LOS ANGELES — Beginning October 1, online businesses accepting Visa cards will have to comply with stricter anti-fraud regulations, warn experts in the field.
According to Straal CEO Michal Jedraszak and Nethone CEO Hubert Rachwalski, all monthly compliance thresholds (including the ones established by the VCMP Standard program) will be lowered from 1 percent to 0.9 percent and will affect all entities accepting cards issued under Visa brands, especially those from high-risk industries.
The experts report that these new fraud and chargeback monitoring policies pose challenges especially for companies operating in industries such as adult entertainment, travel, online video games, betting and gambling, nutraceuticals, pharmaceuticals or dating as well as those offering digital goods — often balancing on the brink of the threshold even under the current, more forgiving regulations.
At the moment, the VFMP’s (Visa Fraud Monitoring Program) monthly compliance thresholds are set up to a 1 percent fraud-dollar-to-sales-dollar ratio. Similarly, the VCMP’s (Visa Chargeback Monitoring Program) ones are established to a 1 percent ratio of disputes-to-sales-transaction count. These figures relate to MATCH (Member Alert to Control High-Risk Merchants) — a system designed by Visa to monitor businesses experiencing excessive fraud attacks as well as encourage them to incorporate measures targeted at preventing fraudulent transactions. Companies get listed on MATCH after exceeding the thresholds consecutively for several months.
Companies that are currently dangerously close to the 1 percent threshold, after the changes will fall into chargeback monitoring programs with a danger of joining the high-risk category, but Rachwalski explained how to minimize this threat.
“The new, stricter thresholds do pose a challenge to companies but there is a way to overcome this problem,” Rachwalski said. “The starting point is redefining one’s risk management strategy: the updated one might make use of deep profiling of users, which aims at understanding fully customers in digital channels, based on accurate fraudster identification. Only KYU performed in real time combined with innovative PSP’s processing that use this kind of sophisticated analytics will enable high-risk entities to continue growing.”
The tightened threshold will increase the penalties for companies that unsuccessfully set their risk management strategies, which Jedraszak translates into specific numbers.
“These fees range from $50 per chargeback up to $75,000 of a monthly noncompliance fee, depending on the threshold exceeded and noncompliance severity,” Jedraszak said. “For, say, a digital goods merchant processing high volume of low-value transactions or a company selling high-value digital or semi-digital services such a situation might lead even to bankruptcy.”
Both experts emphasize the need for online companies to work closely with PSPs to develop effective risk management strategies capable of matching the tightened monitoring thresholds. Moreover, the new regulations will also affect acquiring banks as their fraud thresholds will be lowered, too.
“First of all, the key question is about the responsibility for effective fraud prevention. Is this burden on the company’s shoulders or maybe on the PSP’s? Should an online company search for third party providers of FDP solutions on their own or expect such support from their payment gateway?” Jedraszak asked. “At Straal, we believe that in most cases the latter makes more sense.”
“While in low-risk industries a set of simple anti-fraud rules should do the job,” Jedraszak added, “in industries balancing on the brink of the threshold detection of fraudulent behavior requires more sophisticated tools and smooth cooperation between the gateway provider and the anti-fraud solution.”
Efficient fraud detection and prevention relies on huge amounts of meaningful data.
“To protect a business against fraud, one has to establish effective data gathering processes. It’s crucial to collect quality, meaningful data that will help to understand the context of fraudulent transactions,” Rachwalski explained. “It is recommended to gather detailed user data as well as rich information about transactions processed by the PSP. Joining forces at this stage translates into better fraud prevention results, meaning more accurate detections and fewer false positives.”
The experts say that as machine learning (ML) is the most efficient way to spot differences between legitimate users and fraudsters with high accuracy and in real time, collecting big amounts of meaningful data and providing its smooth flow between systems is paramount, with the key principle of ML being the more data it gets, the more accurate predictions it gives.
“The more data a model receives, the better results machine learning generates. In this context, it means better fraud prevention thanks to more accurate predictions,” Jedraszak concluded. “However, training a model takes time — it is worth commencing the process now so that it is perfectly ready when the new regulations take effect.”
Both experts agree that online companies approaching the current 1 percent fraud threshold should contact their PSP and ask what is going to change once the new regulations come into force. It may be also necessary to agree on a new risk management strategy.
