According to analyses by internet commerce experts, beginning October 1, 2019, online businesses accepting Visa cards will have to comply with stricter anti-fraud regulations. All monthly compliance thresholds (including the ones established by VCMP Standard program) will be lowered from 1% to 0.9%, which will affect all entities accepting cards issued under Visa brands, especially companies from high-risk industries. Michał Jędraszak, CEO of Straal, and Hubert Rachwalski, CEO of Nethone, have joined forces to explain what consequences the new regulations might bring for businesses and how to get ready for the upcoming changes.
The new fraud and chargeback monitoring policy poses challenges especially for companies operating in industries such as adult entertainment, travel (OTAs, airlines), online video games, betting and gambling, nutraceuticals, pharmaceuticals or dating as well as those offering digital goods—entities which are often balancing on the brink of the threshold even under the current, more forgiving regulations.
At the moment, the VFMPs (Visa Fraud Monitoring Program) monthly compliance thresholds are set up to a 1% fraud-dollar-to-sales-dollar ratio. Similarly, the VCMPs (Visa Chargeback Monitoring Program) thresholds are established to a 1% ratio of disputes-to-sales-transaction count. These figures relate to MATCH (Member Alert to Control High-Risk Merchants), a system designed by Visa to monitor businesses experiencing excessive fraud attacks as well as to encourage them to incorporate measures targeted at preventing fraudulent transactions. Companies get listed on MATCH after exceeding the thresholds consecutively for several months.
After the changes go into effect, companies that are currently dangerously close to the 1% threshold will fall into chargeback monitoring programs with a danger of being put into the high-risk category.
Hubert Rachwalski, CEO of Nethone, explains how to minimize this threat:
"The new, stricter thresholds do pose a challenge to companies but there is a way to overcome this problem," Rachwalski said. "The starting point is redefining one’s risk management strategy: the updated one might make use of deep profiling of users, which aims at understanding fully customers in digital channels, based on accurate fraudster identification. Only KYU [Know Your Users] performed in real time combined with innovative PSP’s processing that use this kind of sophisticated analytics will enable high-risk entities to continue growing."
The tightened threshold will increase the number of penalties for companies that do an insufficient job of resetting their risk management strategies. Straal’s CEO Michał Jędraszak translates the threat into specific numbers.
"These fees range from $50 per chargeback up to $75,000 of a monthly non-compliance fee, depending on the threshold exceeded and non-compliance severity," explained Mr. Jędraszak. "For, say, a digital goods merchant processing high volume of low-value transactions or a company selling high-value digital or semi-digital services, such a situation might lead even to bankruptcy."
Both experts emphasize that online companies should now work closely with PSPs to develop effective risk management strategies, capable of matching the tightened monitoring thresholds. Moreover, the new regulations will also affect acquiring banks as their fraud thresholds will be lowered, too. As a result, this party will also get involved in working on more effective fraud prevention.
"First of all, the key question is about the responsibility for effective fraud prevention," Mr. Jędraszak stated. "Is this burden on the company’s shoulders or maybe on the PSP’s? Should an online company search for third party providers of FDP solutions on their own or expect such support from their payment gateway? At Straal, we believe that in most cases the latter makes more sense. While in low-risk industries, a set of simple anti-fraud rules should do the job, in industries balancing on the brink of the threshold detection of fraudulent behavior requires more sophisticated tools and smooth cooperation between the gateway provider and the anti-fraud solution."
Efficient fraud detection and prevention relies on collecting and crunching huge amounts of meaningful data.
"To protect a business against fraud, one has to establish effective data gathering processes. It’s crucial to collect quality, meaningful data that will help to understand the context of fraudulent transactions," explained Mr. Rachwalski. "It is recommended to gather detailed user data as well as rich information about transactions processed by the PSP. Joining forces at this stage translates into better fraud prevention results, meaning more accurate detections and fewer false positives."
As Machine Learning (ML) is the most efficient way to spot differences between legitimate users and fraudsters with high accuracy and in real time, collecting big amounts of meaningful data and providing its smooth flow between systems is paramount. The key principle of ML is, the more data it gets, the more accurate predictions it gives.
"The more data a model receives, the better results Machine Learning generates," opined Mr. Jędraszak. "In this context, it means better fraud prevention thanks to more accurate predictions. However, training a model takes time. It is worth commencing the process now so that it is perfectly ready when the new regulations take effect."
Both experts agree that online companies approaching the current 1% fraud threshold should immediately contact their PSP and ask what is going to change once the new regulations come into force. It may be also necessary to agree on a new risk management strategy or just find a PSP cooperating closely with a quality fraud-fighting partner.
Straal is an international provider of payment, optimization and fraud prevention solutions for future-minded businesses. The company offers a comprehensive suite of products that make accepting digital payments easier, as well as more effective and secure. Straal enables accepting one-off and recurring payments carried out by customers with credit and debit cards of all major organizations, initiating SEPA Direct Debit cycles and more. Thanks to Straal, customers can pay in currencies of their choice (over 150 options), using their preferred desktop and mobile platforms, while merchants can effectively maximize their transaction approval rate and mitigate risk. Founded in 2017, the company is headquartered in Warsaw, Poland. To learn more, go to Straal.com.
Nethone is a global leader in AI-driven KYU (Know Your Users) solutions that help enterprises from all around the world convert cyberthreats into well-informed, profitable decisions. From world-class fraud prevention to account takeover detection based on advanced behavioral biometrics, Nethone services simultaneously protect bottom lines and elevate profits of forward-looking businesses. Founded in 2016 by experienced data scientists, security experts, and business executives, Nethone is one of the fastest-growing tech companies in Central Europe. Since the beginning of March 2019, Nethone has been a part of the world’s most prestigious travel tech acceleration program headquartered in Silicon Valley: Plug-and-Play. More details can be found at Nethone.com.