Underwriting and Risk: Adversaries or Allies?

In merchant services, balance is important between underwriting and risk teams.  If left unchecked, these two teams can work against each other, making the other’s job harder than it should be.

Each of these teams has clear yet different roles:

Assess whether applicants adhere to bank, card brand, and regulatory rules. In a nutshell, they are trying weed out fraudsters, money-launderers, and businesses that would pose a financial risk to the institutions processing their payment transactions.

Monitors transactions processed after they are boarded. Are they processing transactions outside acceptable parameters? Does the activity make sense given the business type? Is the activity indicating the institution processing those transactions could be at risk, financially or otherwise?

In an ideal world, balance exists between these two teams. 

For example, if an underwriting team is heavy-handed and turning away anything that is even a tad bit risky but has the potential to be monitored and managed with a good risk program, we’re 1) not letting the risk team do their jobs and 2) turning away business we could likely take. A real morale and profit- buster.

If the underwriting team is not turning away business that they should, we are over-taxing the risk team’s resources and setting them up for failure. We can expect that we will lose most of these merchants, and we’ll probably incur financials losses.

Why bother boarding them in the first place? Again, not the kind of things risk teams usually get excited about.

Hopefully, now we can see why balance within and between these two teams is critical to both operating well. The balancing act is ongoing… this is something that should be constantly monitored and tweaked.

Friendly Fraud Chargebacks

How can we help merchants that encounter friendly fraud chargebacks?

This is when the cardholder misuses the chargeback process– either intentionally or unintentionally.
If the cardholder is misusing the chargeback process unintentionally, it is probably because they don’t recognize the charge.  Here is how we can help:
The billing descriptor is what appears on the cardholder’s statement.  The merchant should ensure that the descriptor used is easy to understand and accurately reflects the business where the charges occurred.  Ideally, the merchant’s phone number should be included in the descriptor with 24/7 customer service available, if possible.  The descriptor helps eliminate friendly fraud where the cardholder simply doesn’t recognize the charges. 

Merchants can also take advantage of Ethoca’s free logo program.  Through the program, merchant brand marks/logos will be linked to corresponding transactions in the digital banking applications of participating card issuers.
Now let’s work on fighting the chargebacks that happen with intentional misuse from a cardholder:

The better merchants can be about setting expectations and service levels with their customers before the sale takes place, the better.  If a customer charges a purchase back because they missed the return window, the merchant should be able to win that chargeback provided they submit sufficient evidence. 

Most cardholders have immediate access to their statements and pending charges on their account.  The dispute initiation process is easier than ever and, often, can be completed without even picking up the phone.  Merchants should keep that in mind and attempt to make their customer service experience every bit as available to their customers.  If it’s a frustrating experience to get in touch with customer service to resolve an issue, many cardholders will default to using the dispute/chargeback process.

Many friendly fraudsters are repeat offenders–if they file one illegitimate chargeback, they will likely file another. By blacklisting offending customers, you can prevent them from making future purchases as well as the chargebacks that are likely to follow.

If friendly fraud chargebacks are happening, you’ll want to first understand more about why they’re happening.  You can use analytics to narrow them down to a specific product, service, marketing promotion, issuer BIN, geographical area, etc. Check out In-Depth Analytics and Reporting from Midigator to help with this task.

Implement 3DS
EMV 3-D Secure 2.0 is a security protocol that allows issuers to authenticate online consumers.  Providers of this service, like PAAY, can provide fraud liability protection for certain reason codes.  See this post for more detail.

How 3-D Secure Can Help Reduce Fraud Chargeback Losses

Do your e-commerce merchants find themselves in this seemingly helpless situation?

They accept payments for legitimate sales, only to have cardholders dispute the transaction, claiming fraud.

There are products that can completely shift liability for fraud chargebacks from the merchant to the issuer.

These products are based on EMV 3-D Secure 2.0 technology, which is a security protocol that allows issuers to authenticate online consumers.

We won’t get into the technical specifics here, but in general they:

  • Allow merchants/payment providers to send additional data elements to the cardholder’s bank.
  • Can be specific to that payment, like shipping address or contextual, such as the customer’s IP address, location, or transaction history.
  • The issuing bank uses this information to determine whether the cardholder is making the purchase.

Sometimes this is frictionless, others, an additional step is required to authenticate the cardholder.  When an additional step is needed, the issuing bank “challenges” the cardholder by sending a one-time passcode to the cardholder, for example.

How can this help merchants manage chargebacks?  It provides liability protection for certain fraud chargeback reason codes: Visa 10.4, Mastercard 4837 and 4863.

That means that if a transaction was authenticated using 3DS, and a cardholder dispute is filed for specific fraud reason codes, the liability falls to the issuer instead of the merchant.  This is commonly referred to as “liability shift.”

When cardholders commit friendly fraud and the transaction is 3DS-authenticated, the issuer is responsible for covering the chargeback.
If you have experience with the original version of 3DS and stopped using it because of the friction, it’s time to revisit.  3-D Secure 2.0 has much less friction than the original.

PAAY‘s EMV 3DS is built understanding the pain points that 1.0 brought. Friction, latency and difficulty integrating are some of the few things that were a big concern. PAAY’s solution is easy to implement, completely frictionless off-the-shelf and minimal latency.

All this to say, 3DS, specifically the solution provided by PAAY, can be an effective tool in a merchant’s toolbox for fighting fraud chargebacks.

A few things to keep in mind:

  • There are a handful of merchant category codes that are not eligible for coverage.
  • If 3DS authentication is attempted and the issuing bank does not participate, the merchant still gets the liability shift.
  • PAAY has options when it comes to implementation method. Their javascript SDK can often be implemented in less than a day.  They also offer assistance if merchants don’t have an in-house development team.
  • PAAY’s solution has all merchants in mind, especially SMB.  But is especially helpful for high-risk verticals like nutra, digital downloads, ticketing, continuity/subscriptions, travel, etc.