Risk Mitigation in Travel. New Trends to Reduce Fraud and Increase Revenue

Similar documents
NDMS Risk Compliance Program

Adyen Fraud & Excessive Charge Back Manual. Version 6.0 Adyen B.V.

Visa fraud and chargeback monitoring programmes

Chargeback Reason Code List - U.S.

What is EMV? What is different?

Retrieval & Chargeback Best Practices

Chargebacks & Retrievals. Expand Your Knowledge

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

What Merchants Need to Know About EMV

UPCOMING SCHEME CHANGES

Mitigating Fraud Risk Through Card Data Verification

Credit/Debit Card Processing Requirements and Best Practices. Adele Honeyman Oregon State Treasury Training Specialist

PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS

Merchant Account Glossary of Terms

Clark Brands Payment Methods Manual. First Data Locations

Merchant Guide to the Visa Address Verification Service

Fraud Awareness Session -WestJet Presented by Alexis Gunderson Team Leader WestJet Fraud Investigation

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Visa Canada Interchange Reimbursement Fees

Risk Management Service Guide. Version 4.2 August 2013 Business Gateway

ELECTRONIC VALUE TRANSFER CONTRACT (EVT) CREDIT CARD CHARGEBACKS. What is a Chargeback?

Avoiding Fraud. Learn to recognize the warning signs for fraud and follow these card acceptance guidelines to reduce your risk.

Blackbaud Merchant Services Web Portal Guide

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

Fall Conference November 19 21, 2013 Merchant Card Processing Overview

Credit Card Processing, Point of Sale, ecommerce

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Pima Federal Visa Credit Cards Frequently Asked Questions (FAQs)

EMV and Restaurants What you need to know! November 19, 2014

EMV EMV TABLE OF CONTENTS

Chargeback Management Guidelines for Visa Merchants

Merchant Account Service

Acceptance to Minimize Fraud

The need for a secure & trusted payment instrument in e-commerce. Ali AlMeshal

Risk & Fraud Management Solutions

Chargelytics Consulting

EMV A Gated Parking Systems Perspective PIE March 18 th 2014

Five Steps Towards Effective Fraud Management

EMV FAQs for developers

The Canadian Migration to EMV. Prepared By:

RSA Adaptive Authentication For ecommerce

CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb

PayPass - M/Chip Requirements. 5 December 2011

Streamline Cardholder Authentication. Avoid being the target of online fraud

What is Interchange. How Complex is Interchange?

Visa Acceptance Guide for the Car Rental Industry

Credit Card Acceptance & Chargeback Prevention

Visa global Compromised Account

Merchant Processing. Trends and Truths. Roger Raney TransFirst Regional Sales Manager

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

EMV and Small Merchants:

Global Airline Merchant Best Practices Guide

CPIM Academy. Cash 257 Merchant Services and Revenue Collection

Security Rules and Procedures Merchant Edition. 5 February 2015

Merchant Best Practices & Guidelines

MasterCard Special Edition

Card Not Present Fraud Webinar Transcript

New Account Reference Guide

MASTERCARD SECURECODE ISSUER BEST PRACTICES

BinBase.com REPORT: credit card fraud

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch

Your Reference Guide to EMV Integration: Understanding the Liability Shift

April 12, To: Verified by Visa Merchants Verified by Visa Acquirers Verified by Visa Merchant Service Providers

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

Fraud Prevention and Program Security Gord Jamieson Director Risk Management & Security Visa Canada Association

Card Acceptance Best Practices Playing it Safe at the Point of Sale

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

Payments Transformation - EMV comes to the US

General Industry terms

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Visa Merchant Best Practice Guide for Cardholder Not Present Transactions

Introductions 1 min 4

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Internet Authentication Procedure Guide

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

ELECTRONIC FUND TRANSFER AGREEMENT AND DISCLOSURE PERSONAL CHECK and/or ATM CARD

A multi-layered approach to payment card security.

M/Chip Functional Architecture for Debit and Credit

CREDIT CARD PROCESSING GLOSSARY OF TERMS

EMV Chip and PIN. Improving the Security of Federal Financial Transactions. Ian W. Macoy, AAP August 17, 2015

Security Rules and Procedures Merchant Edition

Purchasing Card (P-Card) Policy and Procedure Frequently Asked Questions

Payment System Forum and Exhibition 2014 Sasana Kijang, Kuala Lumpur

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

An access number, dialed by a modem, that lets a computer communicate with an Internet Service Provider (ISP) or some other service provider.

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Address Verification System (AVS) Checking

The following information was prepared to assist you in understanding potential Electronic Value Transfer terminology.

Fundamentals of EMV. Guy Berg Senior Managing Consultant MasterCard Advisors

How To Spot & Prevent Fraudulent Credit Card Activity

Understanding and Preventing Chargebacks and Retrievals

Transcription:

Risk Mitigation in Travel New Trends to Reduce Fraud and Increase Revenue

wherever people pay

What We Are Going to Discuss Today 3D Secure: Turning a conversion killer into a revenue creator. Transaction Linking: Re-thinking blacklists. Leveraging transaction linking technology. General Trends: What changes are having an impact on airline risk mitigation.

3D Secure: Creating Revenue

The Worst Case Scenario 3DS Friction Forgotten Pasword

The Customer Experience is More Varied Enrolled without Smart Authentication: Enrolled with Smart Authentication: Not Enrolled:

Approach 1: Shift Refusals to 3D Secure Why Deny Transactions When You can Leverage Liability Shift? We shifted a large portion of greyarea automated risk refusals to 3D Secure instead of refusing. The result was a 8.5% increase in conversions.

Approach 2: Target High-Conversion Countries

Approach 3: Target BINs Based on Performance More and more issuing banks are using risk-based authentication.

Approach 4: Target BINs that are not enrolled Free liability shift for the taking. Not Enrolled:

Key Takeaway: Move from Binary to Dynamic 3D Secure Logic Geographic Performance Logic 3D Secure Non-3D Secure Enrollment Logic Risk Based Logic Smart Issuer Logic

Transaction Linking: Moving Away From Blacklists

The Problem Fraudsters are constantly changing attributes in an attempt to appear to be new shoppers. Maintaining blacklists is operationally arduous and non-comprehensive.

The Behavior of a Good Shopper Login Identities: brian.dammeir@gmail.com, brian.dammeir@adyen.com, happyhobbit989@gmail.com Number of Phone Numbers: 3 Number of Devices: 2 tablets, 3 laptops, 2 desktops, 2 phones Number of Countries Purchased From: 7 Number of Distinct Credit Cards: 8 (2 exp.) Anomalies: Multiple declines and AVS mismatches due to international travel

The Solution Eliminate blacklisting by using an asynchronous transaction-linking system: 1. Track shoppers across identities, devices, and networks. 2. Leverage for both risk mitigation and friction elimination for loyal customers 3. Provide robust visualizations to Risk Agents that tell the story of the user.

Another Example Fraudsters can cycle through cards easily Individual Attribute Card Number: 12341234****1234 Manual Label Label: Card had chargeback One-Off Rule WHEN Card Number = 12341234****1234 THEN CHALLENGE

Another Example Define Behavior not Attributes Generalized Velocity and Consistency Rules Rule: WHEN Shopper has had >0 chargebacks THEN CHALLENGE One-Off Rule

Key Takeaways 3D Secure When done dynamically, 3D Secure can be revenue positive. Transaction Linking Transaction linking algorithms surpass blacklisting in efficacy and operational overhead. Automation Decreased booking-to-trip time and industry growth make automation more attractive.

Questions?

Loss Prevention North America Card Brand Chargeback/Fraud Programs

Agenda Visa Chargeback Monitoring Program (VCMP) Visa Global Merchant Chargeback Monitoring Program (GMCMP) MasterCard Excessive Chargeback Program (ECP) Visa Fraud Monitoring Program (VFMP) MasterCard Global Merchant Audit Program (GMAP)

Visa Chargeback Monitoring Program (VCMP) Updates from Elavon

VCMP Thresholds Standard Program: 100 chargebacks AND 1% ratio of chargebacks-to-sales transactions Early Warning Notifications 75 or more chargebacks AND 0.75% or higher ratio of chargebacks-to-sales transactions NOTE: Chargeback reduction plans not required for Early Warning notifications

VCMP Stages Standard Timeline: Month 1 Notification Visa notifies acquirer that the merchant has been identified in the program. Months 2-4 (Workout Period) Acquirer/merchant must implement actions to reduce chargebacks; provide Visa with a remediation plan; acquirer must provide monthly updates to the plan. Months 5-11 (Enforcement Period) Continue to implement remediation plan. Beginning month 8 notify merchant they may lose Visa acceptance privileges and provide written confirmation to Visa. Program fees and non-compliance assessments now eligible. Month 12 (Enforcement Period) Merchant is eligible for disqualification; continue to be eligible for program fees and non-compliance assessments.

VCMP Fees Standard Timeline: Months 1-4 No Non-compliance assessments or program fees. Months 5-7 US $50 per chargeback Months 8-9 US $100 per chargeback Months 10-12 US $100 per chargeback plus US $25,000 review fee

Visa Global Merchant Chargeback Monitoring Program (GMCMP) Updates from Elavon

GMCMP Thresholds Meet or exceed the following: 200 international chargebacks 200 international transactions 2% ratio of international chargebacks to international transactions

GMCMP Fees Standard Timeline: Months 1-3 No Non-compliance assessments or program fees. Months 4-9 US $100 per international chargeback If the acquirer and merchant have not implemented procedures to reduce chargebacks, a fee of US $200 per international chargeback may be assessed. Beyond month 9 US $100 per international chargeback plus US $25,000 review fee If the acquirer and merchant have not implemented procedures to reduce chargebacks, a fee of US $200 per international chargeback may be assessed.

MasterCard Excessive Chargeback Program ECP

ECP Thresholds Chargeback-Monitored Merchant (CMM) 100 chargebacks AND 1% ratio of chargebacks-totransactions Excessive Chargeback Merchant (ECM) Two consecutive calendar months of a minimum of 100 chargebacks AND 1.5% ratio of chargebacks-totransactions

ECP Stages CMM: CTR reporting required by the acquirer to MasterCard monthly until merchant is no longer identified as a CMM for 2 consecutive months. Tier 1 ECM: Month 1-6 Acquire must submit ECM report within 30 days of the end of the 2 nd trigger month until the merchant is below 1.5% for two consecutive months. Tier 2 ECM: Month 7-12 Acquirer may be advised by MasterCard regarding the action plan and other measures they should take or consider taking to reduce the merchant s CTR; and/or Require the acquirer to undergo a Global Risk Management Program Customer Risk Review After a merchant has been an ECM for 12 months (consecutive or nonconsecutive) the acquirer will be deemed to be in violation of the Illegal or Brand-damaging Transactions Rule.

ECP Fees Standard Timeline: Months 1: No fees Months 2-12: Reporting fee - US $100 for each ECM Issuer Reimbursement Fee - US $25 for each chargeback above the 1.5% threshold Violation Assessment Fee Issuer reimbursement fee times CTR divided by 100 After month 12: Noncompliance assessments of up to US $50,000 per month that the merchant remains an ECM

Visa Fraud Monitoring Program (VFMP)

VFMP Thresholds Early Warning: US $50,000 or more in fraud dollar amount AND 0.75% or higher ratio of fraud-to-sales dollar amount Standard Program: US $75,000 in fraud dollar amount AND 1% ratio of fraud-to-sales dollar amount High-Risk Program: US $250,000 in fraud dollar amount AND 2% ratio of fraud-to-sales dollar amount

VFMP Stages Standard Timeline: Month 1 Notification Visa notifies acquirer that the merchant has been identified in the program. Months 2-4 (Workout Period) Acquirer/merchant must implement actions to reduce fraud levels; provide Visa with a remediation plan; acquirer must provide monthly updates to the plan. Months 5-11 (Enforcement Period) Continue to implement remediation plan. Beginning month 8 notify merchant they may lose Visa acceptance privileges and provide written confirmation to Visa; and Eligible for chargebacks related to reason code 93 (Merchant Fraud Performance Program) for fraud transactions associated with current month s program identification Month 12 (Enforcement Period) Merchant is eligible for disqualification; continue to be eligible for chargebacks for reason code 93.

VFMP Fees Standard Timeline: Months 1-3 - No Non-compliance assessments Months 4-12 No non-compliance assessments; Reason Code 93 chargeback liability applies. High Risk Timeline: Months 1-3 US $10,000 per merchant case per month; Reason Code 93 chargeback liability applies from month 1 onward. Months 4-6 US $25,000 per merchant case per month; Reason Code 93 chargeback liability applies. Months 7-9 US $50,000 per merchant case per month; Reason Code 93 chargeback liability applies. Months 10-12 US $75,000 per merchant case per month; Reason Code 93 chargeback liability applies.

Visa Global Merchant Chargeback Monitoring GMCMP

GMAP Thresholds Tier 1 (Informational Fraud Alert): 3 fraudulent transactions; at least US $3,000 in fraudulent transactions; a fraud-to-sales dollar volume ratio of 3% and not exceeding 4.99% Tier 2 (Suggested Training Fraud Alert): 4 fraudulent transactions; at least US $4,000 in fraudulent transactions; a fraud-to-sales dollar volume ratio of 5% and not exceeding 7.99% Tier 3 (High Fraud Alert): 5 fraudulent transactions; at least US $5,000 in fraudulent transactions; a fraud-to-sales dollar volume ratio minimum of 8%

GMAP Stages All Tiers: Acquirer should evaluate the fraud control measures and training procedures in place for the merchant. Tier 3: MasterCard will determine whether to initiate an audit of the merchant location. MasterCard notified acquirer. Acquirer response due within 30 days. Fraud control action plan required within 90 days. MasterCard will review for a chargeback liability period (6 months and begins on the first day of the fourth month following the Tier 3 identification). MasterCard may extend the chargeback liability period to 12 months. Issuer chargeback rights will apply for reason code 4849 (Questionable Merchant Activity).

Dispute Resolution February 2016 CONFIDENTIAL AND PROPRIETARY

EMV Liability Shift

EMV Liability Shift is effective in the United States for all card types. U.S. EMV Liability Shift Dates: Visa, MasterCard, Interlink, and Maestro: October 1, 2015 American Express, Discover: October 16, 2015 After October 2015, all cards in the United States are supposed to be chip cards and all terminals are supposed to be able to accept chip cards. The majority of fraud chargebacks will be chip based. Applies to Face-to-Face transactions, not Card-absent Environment transactions. Fallback transactions Occurs when a contact chip card is used at a chip-capable POS terminal but the card details are not captured via chip technology and the transaction fall-back to magnetic stripe or keyed. Liability depends on which side did not support EMV technology. EMV LIABILITY SHIFT

EMV Chargeback reason codes Visa 57 Fraudulent Multiple Transactions 62 Counterfeit Transaction 70 Card Recovery Bulletin 81 Fraud Card-Present Environment MasterCard 4837 Fraud Card-Present Environment 4870 Chip Liability Shift 4871 Chip/Pin Liability Shift Discover 4866 UA05 Fraud Chip Card Counterfeit Transaction 4867 UA06 Fraud Chip and PIN Transaction Amex F30 EMV Counterfeit F31 EMV Lost/Stolen EMV LIABILITY SHIFT

Incoming Disputes

Airline Disputes NA and Canadian Dollar Amount - North America Dollar Amount - Canadian $76,102,475 $86,766,355 Incoming 215,843 Fraud 179,565 $8,893,016 $9,064,927 Incoming 10,786 Fraud 10,090 Of this, EMV dollar amount is $44,285 for 364 disputes Of this, EMV dollar amount is $125,073.70 for 110 disputes INCOMING DISPUTES

Hotel Disputes NA and Canadian Dollar Amount - North America Dollar Amount - Canadian $10,660,918 $17,687,461 Incoming 61,574 Fraud 34,763 $400,072 $432,773 Incoming 1,164 Fraud 913 Of this, EMV dollar amount is $2,418 for 4 disputes Of this, EMV dollar amount is $4,266 for 15 disputes INCOMING DISPUTES

Tips and Changes

Acquirers will have difficulty defending chargebacks for the following reason codes if the carrier fails to obtain proof of cardholder authorization. Reason Code 81, 83, and 4837, as well as any other fraudulent related reason code If this information is unattainable, the carrier should still provide compelling evidence during the chargeback cycle. Compelling evidence may include: Address Verification (AVS) Card Verification Value (CVV & CVC) Proof that cardholder name matches the customer s name TIPS

Reason Code Description Chargeback Conditions Representment Conditions Visa and Visa Europe 30 Airline transactions Services Not Rendered [NP] The cardholder claims that the services were not received as expected For an airline transaction, evidence that the name included in the flight manifest for the departed flight matches the name provided on the purchased itinerary. Visa 81 Fraudulent Transaction Card Present [NP] The cardholder claims that they did not authorize a card present transaction Provide proof of a signed & swiped, or a signed & imprinted, transaction and/or evidence that the name included in the flight manifest for the departed flight matches the name provided on the purchased itinerary. Visa 83 Fraudulent Transaction Card Not Present [NP] The cardholder claims that they did not authorize a card not present transaction Provide documentation proving the cardholder participated in the transaction and/or evidence that the name included in the flight manifest for the departed flight matches the name provided on the purchased itinerary. CHANGES

Questions?