Blogs
Subscribe to our email alerts





Close
Beyond the Transaction: Every Transaction Has a Story
Share

Security Matters: The Evolving Fraud Chargeback

Security Matters

 

 

For those old enough to remember, their MasterCard bill used to arrive each month with copies of each sales slip in the envelope – a process known as “Country Club Billing.”

Cardholders could review their copies of slips against the slips provided with the billing and determine which were processed properly.  Those were simpler days.  But then again, the infrastructure was simpler, too.  Floor limits allowed transaction processing without authorization and even when the transaction was authorized the data was minimal. Clearing was done via paper and check in many parts of the world, and disputes were initially handled by compliance as chargebacks didn’t exist.

Computer Browsing When the chargeback process was put in place, MasterCard had to create new rules to clarify the new practices for issuers unfamiliar with it.

 

EVOLUTION OF CHARGEBACKS

As Country Club Billing was phased out due to the cost of labor in the 1970s for electronic processing, cardholders and issuers still had little knowledge how to deal with transactions in question.  Chargebacks – and the related paper trail – were used frequently to investigate the transaction to determine what happened at the terminal.

As technology evolved, so too, did the data.  Today, the authorization message provides more insight into the transaction than the sales slip ever did.  The merchant’s location, the time of the transaction, how the card’s data was placed into the terminal and more are known to the issuer.

By October 2015, floor limits will no longer be allowed, meaning that every transaction will be authorized. The issuer will be able to review every authorization request rather than reacting to challenged transactions after the fact.

Along with greater information in the authorization process, tools and systems have evolved to aid both the issuer and merchant’s processing of transactions to reduce fraud.  SecureCode, tokens and EMV provide more protection against fraud if used properly and help prevent fraud before it hits the cardholder’s monthly statement.   No system or tool is a silver bullet, and fraud will continue to occur as criminals are always trying to break into systems.

 

SIMPLIFICATION WITH TECHNOLOGY

With ever-evolving technology, fraud chargeback continues to change as well.  Until October 2013, the rules for using the primary fraud chargeback, 4837 – No Cardholder Authorization, were essentially unchanged from the original version provided in the 1970s.  Consider that Card Not Present (CNP) transactions were once limited to Mail Order/Telephone Order (MO/TO).  Magnetic stripe was added to embossment on cards for proof of card presence, followed by the use of the chip in the 1990s.  E-commerce was added to address a new form of CNP.  Layer upon layer of technology was added onto the basic 4837 chargeback.  Complexity resulted as exceptions for scenarios within each new technology needed to be addressed.

mastercard emvComplexity in the overall chargeback process created the need for a streamlined/holistic end-to-end chargeback review in 2011.  Speaking with issuers, acquirers, processors, merchants and cardholders, MasterCard gained valuable knowledge of the perceptions held by our customers.  Changes were needed to lessen the complexity and provide greater balance of the system.  For example, issuers were provided an Expedited Billing Dispute Form for fraud, while merchants were provided knowledge that an electronically generated and issuer-approved authorization at an attended terminal stopped the fraud chargeback.

When making chargeback changes, MasterCard considered customer input as well as the data available in authorization, to stop fraud during the authorization process.  Robust Cardholder Validation Methods (CVM) are available today that were unthinkable in the 1970s and 1980s, and integrate well with EMV and mobile devices.  Issuers can communicate with cardholders in real time at the point of interaction with text messages and phone calls due to the proliferation of mobile phones.  With all of these new technologies and CVMs, the necessity of maintaining the old fraud chargeback – based on an imprinter and floor limits – is no longer relevant.  While the old process is comfortable for many issuers, now is the time to ensure the process matches the technology available.

 

EMBRACING CHANGE

MasterCard will continue its effort to make every transaction more valuable by moving to ensure authorizations confirm the cardholder and reduce fraud.  In taking this step, the chargeback process will move from a recovery mechanism to an investigatory tool should questions arise.

Gone will be the expectation that a chargeback solely moves the loss from one party to another.  In its place will be the means by which the issuer and acquirer communicate on-behalf of their respective customers in an effort to ensure proper processing.

It’s a good step toward the future and puts the process we knew as Country Club Billing further into the past.