April 16, 2016
Last October’s EMV liability shift brought the US into the fold as one of the final major economies to make the switch to chip-and-PIN point-of-sale technology. Veterans of EMV shifts in other parts of the world, including the EU and Latin America, warned that a surge in CNP fraud would almost certainly accompany the US EMV changeover, as it had in other markets. So far, the numbers bear this out, with CNP fraud ramping up ahead of the switch.
The good news is that by studying what’s happened post-EMV in other markets, merchants can reduce their risk of higher chargeback costs with minimal impact on the customer experience. The less-good news is that, like any other human endeavor, seeking out and adopting better fraud prevention methods is often left until it becomes a large and costly problem. The bad news is that if those new fraud controls raise the rate of false declines based on broad generalizations about customer behavior, merchants face a new and potentially worse problem.
Research presented by MasterCard and Javelin found that 32% of customers who are falsely declined never shop with that merchant again. That amplifies potential losses over time, especially because many of these shoppers are affluent and well-traveled—the exact type of customer many retailers hope to retain for life. Because false declines carry such a high potential cost, the research found that they cost US retailers 13 times more than card fraud does; it’s important to choose fraud mitigation strategies that combine robust chargeback prevention with careful analysis and evaluation of potential declines.
Based on observations of Brazil’s EMV changeover which took place from 2008 to 2011, there are several stages after the EMV liability shift in which different merchants change their technology and upgrade their fraud mitigation tools. The US market has moved past the first stage, in which the most efficient retailers moved ahead of the curve to implement better CNP fraud programs, and the second stage, in which fraudsters began to more heavily target CNP retailers and POS retailers who have yet to complete the EMV switch.
The subsequent stages all involve the remaining retailers tightening their fraud controls at a pace based on their liability tolerance, budget, and experience with increased fraud. Typically, major e-commerce players move more quickly than smaller online players, because the big brands are usually accountable to shareholders, have more fraud-mitigation resources, and would otherwise present high-profile targets.
As the number of potential high-end and mass-market e-commerce victims decreases, fraudsters move on to easier targets – small e-commerce players who may have assumed they weren’t on thieves’ radar and who don’t have the resources to run an internal fraud control program or coordinate multiple fraud-control products. These are the retailers who can least afford more chargebacks or the loss of good customers. Smaller merchants also face disproportionately high opportunity costs compared to larger competitors because they typically have to divert resources and attention from their core business to manage fraud when problems arise.
There are four fraud-protection elements that e-commerce merchants must have in place to properly defend against rising chargeback risks and protect their relationship with legitimate customers. The first, of course, is up-to-date technology to quickly and reliably screen transactions against high-quality intelligence on fraud actors and patterns. The next is human intelligence, preferably from analysts who already have experience detecting fraud in a post-EMV environment and who are proactive both in spotting fraud and in evaluating potential declines.
That leads to another important element—human involvement. It’s less high-tech to pick up the phone and contact a customer about a transaction than it is to simply let an algorithm handle it, but the results are worth it. Customers appreciate having their information verified, and merchants see fewer relationship-damaging false declines.
The final and perhaps most important element is customization of fraud solutions according to the retailer’s market, verticals and customer base. Customization means that fraud-control providers must take the time to understand the retailer’s needs, goals, and pain points and work with them as partners in fighting fraud, rather than as recipients of a one-size solution. Direct communication and a partner mindset are perhaps the most powerful fraud-abatement tools an e-commerce retailer can have in the new post-EMV landscape because they offer chargeback protection and customer experience that evolve to meet whatever new threats come along.