3 Ways to Separate Fraudulent Transactions from False Positives
- By Andrew Deichler
- Published: 3/22/2017
LAS VEGAS -- During a panel session at MRC Vegas, experts addressed a key pain point for e-commerce merchants—payment declines for legitimate transactions. Unfortunately, the proliferation of online fraud frequently results in legitimate payments being denied due to activity that looks suspicious but is not.
Moderator Sunil Dixit, principal product manager for Vantiv, began by noting that in these instances, customers tend to blame the merchant, because that’s their point of contact. “They’re going to blame the merchant, even though you may have nothing to do with that decline, even though the decline may be a false positive,” he said.
Declines can happen when the issuer or any other party in the process detects some sort of issue. “We develop these fraud tools, and they are supposed to operate logically,” Dixit said. “But there are so many parties in the ecosystem doing the same thing. There’s a real lack of alignment. Merchants don’t talk to issuers. Issuers don’t talk to customers very often, and if they do, the customers are irate. Networks have trouble engaging with acquirers. So every time it goes through one of these channels, even though it takes less than two seconds, it goes through another set of rules that can disrupt the payment.”
David Mattei, vice president, merchant and FI product portfolio manager for Vantiv, noted that issuers have the same goals as the merchants—to approve all good transactions, and deny all the bad ones. “You don’t want your cards being declined all the time, or else your call center is going to be ringing off the hook,” he said. “So it’s really a balancing act for the FIs.”
Garrett Goff, head of fraud for Netflix, noted that quite often, his company will get declines that make little or no sense. Netflix customers pay with recurring payments, so when one of them is suddenly declined, it raises eyebrows. “When a customer has been with us for 12 months and we receive an invalid card number, we say, ‘Maybe there’s something going on here,’” he said. “So we try to peek through the veil and see what issuers are doing, where and when we can.”
Michelle Hafner, senior vice president, decision products for MasterCard, noted that her company can often see attacks before the issuer does. “Oftentimes, the issuer doesn’t know what’s happening, but we can go in, and say, ‘Shut this down; the rest of it is good,” she said.
Goff noted how practices can vary greatly by geographical area, resulting in a lot of false negatives. After launching in 130 countries, Netflix quickly began to see huge differences in the way issuers operate. “In the U.S., zero-dollar verification is a very routine way to perform a validation on a card,” he said. “But then you go to Europe, Malaysia or the Middle East, and you’ll see issuers that don’t even check the [personal account number] on a zero-dollar transaction. If it’s a [bank identification number] that’s routed to them, we’ll have what we know must be a made-up PAN, but they’ll approve them because there’s no risk to them.”
3 False-Positive Solutions
Still, for those instances when Netflix gets declines that don’t make any sense, it has multiple acquiring routes in every market. “So if we send a transaction down our primary processing route in the U.S. and the card fails, within milliseconds, we’ve rounded down an alternative route, and the transaction attributes are relatively the same,” Goff said. “Very little has changed, and it gets an approval. It could be insufficient funds or an invalid card number on one route, but approved on another.”
Another way that e-commerce merchants can improve things on their end is by using BIN lists, which can be a huge help in verifying transactions. Goff noted that Netflix takes “every BIN list it can get its hands on.”
Nevertheless, for BIN lists to work, merchants need to use them, and many do not. Some of that is due to BIN lists being comprised of outdated information, but merchants should make an effort to seek out up-to-date lists. “We have a BIN list that’s out there because we found that there’s a lot of misinformation out there,” Hafner said. “So we’re providing a daily file because we want to make sure that you have the most updated information.”
Hafner also recommends using an account updater, which is a tool that updates customer payment account information automatically. “It’s a really simple tool that you should all be using,” she said. “We’ve seen lifts in the range of over 30 percent when merchants utilize account updater to make sure they have the most recent card on file.”
Copyright © 2017 Association for Financial Professionals, Inc.
All rights reserved.