Visa and Mastercard both introduced new, lower thresholds to their fraud and chargeback programs in October of 2019 with stringent thresholds that may result in merchants shunning the risks of ecommerce transactions and facing fines and fees for excessive chargebacks. It’s important to understand mail order/telephone order transactions differ from ecommerce transactions and some of the policy changes don’t apply. 

What is the change?

Visa, Discover, American Express, and MasterCard all impose rules and conditions on merchants as a condition of accepting their respective card brands. One of those conditions is that merchants are bound to having a minimum number of chargebacks each year and specifically, Card-Not-Present (CNP) fraudulent chargebacks. If a merchant exceeds the acceptable number of chargebacks, they will be placed into a monitoring program. Once a merchant account lands in a monitoring program, the merchant is subject to fines and fees until the chargeback or fraud rates are effectively reduced. The most recent update from Visa, effective October 1, 2019, is aimed to protect the integrity of the payment network and keep these fraudulent transactions down.

MasterCard has also created an entirely new chargeback program for U.S. based merchants, called the Excessive Fraud Merchant (EFM) Compliance Program. One of the major changes is a requirement that merchants must have at least 10% of their total CNP transactions run through 3D Secure, a technical standard created by Visa and MasterCard to further secure CNP transactions over the Internet. MasterCard calls their system “MasterCard SecureCode” and Visa call theirs “Visa Secure”. 3D Secure protects a cardholder against unauthorized use when the card number is used for online transactions by validating the specific transaction made over the internet with a personal code sent to the cardholder’s cell phone or email address as a one-time PIN. This new rule encourages merchants to adopt this additional security layer for online transactions. We recommend it as well since it will protect merchants from incurring losses.

The cost of caution

For merchants who use a “Buy Online – Pickup In Store (BOPIS) model of business, Visa and MasterCard’s updated monitoring program could be an unexpected constraint. As BOPIS becomes more popular with consumers, fraudsters also recognize the opportunity and seize it. BOPIS fraud is up 250% from 2018. Merchants who attempt to add additional identification checks during an in-store pickup could increase the length of transaction time and irritate a customer who might have an easier experience ordering from Amazon and waiting for a doorstep arrival. It’s a fine line to walk between convenience and fraud management.

Remedy is powered by Chosen Payments whom is a registered ISO and FSP of Wells Fargo Bank, N.A., Concord, CA and BBVA USA, Birmingham, AL., and Elavon, Inc., N.A., Atlanta, Georgia, and Evolve Bank & Trust; Memphis, TN., and Merrick Bank, N.A., Draper, UT.