Imagine its’ January, you dropped your kids off at school and you are on the way to your office. Most of your employees will be back from the year-end holidays and you are looking forward to seeing them all. The end of year spending spree was great for your company, as a matter of fact, it surpassed all expectations by quite a bit. Not only did you experience more new customer accounts than any quarter before, but each month set a new sales record. “This year is the year of growth”. You practising your delivery as that is going to be your mantra this year and you want to really drive home that message. As you settle down into your chair, you turn your computer on. You scan through your mailbox, there’s nothing out of the ordinary that is until you notice an email from your card processor. They claim that your company’s chargeback levels over the past 3 months were unacceptable and that you had 60 days to bring the ratio under control or face the consequences.
You open up your card processor’s merchant statements and furiously copy the numbers at the end of each column into Excel. Shortly after, you realise that the card processor was right. Your chargebacks are out of control. It grew even more than revenue did. You shift back to the email from your processor. You have 60 days to get chargebacks under control or risk being enrolled into their monitoring program or having your payment facilities revoked. So much for this being the year of growth you think. Your shoulders slump and you hang your head, “what am I going to do now?” you ask yourself.
The situation above is one that many Malaysian merchants might find themselves in as over 20% of all credit card transactions in Malaysia are reported as fraudulent. In this series, DiCoRm introduces you to what happens when a merchant’s chargeback ratio goes unchecked and what they can do next.
This is part 1 - The Love Letter
Why Is This Happening?
This happens when the number of chargebacks received in 1 calendar month, equals or exceeds 1% of the previous month’s transactions. When this is observed, the processor informs the merchant (through the acquirer(bank)) that their chargeback levels are not acceptable and some remedial action is required.
Chargebacks in general costs a lot of money as acquirers and processors have to have dedicated teams to receive the chargeback claims, process the claims, request evidence from the merchant and the buyer, decide the outcome of each claim and inform the relevant parties. On average, this entire process takes anywhere from 45 - 120 days and each claim requires a minimum of 3 people hours to process in its entirety. This process is very manual as it requires multiple tools, paper records, Excel records and has multiple touchpoints. As such, if processors let it go unchecked, they could easily burn through their yearly profits.
So to encourage merchants to be more careful and to avoid common mistakes that result in chargebacks like a merchant accepting an expired card, processors developed the chargeback monitoring program. The letter we received earlier, is a merchant’s first foray into this program.
What Does This Mean?
Typically, this letter signals to the merchant that they need to get their act together. They need to be more vigilant when it comes to accepting payments. Processors aren’t (always) evil faceless organizations that are only out for themselves. Most of the time, these warning letters come with a few remedial steps that a merchant might want to implement.
While the processor cannot possibly give each merchant tailored feedback, this letter can serve as a jolt to the system to get the merchant’s gears spinning on how the merchant can protect themselves against chargebacks and more importantly, fraudsters.
If the merchant is unable to get their chargeback rate under control, during the stipulated time frame, the processor will enrol the merchant into the processor’s chargeback monitoring program. On average, this program costs USD $14,000 a month (this varies depends on location) and depending on performance the merchant will be enrolled for 3 to 6 months. If the merchant is unable to get the chargeback ratios under control during this time frame, the merchant will most likely lose its credit card processing capabilities.
A key point to remember is that the card processors will always look at chargebacks received during the current month and compare them against all transactions received in the previous month. This is done as cardholders generally file chargebacks within one month of the charge appearing on their statement. This means that merchants should start looking at corrective actions as soon as possible to avoid further penalties. So what should the merchant do next?
Great Haste Makes Great Waste
The advice that we at Dicorm give to our clients is that it is vital to know what you need to avoid doing before knowing what you must do. That way, you don’t need to spend double the time or money to correct your mistakes.
The first and most common mistake that every merchant should avoid is an overreaction. What we mean by this is you taking extreme measures that you think could rectify the situation. For example; you could cease taking credit card payments from all foreign cards or you could insist on bank transfers only. Alternatively, you could sign up for a service the Visa fraud protection service, Cybersource or SEON. While we are not saying that any of these options are bad, it does go against one of our core principles ie; using balance to fight fraud.
For example; If a merchant was to proceed with example signing up for Cybersource they would see fraud rates fall but then would be 100% reliant on Cybersource moving forward. This means that anywhere from 1% to 3% of the merchant’s profit has to be sacrificed just to keep chargeback rates under control. This leads us to the next common mistake, buying a system without due diligence.
A quick Google search of fraud prevention systems returns thousands of results from companies ranging from startups to international conglomerates. The problem is that the options are endless and it gets overwhelming that typically, the next step is to Google best fraud prevention systems. This puts the merchant beholden to the opinion of a few writers and means that the merchant is very likely to miss out on the ideal risk/fraud engine. To overcome this, it is mission-critical that the merchant puts in the time and effort into reading about the risk/fraud engines that are available. This would enable the merchant to find the best deal as a lot of the startups are willing to offer negotiated packages and find the risk engine that is best suited to the merchant's business model.
Lastly, merchants must avoid thinking that the situation will auto-correct itself. This thought process means that a merchant is likely to take little to no action and as a result, the situation could get even worse and by the time the merchant comes around to taking action it would be too late. This isn't to say that the situation can not autocorrect itself; it is just highly unlikely as fraudsters tend to bleed victims dry before leaving them out to pasture. Fraudsters currently operate in tandem with each other meaning if a merchant store is observed as a simple way to monetize stolen credit cards, that information is passed along the fruits that network and other fraudsters begin attacking that merchant as well.
In conclusion, merchants should avoid making any decision in haste yet at the same time take a laissez-faire attitude towards warning letters from their card processors.
Join us again next month as we cover what steps merchants should take when facing a warning letter.