TABLE OF CONTENTS
What is fraud ?
Card-not-present (CNP) fraud is when a thief uses stolen card information to make unauthorized transactions without the physical presence of the card. This type of fraud occurs in online transactions, telephone orders, or mail-order purchases. It is considered actual fraud because it is committed by someone who has obtained stolen card information and is using it to make unauthorized purchases.
On the other hand, friendly fraud (also known as chargeback fraud) occurs when a cardholder disputes a legitimate transaction with their bank or credit card company, claiming that they did not authorize the transaction or that the goods or services were not received as expected. This can happen for a variety of reasons, such as forgetfulness, confusion, or even intentional fraud.
Friendly fraud is often unintentional and may be the result of misunderstandings or disputes between the cardholder and the merchant. However, in some cases, it can be a deliberate attempt by the cardholder to avoid payment for goods or services they received, resulting in financial losses for the merchant. It is important to note that friendly fraud is not a victimless crime, as it can have significant financial consequences for the merchants who process the transactions.
How fraud rate is counted ?
TC-40 and SAFE alerts are fraud prevention and detection tools used by Visa and Mastercard, respectively, to help identify and prevent fraudulent transactions. These alerts are based on specific criteria that have been determined to be indicators of potentially fraudulent activity.
When a transaction meets the criteria for an alert, it is flagged and reviewed by the issuing bank or financial institution. The bank then determines whether the transaction is legitimate or if it should be declined or flagged for further investigation.
TC-40 alert
The TC-40 alert from Visa is based on a set of criteria that helps identify potentially fraudulent transactions, including transactions that are out of the cardholder's normal spending patterns, transactions that are unusually large, transactions that involve high-risk merchants or locations, and transactions that are conducted overseas or in countries known for high levels of fraud.
SAFE alert
The SAFE alert from Mastercard is a similar tool that uses a set of criteria to flag potentially fraudulent transactions. These criteria include unusual transaction patterns, transactions that involve high-risk merchants or locations, and transactions that are conducted overseas or in countries known for high levels of fraud.
The number of TC-40 and SAFE alerts generated by Visa and Mastercard, respectively, can be used as one measure of the fraud rate. A higher number of alerts may indicate a higher rate of attempted fraud, which can help financial institutions adjust their fraud prevention and detection strategies.
If a user contacts their bank, which is the issuer of their card, to report an unrecognized transaction, the bank has several options. They may issue a chargeback with Fraud Reason Codes (VISA - 10.4, MasterCard - 4837) and reissue the card. Alternatively, they may refund the user's funds without a chargeback and reissue the card, or they may simply reissue the card without refunding the funds or issuing a chargeback. Regardless of which option the bank chooses, a Fraud Report must be created and sent to the appropriate authority, which is TC40 for VISA and SAFE for MasterCard. These fraud notifications are taken into account in the calculation of the fraud-to-sale ratio. If a merchant exceeds this limit, they may be included in the Visa or Mastercard Fraud Monitoring Programs.
Please, find the links to the article for such monitoring programs for Visa and Mastercard respectively.
Kindly find the article regarding Fraud notifications displayed in SolidGate’s HUB.
How to prevent Fraud?
Сompany management across all industries must prioritize the fight against fraud. The current level of fraud scale has the potential to debilitate even the largest organizations and compromise customers' confidence in them.
Preventing fraud is an essential aspect of running an online business. Here are some steps that an online company can take to prevent fraud:
- Use Fraud Detection Tools: Use fraud detection software that can help you identify fraudulent transactions, such as transactions that are made using stolen credit cards or that originate from high-risk locations. There are many third-party services available that can provide this type of functionality.
- Verify User Identities: Implement a verification process to confirm the identities of your customers. This could include verifying their email address, phone number, or physical address. You could also require additional verification, such as a government-issued ID or a utility bill.
- Secure Your Website: Implement security measures such as SSL encryption, two-factor authentication, and regular security updates to ensure that your website is secure and protected against hacking attempts.
- Monitor Transactions: Keep an eye on transactions in real time and set up alerts for suspicious activity. This can help you identify fraudulent transactions and take action quickly.
- Limit High-Risk Transactions: Consider setting limits on transactions that are considered high-risk. For example, you could limit transactions from countries that are known for high levels of fraud or transactions that exceed a certain amount.
- Train Your Employees: Train your employees on how to identify and prevent fraud. Make sure they are aware of common fraud schemes and know how to respond to suspicious activity.
By implementing these steps, an online company can reduce the risk of fraud and protect both its customers and its business from financial losses.
Alerts as a tool for fraud prevention
One of the most efficient ways to battle fraud is alerts, which provide in real-time data regarding the transactions.
Consumer clarity
Consumer clarity is a service provided by Ethoca that offers real-time data on consumer behavior to help merchants make informed decisions about accepting or rejecting transactions. The service uses a combination of machine learning algorithms and human expertise to analyze transaction data and provide merchants with insights into customer behavior, such as whether the customer has a history of chargebacks or if their IP address is associated with fraudulent activity. The alerts provided by Consumer clarity can help merchants identify potential fraud and reduce the risk of chargebacks.
Order insight alerts
Order insight alerts, on the other hand, is a service provided by Verify that helps merchants identify potentially fraudulent transactions by analyzing data from multiple sources. This includes device fingerprinting, behavioral biometrics, and data from the Verify network, which includes millions of verified users and transactions. The Order insight alerts provide merchants with real-time insights into the risk level of a transaction, allowing them to make informed decisions about whether to accept or reject the transaction. The service is designed to be highly accurate, with a low false positive rate, and to help merchants reduce their risk of chargebacks and fraud.
As card schemes are constantly working on the reduction of friendly fraud impact on the merchants. One of the latest enhancements is CE (Compelling evidence) 3.0 the mandate of which will come in place on 15th April 2023.
With such initiative via Order Insight alerts it is possible to prevent fraudulent chargebacks by providing transaction details when users contact the bank, rather than contesting the chargeback after it is received. Unlike RDR, this initiative also saves revenue as the refund does not need to be issued.
How Order Insight alerts work ?
When a user raises a complaint about an unrecognized card transaction, the bank (i.e., the card issuer) is contacted. The bank's representative issues a Chargeback with Fraud Reason Codes (VISA - 10.4, MasterCard - 4837) and sends Fraud Notifications TC40/SAFE. The merchant who processed the transaction receives the Chargeback and checks if there were at least two successful transactions made by the user in the last 120 days. Additionally, the merchant checks if the IP and Device fingerprint match the user's transaction data.
To send the required set of details to the issuing bank (using VISA Order Insight or MasterCard Consumer Clarity functionality), the merchant provides at least two dividends:
- Customer Account ID
- IP address
- Delivery address
- Device ID
- Device fingerprint
One of the these two data elements is requied to be either IP Address or Device ID or Device Fingerprint.
If the merchant uses the Solidgate form, the IP and Device fingerprint are tracked automatically.
Kindly note that it is important that the two previous transactions and the disputed transaction match by these parameters:
- PAN
- MID or Descriptor (first 6 characters, or in case you use dynamic descriptors with an asterisk (*) character within your Merchant Name, you can specify your enrollment to be all characters up to and including the asterisk)
- IP address
- Device fingerprint
Historical transactions may have been disputed but not for any Fraud reason code. Also no prior fraud on such transactions was reported.
Please find the demonstration of the Order Insight alert work:
1. The customer contacts their issuing bank and reports fraud.
2. The Issuer initiates a 10.4 fraud chargeback.
3. Verify sends the "Order Insight" alert with the request for order details for the disputed Visa transaction.
4. SolidGate automatically matches the alert to the transaction and transmits the needed data.
5. Issuing bank checks the provided details and decides if the dispute is eligible.
6. - 7. If eligible, additional requests for historical transactions (minimum 2 and maximum 5 of the transaction can be outlined) are sent
8. SolidGate provides all the needed details for compliant historical transactions.
9. The Issuing bank validates the responses and blocks the fraud dispute if the Visa Rule criteria are met.
10. The Card issuer notifies the customer that a fraud dispute is not permitted.
As a result, the chargeback and fraud are successfully challenged, they do not count in the chargeback and fraud rate respectively, fees are not counted and also the sum of the transaction in question has not been written off the balance.