Welcome back to the third part of our series on Credit Card Processor Limits. In this series, we cover what happens when the number of chargebacks a seller receives surpasses the threshold set by card processors. In our first article, we documented what could cause a warning letter to be triggered as well as what steps a merchant should avoid doing after receiving a warning letter. We followed that up with what a merchant should do in order to ensure that compliance with the card processor chargeback threshold and other basic steps that a merchant could use to get them out of the ‘danger zone’
Today, we continue the conversation in covering what is next for a merchant. Getting chargeback numbers under control is just one part of the equation. Depending on whether the merchant used a ‘scorched earth’ technique or a more targetted approach, they might have an opportunity to fine-tune their strategy to stop fraudsters but allow legitimate customers.
This is Part 3: Optimizing
The optimization stage starts where the other stages started - by investigating. The merchant needs to investigate two things - current chargebacks and customer complaints about failed purchases. This process is normally called merchant monitoring.
Monitoring
Let’s start with current chargebacks as it is easier. The merchant needs to replicate the steps they took in part 2 of this exercise and understand what are the common denominators of the chargebacks they are experiencing. Chances are, if the merchant’s risk rules are built well, they should see a new modus operandi popup, more non-fraudulent chargebacks (ex: item was dead on arrival) or no more chargebacks. Regardless, the merchant needs to replicate the steps they took in part 2 to stop the new modus operandi from affecting their chargeback ratios.
However, when it comes to keeping track of customer complaints about failed purchases, the issue becomes slightly trickier. The merchant should set up a method for customers to contact the merchant regarding failed transactions. This could be a chat or email queue but ideally, it is a phone number as fraudsters are less likely to make a call to complete a fraudulent transaction. It would remove the anonymity that fraudsters use to shield themselves.
The merchant could decide to invest in an expensive IVR phone system that will keep track of the reason a customer is calling the merchant OR the merchant decides to outsource the entire customer service element of their business. Chances are, the merchant will opt to save that money and handle customer service themself. This is admirable and the merchant MUST accept that they must make it a habit to keep a log of customer complaints. Overall, this will help the merchant in their business as we will discuss in a future post, and, more importantly, it will help the merchant keep track of instances where good customers are unable to complete a purchase.
At this stage, it is important that the merchant keep notes of as many data points as possible when speaking to the customer. This would enable them to fine-tune their risk rules. Whilst some customers might be unwilling to provide data such as credit card number, postal address or email addresses, this data would be vital to the optimization process.
As a side note, the merchant should be aware that at this stage, they should be looking to appease the customer and doing anything they can to salvage the sale. Therefore a best practice would be for the merchant to offer the customer an alternative method to complete their purchase. This could be a bank transfer, use of a virtual terminal to take payments over the phone or using PayPal’s invoice feature.
Working on the assumption that some data has been captured, the merchant can finally start analyzing the data points against data of which transactions were blocked. This is a fairly simple process where both sets of data, blocked transactions and call data are placed onto a data analytic tool and the merchant compares data points.
For the sake of discussion, let us take three examples of what a merchant notes;
All US-based credit cards were blocked and that all US-based credit cards from the call data spend between $40-$80.
All cards from Thailand that spend more than $55 are blocked yet the call data suggests all Thai customers who get blocked are calling in to complain.
A specific Indonesian card issuer has been blocked but three customers have called in attempting to make payments.
Each one of the instances above requires the merchant to conduct a different type of analysis and then, take different actions to address these observations. This act of fine-tuning is called synergizing.
Synergizing
All US-based credit cards were blocked and that all US-based credit cards from the call data spend between $40-$80.
Here, the merchant is looking to answer a very simple question - is it safe for me to allow transactions that are between $40-$80 to complete a transaction on my site? In order to answer this question, the merchant should look at all transactions from the Call data that used US-Cards. This data should be compared against the blocked transactions. The merchant should look at the number of transactions attempted using US-based cards. This data should then be compared against the call data. If for example, 85% of the transactions are present in the call data, then the merchant could then determine that This rule is costing more than it is saving. Therefore, the merchant could loosen the rule, to allow US-based cards to make purchases on between $40 and $80. The difficulty here is when the ratio is lower, especially when the ratio is closer to 50%. Some merchants might feel that the risk is justified yet some might otherwise. It balls down to each individual merchants’ risk appetite and management style
2. All cards from Thailand that spend more than $55 are blocked yet the call data suggests the all Thai customers who get blocked are calling in to complain.
Similarly, here, the merchant must answer the question - is it safe for me to allow transactions above $55 on my site? Since the ratio of blocked transactions to customer call-ins is 100%, the merchant should know that the risk of chargebacks is very low. However, a good anecdote to remember is that just because things are good now, does not mean it was good before or will continue to be good in the future. What this means for the merchant is that they should try to understand why the rule was implemented in the first place. To do this the merchant should look at old transactional data before the rules were implemented. By doing this, the merchant could identify that perhaps a majority if not all of the chargebacks were coming from one particular bank. Perhaps the merchant will identify that a common denominator of the fraudulent transactions were fake email addresses. Perhaps the merchant will identify that most of the fraudulent transaction came from a particular city or town or area based on the IP address. the point here is that if the merchant is able to look retrospectively at why the rule was relevant in the first place, they would then answer the question if the rule is still required or if it just needs to be loosened.
3. A specific Indonesian card issuer has been blocked but three customers have called in attempting to make payments.
In this instance, the merchant should proceed with the normal step of checking the ratio between good and fraudulent transactions. Unless the merchant has received 6 or fewer transaction attempts involving cards from that particular issuer, the ratio will suggest that the rule should remain unchanged. Therefore, the merchant should not remove the risk rule in place. However, the merchant’s job is not done yet as the merchant should take this opportunity to look for variations of the same fraudulent transactions. For example, if the merchant had previously identified that some Indonesian cards from the issuer in question used a P.O Box as an address, the merchant should scan the current transactions for that modus operandi. If the merchant was to find instances of that modus operandi being used, they should take the necessary actions to block those transactions as well.
The monitoring and synergizing element of phase 3 cannot stop. Merchants need to be aware that as they find ways to effectively combat fraud, the fraudsters will continue to innovate and find creative ways of monetizing stolen credit cars. This inevitability means that once a merchant enters the fraud busting circle, they cannot stop paying attention to fraud.
This might be a bit too much for some merchants to handle and some will change their business model and sell on online platforms that offer fraud protection. Other merchants might decide to bite the bitter pill and hire a fraud investigator or analyst, adding to the merchant’s overheads. Alternatively, they could contact us for a free, no obligations consultation and Dicorm could help them draw up a cost-effective solution that will take into account their current and future needs.