February 01, 2016
Online Payments and Fraud: What You Don’t Know Could Cost You Millions
by Polly A. Bauer
As network marketers position their businesses for global e-commerce expansion, they’re finding there is no such thing as business as usual.
According to a recent trend report from eMarketer, smartphones are making mobile shopping easier and more efficient, and that will not only translate to an increase in mobile buying but also drive up the number of inbound calls to businesses. Get ready. As mobile commerce rises so, too, will online fraud. This has huge implications from an accountability and responsibility standpoint, especially in Europe. In other words, caveat venditor—let the seller beware.
Two major shifts in the last quarter of 2015 drastically changed the liability for protecting consumer information online. First, the mandated implementation of EMV chip cards in the U.S. last October moved fraudster attacks from in-person to online stores. Second, the nullification of the Safe Harbor agreement between the European Union and the U.S. Department of Congress upended long-standing best practices for data handling and security. To better understand the depth and impact of these global game changers on the future, we need to take a step back and review the histories as well as present implications.
EMV Chip Cards Escalate Online Fraud
In 2002, European merchants began the migration to chip cards and EMV became the standard for chip technology across the pond. While international travelers worried less about their credit cards being cloned and counterfeited during in-person transactions, online fraud rates soared, increasing 97 percent between 2004 and 2008, according to Bank of International Settlements, Financial Fraud Action, BI Intelligence.
With the implementation of EMV chip cards in the United States last October, the liability for fraudulent transactions shifted from the issuing bank to the merchant. Although EMV technology makes in-person transactions safer, online merchants can’t accept chip and pin cards, yet they still have 100 percent liability for Internet fraud.
The impact to network marketers is significant when you consider that the estimated rise in fraudulent transactions for companies doing business online is now over 40 percent. Couple that with the fact that nearly 80 percent of online merchants weren’t prepared or weren’t knowledgeable enough to put in system security measures to authenticate a transaction. And penalties for businesses include being placed on the card association’s excessive chargeback list and incurring additional fees per transaction.
In addition, businesses that rely on autoship revenue can expect to have increased declined transactions, which can result in lost business. Anticipating these increases and fraud losses, bank card associations and major merchants have been working toward anti-fraud solutions.
Risk-Based Approach to Authentication Is Key
Authentication describes a process where the card holder’s identity is verified in “real time” by the merchant. Although the process is not new, the technology driving it has improved drastically over the last 24 months. This is a win-win-win for issuers, cardholders and retailers.
The leading solution that protects online merchants from high declines, fraudulent transactions and increased fraud chargebacks is the authentication protocol 3D Secure. Services based on this protocol have been adopted by Visa (Verified by Visa), MasterCard, (MasterCard Secure Code), American Express (SafeKey) and JCB International (J/Secure).
This additional security layer for online credit and debit transactions gives merchants more control over the approval process and protects them from fraud losses. For issuers it reduces fraud rates, and for cardholders it’s a safer, more efficient online checkout process. Bottom line? More transactions, higher conversion rates and increased sales equal satisfied customers. Not to mention a reduction in customer support calls, which translates to reduced costs.
Safe Harbor Demise De-Escalates Global Expansion
The Safe Harbor agreement was inked over 15 years ago to ensure protection of personal data being transferred from within the European Economic Area (EEA) to the United States. The EEA comprises 31 countries, and the agreement protected U.S. merchants from having to comply with each individual country’s privacy laws in addition to the Payment Card Industry Data Security Standard (PCIDSS) compliance.
Last October, the Safe Harbor act was no longer honored by the European Court of Justice. The act was declared a privacy risk, and businesses were asked to comply with stricter privacy regulations that state any personally identifiable information of a European (EU) citizen must stay in Europe. It cannot be stored, viewed or processed outside of the EU country. The penalty to a company for breaking EU privacy laws are purported to be as high as 5 percent of the company’s global revenue.
According to CNN Money and other business news reports, the European court ruling is part of a pro-privacy initiative to protect Europeans from “mass indiscriminate surveillance and interception” of personal data by the U.S. authorities and is a “direct consequence of revelations made by whistleblower and former National Security Agency contractor Edward Snowden.”
Although large technology companies like Microsoft, Google and Amazon are reported to have workarounds in place for data transfers beyond Safe Harbor and a solution for major merchants doing business in Europe, smaller companies and consumers could experience significant challenges going forward.
Best practice recommendations for any network marketing company doing business in Europe is to consult a global legal advisor for clarity and to develop a next-step strategy for a more restrictive approach to data transfer and the handling of European data.
Authentication for Every Transaction a Must
Since almost all consumer trends involve the Internet, “many aspects of our physical lives are merging with our online habits: shopping, working, socializing, watching TV, studying, traveling, listening to music, eating and exercising.” These are just a few examples from the December 2015 Ericsson Consumer Insight Summary Report, based on a global research program that’s been studying consumer behavior in over 40 countries and 15 megacities for 20 years.
We don’t really need research to tell us this or that the future of personal selling and downline recruiting for direct sellers is already online or that as e-commerce continues to grow so does the number of fraudulent card purchases—and with it chargebacks. But we do need to be ready for it.
Authentication is the key to consumer confidence and to shifting liability from the merchant to the card issuer on the chargeback. Merchants currently using authentication protocols in each transaction are reporting an increase in sales, the ability to challenge and control the transaction authorization process, a reduction in processing costs (interchange) and a stronger relationship with issuing banks.
Now is the perfect time to build a strategy, a business case and an implementation plan for new authentication standards that confirm the identity of the buyer at the time of purchase. Transactions processed using authentication protocol are triple crown winners; the transactions qualify for chargeback protection and a hefty discount on interchange fees. Make 2016 your year to be fraud lean.
With more than 35 years in the credit industry, Polly A. Bauer currently serves as CEO of Polly Bauer & Associates, Founding Chairman and Board Member for Direct Response Forum, a Board Advisor to the CNP-Europe, and as Payments Advisor and Director to multiple tech and direct sales organizations.