Relief for the Chargeback Blues?

  High chargeback rates pose one of the greatest obstacles to the growth of e-commerce. But with the aid of a broad range of anti-fraud measures, online retailers finally are experiencing a dramatic decrease in chargebacks.
  From the beginning of electronic commerce, the chargeback has been the constant-and unwanted-companion of online merchants.
  E-merchants operate in a card-not-present environment and are particularly vulnerable to so-called "I-didn't-do-it fraud" in which cardholders deny purchasing an item or service. Since the Web retailer doesn't have a sales slip with a customer's signature, this type of fraud almost always ends up as a chargeback.
  Such customer disputes account for the majority of chargebacks for e-merchants, and they are costly. Not only does a merchant lose the value of the good or service, it also faces penalty fees if its chargeback rate exceeds limits set by the card companies. Chargeback penalties for fraudulent transactions are typically in the $15-to-$30 range, according to Paymentech L.P., a Dallas-based merchant acquirer. There also are internal investigation and chargeback-management costs.
  In some cases, if the merchant continues to have an excessively high chargeback rate, it can lose its card-acceptance privileges. That would be a deathblow for online merchants, since credit and signature-based debit cards remain the dominant payment vehicles on the Internet.
  With an eye to bringing chargebacks under control, e-merchants, vendors and card companies formed the Merchant Risk Council in March 2003. Since then, online retailers have seen a remarkable-and unexpectedly large-drop in chargeback rates.
  "Looking back at 2003, chargebacks are where we kind of made the industry difference," says Julie Fergerson, co-founder and vice president of emerging technologies for Austin, Texas-based ClearCommerce Corp., and co-chairman of the Merchant Risk Council.
  An MRC survey of 217 retailers, representing about 7% of the council's merchant base, found a dramatic drop in chargeback rates last year, Fergerson says. Of small merchants, 89% reported a rate of less than 0.35% of sales volume last year, compared with 58% under 0.35% in 2002.
  Medium-size merchants showed a similar trend, with 65% reporting chargeback rates below 0.35% in 2003, up from 54% a year earlier. About 50% of large merchants reported a rate of less than 0.35% in 2003, compared with 38% in 2002. And of very large merchants, 57% reported a chargeback rate below 0.35%, up from 38% a year earlier. Merchants generally qualify for lower discount rates if they cut chargeback rates.
  Paying Attention
  The survey didn't ask specifically what steps merchants took to reduce their chargebacks, Fergerson says. But the adoption of a broad range of anti-fraud measures appears to play a major role.
  "Merchants are paying more attention to the fraud tools that are available," says Bob Nadeau, group manager of product development at Paymentech, which is owned by Bank One Corp. and First Data Corp. Paymentech processes more than half of all Internet transactions.
  Of merchants responding to the survey, "17% are now spending greater than 2% of their revenues on fraud prevention," Fergerson says. "That number in 2002 was 13%."
  The survey found that e-merchants are beginning to use some long-time fraud-prevention technologies, such as card verification codes and address-verification systems, which have proven effective against fraud in the physical world, in addition to newer ones, Fergerson says.
  During 2003, 55% of merchants said customizable rules were effective in combating fraud. Fifty-three percent said card verification codes were most effective; 46% cited so-called negative lists of invalid card numbers and 28% said geolocation technology, according to the survey.
  Geolocation technology takes the address of the Internet provider (IP) and identifies where the person is actually placing the order.
  In all four categories, e-merchants reported increased use of fraud-fighting measures (chart). While these measures don't work as well in the online environment as in the physical world, they do help prevent some fraud, some observers say.
  Merchant Risk
  In addition, e-merchants are beginning to adopt some of the technology developed by the card companies, processors and vendors specifically for electronic commerce, such as authentication software. While long-time fraud-fighting tools can help cut chargebacks, they don't specifically target "I-didn't-do-it" fraud.
  "Within the universe of e-commerce chargebacks, over 70% of them represent the cardholder saying, 'I didn't do it,'" says Tom Maxwell, director of global e-business and emerging technologies for MasterCard International. "While CVC2 (MasterCard's card verification code), address verification and fraud screening are all very effective tools at approximating who that cardholder is, those in and of themselves don't provide the merchant with any evidence against a chargeback."
  "Even if the merchant had a great fraud-scoring system, checked the address and did CVV2 (Visa's card verification code) ... if the cardholder says 'I didn't do it,' the merchant has the risk because it's a card-not-present transaction," adds James McCarthy, senior vice president of eVisa merchant and member sales at Visa USA. "There's not a proxy for the signature that you have at the point of sale that ties or binds the consumer to the transaction."
  That's why the card associations are pushing cardholder authentication technology-Verified by Visa and MasterCard SecureCode. Both VbyV and SecureCode tie a cardholder to a transaction via a password, the online equivalent of a signature at the point of sale of a brick-and-mortar merchant. For merchants using the associations' systems, chargeback liability for the transaction shifts from the merchant to the card issuer.
  The Issue of Demand
  But the use of cardholder authentication is not yet widespread ("The Chargeback Squeeze," November 2003). Merchants don't want to enroll in the program when there is no consumer demand, and cardholders don't see value in a program with such a small merchant base.
  MasterCard has about 2,500 issuers and 9,000 merchants enrolled in the SecureCode program worldwide, Maxwell says. "Certainly merchant adoption is something that we're very satisfied with at this point, but you've got to have more," he says. "One of our strategic thrusts this year is merchant enablement."
  At Visa, 90% of issuers make the VbyV available to more than 250 million cardholders, McCarthy says. Visa is trying to boost the number of participating merchants by guaranteeing payment of transactions for participating e-retailers even if the cardholder isn't taking part in the program. The number of merchants using VbyV was unavailable at CCM's press time.
  "In order to give that merchant the benefit while we build cardholder adoption, we said if a merchant participates in the service even if the cardholder doesn't participate, the merchant still gets the benefit," McCarthy says.
  This shifting of liability from the e-merchant to the issuer has cut chargebacks, McCarthy says. Visa studied the chargeback rates at four major merchants in industries that are driving e-commerce-travel, consumer electronics, apparel and ticketing, McCarthy says.
  Between January and September of 2003, after Visa instituted the liability shift, sales volume increased for the e-merchants while the number of chargebacks dropped. "You see the chargebacks go from 200 per month down to, in essence, under 20 per month as the liability shift worked its way through the system," McCarthy says.
  Guaranteed Payment
  American Express Co. also offers its e-merchants a form of guaranteed payment through its Automated Address Verification Plus system, or AAV+. AAV+ validates both billing and ship-to addresses for alternate ship-to transactions, says Seana Pitt, vice president of the network development group at American Express.
  AmEx discovered that items shipped to other than a cardholder's billing address "have about double the chance of being a fraudulent transaction," Pitt says.
  Prior to AAV+, merchants were protected only if they shipped to the billing address. With AAV+, a merchant "can verify that the ship-to address is an address that person has received mail at before," she says. Internet merchants are guaranteed against chargebacks for fraudulent transactions that received validation.
  American Express also is beginning to collect information, such as an Internet provider's address, browser type and an authenticated user name, as part of its authorization process. If an IP address matches one tied to a fraudulent transaction, the transaction would be rejected, Pitt says.
  "If a cardmember lives in California and the transaction is originating out of the Caribbean, maybe that's something we want to say, 'Whoa, there's got to be something wrong here,'" she says.
  In addition, if a merchant is concerned about any card-not-present transaction over $200, AmEx will contact the cardholder to verify the purchase is legitimate. "About 25% of the calls we do to cardmembers actually turn out to be fraudulent transactions," Pitt says.
  Much of the improvement in chargeback rates can be attributed to a greater awareness on the part of online merchants about ways they can minimize risk, McCarthy says. "They've begun to really look at 'where is this transaction coming from, is this a valid (IP) address or is it overseas ... is this transaction possibly fraudulent?'" McCarthy says.
  Savvy Merchants
  E-merchants are getting savvier about fraud, Paymentech's Nadeau adds. For example, crooks often come up with a legitimate bank identification number and then try to make up account numbers linked to the BIN. To determine if an account number is real, they'll submit numerous transactions with the same BIN to an e-merchant.
  "What merchants are starting to notice is 'if I know I'm getting 10 transactions coming in from this BIN, that may be an indication that something's wrong,'" he says.
  Another factor contributing to the turnaround in chargebacks is the card companies' efforts to work more closely with online merchants, a process that began at the first meeting of the Merchant Risk Council. American Express, a founding member of the council, Discover Financial Services, MasterCard International and Visa USA sponsored this year's conference, Fergerson says.
  Representatives of the four companies spoke on a panel discussing risk management. "The thing I think really blew most merchants away was that (the card companies) are actually listening to their input and coming back with new programs and ideas for the merchants," Fergerson says. "Last year was the kind of getting-to-know-you phase. This year we're actually working together."
  Adds Mary F. Dees, president and chief executive of creditranz.com, a Plano, Texas-based independent sales organization: "There's been a lot done in the last few years, both by the associations and the individual processors, to limit the fraud exposure for online merchants. Collectively, everyone has invested a little heavier."
  Dees also is president of the Washington, D.C.-based Electronic Transactions Association, a trade group for the acquiring industry representing 400 member companies in eight countries.
  Service Issues
  While fraud is a major source of chargebacks, it isn't the only source. "Not all the chargebacks are fraud-related," Nadeau says. "Some are purely service issues, too."
  The Internet is going through growing pains, Nadeau says. "If you have something that's in its infancy, you're going to have problems," he says. "Those problems can be fraud, they can be customer-service issues, things like not putting the proper descriptor on the statement. As a system matures, chargebacks go down."
  The progress e-merchants made against chargebacks over the past year is encouraging. Nevertheless, the battle rages on. While chargeback ratios have "come down significantly, it's still a big problem," says Visa's McCarthy.
  Chargebacks for face-to-face transactions are "somewhere in the neighborhood of 7 cents to 8 cents out of every $100 put on a Visa card," he says. "We are still in the 25-cents-to-30-cents range in the e-commerce channel. There's still a big gap we want to close."