of pricing wars, witnessed by modern merchant services industry.

Another advantage of debit networks, which still remains relevant, is that there is no policy around chargeback handling in PINless debit networks. If the transaction is processed, the funds cannot be charged back and the transaction cannot be disputed. Consequently, many companies (of all sizes), experiencing problems with high chargeback rates can still find integrations with PINless debit card networks. Even if transaction processing through PINless debit networks does not yield significant additional revenues, the option is still more relevant than processing through Visa and MasterCard networks. As we mentioned in some previous articles, 1 % of chargebacks can put the merchant into the Terminated Merchant File (TMF), and out of business. If some of the cards are processed through a PINless debit network, chargeback rates (as well as percentage of chargebacks resulting from transactions processed through regular Visa and MasterCard networks) decrease.

Conclusion

In spite of the limitations, imposed by the Durbin amendment, if you are a merchant, experiencing problems with high chargeback rates, and\or if you process significant dollar volume, PINless debit card network integration might still be a good solution for you.

Merchant Fraud Protection Tools

The purpose of this article is to familiarize payment service providers and other merchant services industry players with various merchant fraud protection tools. While one of the previously published articles covered consumer fraud protection tools (from merchant’s perspective), the current article is mostly targeted at PSPs who have multiple merchants in their portfolios, and, consequently, require efficient merchant fraud protection tools to ensure stability and security of their operations.

Information on the nature of merchant fraud can be found in our articles on fraud protection aspect of payment gateway selection, chargebacks and ACH returns.

Merchant fraud protection systems are often incorporated in payment gateway software products. They are based on various criteria for monitoring of each merchant’s transaction processing activity. The incoming flow of transactions is analyzed and checked against these criteria on some regular (usually, daily, or monthly) basis. If some deviations take place, they are immediately flagged, underlying merchants or transactions can be identified, and any necessary measures can be taken as efficiently as possible.

Let us now look into the fundamental criteria, providing the conceptual basis for merchant fraud protection tools.

Some criteria are analyzed on daily basis as well as on month-to-date basis. For instance, maximum transaction amount is a criterion analyzed on daily basis only, while maximum processing volume can be analyzed both daily and monthly.

For every particular business, depending on its nature, a limit is, generally, established for one or more criteria. If the limit is exceeded, the incident is analyzed, and, if necessary, respective measures are taken.

Maximum allowed processing volumes

General transaction volume as well as transaction count are analyzed. At the basic level, maximum and minimum transaction (ticket) amount, which a merchant indicated in the merchant application, are monitored. Significant deviations from these values might indicate some type of merchant fraud.

Maximum deviation from averages

Generally, most businesses follow similar processing patterns from day to day and from month to month with no deviations from average. If any significant deviations from average are registered, they are considered a signal for checking the specific case behind the deviation. Normally, permitted deviations amount to approximately 5-10 %. If this limit is significantly exceeded, it may raise suspicions. Deviation limits should be observed in an average per-transaction amount, average daily (monthly) transaction count, and average daily (monthly) processing volume (in dollars). Generally, 60-day window is used for daily averages, and 12-month window for monthly ones.

For some types of businesses deviations from average are typical (for instance, seasonal or induced by sale of some highly-demanded product), so the criterion is not always a decisive one, but in some cases it can be helpful.

Fraud suspects

One of the signs, which may cause suspicion, is a large number of so-called micro-transactions (below $1). In some situations a large number of even-amount transactions can also be a sign of fraud. For example, if a merchant is a retail business and transaction amounts usually include taxes, an even-amount transaction is rather an exception, than a rule, while for e-commerce businesses even-amount transactions are more common.

Duplicates

Duplicates can either signify actual fraud or just a human error. Duplicates can be analyzed according to several criteria.
For some businesses too many transactions with the same amount are untypical, so this is the case when they might signify fraud. On the other hand, some businesses offer a limited number of products\subscriptions, and for those businesses many transactions with the same amount are common.
Another duplicate-related criterion is the number of transactions associated with the same card number. If the number is too large, it may be a sign of fraud.
In some cases a large number of transactions with the same amount paid using the same card (a combination of the two criteria) during a short period of time (say, a day) may also signify fraudulent activity.

Transaction types

Unusually high percentage of transactions of a certain kind in the overall transaction volume is another representative indicator. If maximal allowed percentage of credits, refunds, verifications (“zero-dollar” transactions), declines, ACH returns or chargebacks is exceeded, it may be a sign of merchant fraud being committed.

Entry mode

In terms of card entry mode there are three basic card transaction groups: swiped, keyed and CNP. If some type of entry mode is dominant for a business, a sudden increase in the number of transactions with a different entry mode may signify fraud.

Off-hours transactions

Some transactions may be submitted during the time, when the business is normally closed (for example, before 8 am or after 8 pm).
For some businesses after-hours processing is acceptable, but unusually large number of transactions submitted after hours may be a sign of potential fraud.
If transaction volume is, usually, consistently distributed across the merchant’s working schedule (for instance, most transactions happen in the morning), sudden shifts in this distribution may also seem suspicious and, potentially, indicate merchant fraud.

Merchant inactivity period

Some merchants stop processing transactions, but do not close their merchant accounts. Such merchant accounts can, potentially, be used by fraudsters. Consequently, the number of days during which there is no activity on the account, should be monitored, in order to prevent potential fraud due to merchant’s lack of attention.
Absence of activity does not signify fraud, but rather, indicates that the merchant is not using the account any more.

Frequency

Some merchants normally process transactions only on certain days of a week or a month. If such a pattern is broken (for example, a merchant normally processes on Monday, and now there is activity for entire week, or a merchant, normally processing transaction for 20 working days a month, suddenly starts processing for the whole 31 day, it may indicate fraud).

Conclusion

Monitoring of potential merchant fraud signals is critical for payment service providers, which service large numbers of merchants, and assume financial risk and liability for the merchants in their portfolios. In order to efficiently prevent fraud, such businesses need to utilize merchant fraud protection tools.

Visit the UniPayGateway website if you are interested in the diagram illustrating this topic

Payment Gateways: Chargeback Information

The purpose of this article is to cover chargeback handling as an advanced feature to be considered by merchants and resellers when selecting a payment gateway\credit card processor.

If this is the first time you are reading our “Selecting a Payment Gateway” mini-series, please, start with the Introduction to improve your understanding of this post.

To learn about chargeback concept and why chargebacks are important, check the respective article on our web-site. Chargebacks represent problems for both merchants and resellers because of financial liability with them. A crucial point to be kept in mind is that if chargeback rate of some business exceeds 1 %, this business gets on the Terminated Merchant File and its merchant account is shut down.

Merchant perspective

While chargebacks are unavoidable, the goal of any business is to handle chargebacks properly whenever they appear. That means: find out about potential chargeback as soon as possible (retrieval), contact the customer, respond to retrieval and try to resolve the issue, prevent the chargeback from getting enforced and having financial impact.

When dealing with a processor\payment gateway it is important to understand:

  • how chargebacks are going to be delivered to the merchant (chargeback delivery mechanism),
  • what information is going to be present in a chargeback (chargeback identification method),
  • how the chargeback disputing mechanism will work.

These three aspects are addressed below.

Chargeback delivery mechanisms

In terms of chargeback information delivery from a processor to a merchant the two common options are: over e-mail (fax) and as a report (through API).
In case of e-mail or fax delivery, for every chargeback that occurs, a merchant is going to receive an e-mail or fax with the chargeback details. The report/API option offers delivery of chargebacks in electronic format (for example, as a delimited file), which can then be either used for manual processing or imported into merchant’s system of record.
For larger businesses with high transaction volumes an importable report/API would definitely be a more preferred option.

Chargeback identification methods

There are two approaches the processors might use to identify a chargeback. Based on the approach they use, merchants will receive slightly different information about a chargeback.
One of the ways is to use the unique identifier of the original transaction which is included in the chargeback case. However, some of the legacy platforms are incapable of doing this, and instead they send the merchant the date, the amount and the last four digits of the card number. While this option is acceptable on some smaller transaction volume, it will be a labor-intensive task for those who process a lot and want to handle chargebacks. Consequently, whenever possible, the preference should be given to processors capable of including unique ID of the original transaction in the chargeback information.

Chargeback disputing mechanisms

In terms of disputing (merchant-processor interaction) there are two ways of handling chargebacks (providing supporting documentation against the chargeback claim). One is through e-mail or fax, and the other – by using automated customer relationship management system (CRM) API.
While still predominant in the industry, the first option might be inefficient, as it involves a lot of manual work. The second option is going to help a business automate the process, but it may require resources to put it in place.
Consequently, if a merchant needs to handle a small number of chargebacks, it can go with the manual process. However if a merchant wants the chargeback handling to be an efficient automated mechanism, the preference might lie with processors who use some formal API for chargebacks disputing.

To illustrate the common issue with chargebacks, let us consider the example of a health club.

Example

A health club customer may buy something and then forget about the purchase. When the statement arrives, the customer might want to dispute the charge. Consequently, the health club must handle the issue appropriately: learn about the chargeback as soon as the customer disputes it, find the specific transaction resulting in the chargeback, contact the customer, explain the situation, and resolve the issue. Delaying response to the initial retrieval might result in the actual chargeback, lost revenue for the club and increase of the club’s chargeback rate.

Conclusion

Depending on transaction volumes, merchants must select processors/payment gateways capable of providing the most suitable options in terms of chargeback delivery, identification and disputing. A merchant dealing with larger transaction volume would prefer to partner with a payment gateway/processor whose chargeback handling mechanism is fully automated and implemented in a formal API.

Reseller perspective

The issue with chargebacks affects all resellers in one way or another (as chargebacks tend to be viewed negatively by acquirers), but it is particularly vital for payment service providers (PSP), participating in the underwriting process and bearing financial responsibility for the merchants in their portfolio. In such cases if a merchant is incapable of covering the chargebacks, PSP might be responsible for refunding the money back to customers. Therefore, it is of paramount importance for any PSP to be aware of all of the chargebacks as soon as they occur, as this awareness gives them the opportunity to react and, potentially, resolve the issue with the merchant before it is too late (the merchant is out of business).

Example

A health club (merchant) working with a fitness software company (which also provides merchant services, i.e., acts as PSP) is going out of business. People who signed term agreements for twelve months are now demanding their money back. Under normal circumstances the merchant is going to refund all the money, but there are cases when the money is no longer there and the merchant disappears. If the reseller is able to see the increase in chargebacks quickly, there is still time to react and, potentially, withhold some of the funds from the merchant.
If a PSP usually has a multitude of merchants in its portfolio, it is virtually impossible for this PSP to resolve chargeback issues with all of them “manually”.

Conclusion

If a reseller business is bearing financial responsibility for chargebacks issued by customers of its sub-merchants, it is better for this reseller to use API in order to control the process across entire portfolio and get the information as quickly as it arrives.

In the subsequent posts we are going to move on to more advanced features, targeted at enterprise merchants, wholesale resellers, ISOs and PSPs.

Payment Concepts: Credit Card Chargebacks

Why credit card chargebacks are important

The purpose of this article is to improve the understanding of the important concept of credit card chargeback among merchants, resellers and credit card transaction processors. With better understanding of credit card processing lifecycle in general and chargebacks in particular, they can avoid considerable money losses resulting from online credit card fraud.

Many people do not have a clear picture of the full online credit card processing cycle and mostly concentrate on the initial phase which includes processing and funding. Some are stuck with the misconception that transaction approval is the concluding phase of the process. However, the cycle doesn’t actually stop at this phase. It is important to understand the full lifespan of credit card transactions. Special attention should be given to credit card chargebacks. (To realize, the importance of chargebacks, it is sufficient to check some chargeback statistics ).

Many merchants that do not have thorough understanding of how credit card transaction processing functions often fall victims to chargeback fraud.  Consequently, one should keep in mind the possibility of fraud, induced by the nature of credit card chargebacks.

Credit card chargeback concept

Basically, credit card chargeback mechanism is one of consumer protection instruments. In general terms, a chargeback is a cardholder-initiated dispute over a certain amount of money the cardholder assumes to have been charged illegitimately (or in error) for products or services he or she did not get.

A chargeback happens as follows.

First a purchase-related transaction is processed. Afterwards, the buyer discovers that he or she was charged a certain amount of money for a service\product that he or she didn’t actually purchase (or believes he or she didn’t purchase). The buyer contacts his or her bank and asks for a possible reversal of the charge (known as credit card chargeback). The final decision is made by a card association (Visa, MasterCard etc). If the ruling in the chargeback case is made in favor of the buyer (cardholder), the money is withdrawn from the merchant’s bank account and returned to the buyer. Otherwise it remains with the merchant.

A chargeback decision can be subsequently overruled through an arbitration process. In this case a reversal is issued and the money is returned to the merchant. Quite often, regardless of the decision, a chargeback fee is applied. Regardless of the chargeback outcome, the chargeback rate of the merchant (percentage of chargebacks in the total volume processed) is going to rise. The problem is that when it exceeds 1 %, the merchant gets on the MATCH list (also called Terminated Merchant File ) and can no longer process credit card transactions.

Most people think that if a credit\debit card transaction is processed and gets funded in their bank account, the process is complete. In reality, there is always a possibility of debit and credit card chargebacks, which can take place up to 60 days after the original purchase is made.

Since most people do not look at their statements every day, there is a possibility of credit fraud around credit card chargebacks.

Chargeback fraud

Let’s address the two possible types of fraud involving credit card chargebacks: consumer fraud and merchant fraud.

Consumer fraud

The most common chargeback fraud scheme, that should be mentioned, is a consumer-based one. It is implemented by fraudsters who simply make purchases online using stolen cards, i.e. pay for their online purchases with somebody else’s money.

Merchant fraud

Another chargeback fraud scheme, involving merchant accounts, is more complicated. Let’s assume a fraudster managed to obtain a large set of credit card numbers (possibly stolen from an online store database). The fraudster subsequently obtains a merchant account, uses stolen cards and processes transactions (presumably, not involving large sums, not to get detected by fraud protection tools). The next day the fraudster’s merchant account gets funded, he collects the money and flies to Bahamas (or elsewhere). Within the next 60 days the cardholders discover illegitimate charges on their credit card statements, issue chargebacks and the processor or merchant account underwriter (ISO/bank) is now paying for the lavish vacation of the fraudster with their own money.

It is important to note, that card not present transactions are carrying higher risk of potential fraud. In order to detect and prevent fraudulent CNP chargebacks merchants and resellers can use various tools.

Because of the fraud mechanism described above, all merchants requesting merchant accounts today have to go through a strict underwriting procedure.

Chargeback fraud prevention methods

1) There are some indirect signs, which might indicate high risk of fraudulent CNP chargeback. These signs include risky account locations (billing addresses) outside US, multiple account numbers accompanied by one and the same address, and others.
2) There are prevention tools offered by credit card issuers. These include address verification service (AVS), Verified by Visa (VbV) and MasterCard Secure Code (3D secure), Card code verification (CCV) and others.
3) ISOs and Payment service providers (PSPs) can hold a special chargeback reserve to cover potential credit card chargebacks, issued by merchants’ customers.

A more exhaustive coverage of credit card chargebacks, chargeback fraud and fraud prevention tools can be found in these
guidelines .

Conclusion

In order to avoid money losses resulting from chargeback fraud, merchants, resellers and processors need to understand the transaction processing cycle thoroughly, and introduce respective leverages and tools into their transaction processing systems.