In our previous blog “Understanding Chargeback Fraud: Insights and Prevention Strategies” , we covered the concept of fraud chargeback and its impact on your business. We explored various authentication indicators, such as the Electronic Commerce Indicator (ECI) and Universal Cardholder Authentication Field (UCAF), which are crucial in managing and preventing chargebacks. We also discussed comprehensive strategies and the role of advanced risk systems in mitigating these fraud risks, ensuring a more secure and profitable e-commerce environment. In this blog we do a deep dive on fraud reporting.

Fraud reporting is a critical process in maintaining financial integrity and combating fraudulent activities. When a consumer reports a suspicious transaction to their issuer, it alerts the bank to potential fraud. This can lead to the transaction being flagged for further investigation. In this context, the charge is not reversed, and the merchant keeps the collected funds because the fraud liability lies with the issuer.

Importance of Fraud Reporting

Even though the charge cannot be reversed as the fraud liability is with the issuer, fraud reporting plays a vital role in protecting businesses from financial losses and reputational damage. It ensures that fraudulent activities are detected early, investigated thoroughly, and addressed appropriately and that a platform is not misused for carrying out fraudulent activities. Moreover, it helps organizations stay compliant with legal and regulatory standards, thereby avoiding potential penalties and enhancing their credibility.

Fraud Reporting Cycle

Risk Engine

The primary goal of a risk engine is to block as many fraudulent transactions as possible while minimizing the impact on genuine transactions. This requires balancing the detection of fraud with the prevention of false positives. False positives occur when legitimate transactions are incorrectly flagged as fraudulent. This can inconvenience customers and potentially harm business relationships. Therefore, minimizing false positives is crucial to maintaining customer satisfaction and trust.

Reporting Process

1. Cardholder Notification: When a transaction occurs, the cardholder receives a message. If the transaction is fraudulent, the cardholder reports it to the issuer.
2. Issuer Action: The issuer records the fraud report. The data from such fraud reports is shared with the card networks (Visa and Mastercard) at predefined intervals.
3. Network Analysis: The networks analyze the fraud data and send it to the acquirer, who in turn sends it to the aggregator and their technology service provider. This serves as a heads-up about fraud and a call for optimizing risk engines accordingly.
4. Tracking and Monitoring: Networks track the fraud-to-sales ratio on a merchant’s platform. If a certain threshold is breached, early warning signals are issued. Merchants are given three months to optimize their risk engines. If the threshold is still breached, penalties are imposed, and continued high ratios can lead to merchant deactivation.

Major Card Networks and Fraud Reporting

Visa

Visa operates a sophisticated fraud prevention system known as Visa Advanced Authorization, which monitors transactions in real-time for suspicious activity. Visa encourages merchants and financial institutions to report fraud through its Visa Fraud Monitoring Program (VFMP). This program helps track fraud trends and provides insights to improve fraud prevention strategies.

Mastercard

Mastercard’s fraud detection and reporting framework includes the Mastercard Fraud Alert Management (FAM) system. This system enables issuers to report fraudulent activity and receive alerts about potential fraud threats. Mastercard also uses Electronic Commerce Indicators (ECI) and Universal Cardholder Authentication Field (UCAF) values to indicate the level of authentication and fraud prevention measures applied to transactions.

Role of ECI and UCAF in Fraud Reporting

Electronic Commerce Indicators (ECI) and Universal Cardholder Authentication Field (UCAF) play a crucial role in the context of fraud reporting for online transactions. These indicators are used to determine the level of security applied to a transaction and whether the transaction is eligible for liability protection.

ECI 5 and 6 for Visa: An ECI value of 5 indicates a fully authenticated transaction, providing liability protection to the merchant. An ECI value of 6 indicates an attempted authentication, which may still offer some level of liability shift protection. Transactions under these ECIs are typically raised as fraud reports when fraudulent activities are detected.

UCAF 1 and 2 for Mastercard: UCAF values indicate whether the merchant supports UCAF data collection. A UCAF value of 1 means the merchant supports UCAF, but the data was not present in the authorization message. A value of 2 means UCAF data was collected and present. These values help determine the level of fraud protection and reporting requirements.

Amex SafeKey and Discover ProtectBuy

American Express

American Express emphasizes fraud prevention through its SafeKey technology, which adds an additional layer of security to online transactions. The company’s Fraud Protection Guarantee ensures that cardholders are not held responsible for unauthorized charges, and it has a dedicated fraud reporting hotline for immediate assistance.

Discover

Discover provides several tools for fraud prevention and reporting, including the Discover ProtectBuy service, which helps authenticate online purchases. Discover also has a robust fraud monitoring system and encourages cardholders to report any suspicious activity immediately via their customer service channels.

Measures to Mitigate Fraud

A good payment service provider is crucial for businesses as it ensures secure, efficient, and seamless transaction processing. By offering advanced fraud detection, customized risk management, and effective chargeback handling, a reliable provider helps protect against financial losses and enhances customer trust, ultimately contributing to business growth and stability.

How your Payment Service Provider (PSP) can help with fraud prevention:

Pattern Analysis: When fraud reporting data is received, your PSP can conduct a thorough analysis to identify patterns. If any patterns are found, those credentials are blocked to prevent further misuse, protecting your business from repeated fraud attempts.

Focus on High-Risk Areas: Your PSP can work with your internal teams to provide special attention to high-risk areas such as resalable goods, quick delivery services, foodtech companies, and online travel agencies (OTAs). They can implement more stringent fraud prevention measures tailored to these sectors.

Advanced Fraud Detection Tools: A PSP utilizes advanced fraud detection tools to identify and prevent fraudulent transactions in real-time. These advanced tools prevent fraud that is targeted through fraud strategies such as BIN attacks, distributed fraud attempts with differentiated device fingerprints, account takeover and behavioural analysis. These tools become key to use the fraudulent user data and block these unwanted elements and terminate their accounts to prevent future fraud attempts.

Machine Learning Models: A state-of-the-art PSP leverages machine learning models to continuously refine the fraud detection system and adapt to evolving fraud patterns. Different business models, such as food delivery, quick delivery, and restaurant booking platforms, require tailored fraud prevention strategies. Specific AI models and rules should be applied to address the unique fraud vectors associated with each business type.

Fraud Vector Identification: Your PSP employs a fraud screening system capable of providing specific features for different businesses. For example, they can identify and protect against enumeration attacks in food delivery services and first-party fraud in quick delivery services. Tailoring the risk engine to address these distinct fraud vectors helps safeguard merchant assets effectively.

Customized Risk Profiles: Your PSP can work closely with your business to develop customized risk profiles that consider factors such as transaction volume, customer location, and payment method. These tailored profiles help in accurately assessing the risk associated with each transaction.

Risk Scoring: Your PSP can assign transaction risk scores to identify potentially problematic transactions. These scores can be used to make automated decisions regarding the acceptance or decline of transactions, thereby improving efficiency and reducing the risk of fraud.

Chargeback Management: Your PSP can assist in managing chargebacks by providing actionable insights and data for dispute resolution. They can integrate fraud reporting into the risk engine and ensure that fraudulent accounts are promptly reported and blocked. This proactive approach helps in minimizing the impact of chargebacks and maintaining financial stability.

By leveraging these strategies, a reliable PSP can significantly enhance your fraud prevention efforts, allowing you to focus on growing your business while ensuring financial security.

In a nutshell…

Implementing a robust fraud reporting system is vital for safeguarding your business against fraud. By establishing clear reporting channels, maintaining comprehensive documentation, and collaborating with authorities, businesses can effectively combat fraud and protect their assets. Regular training, the use of advanced technology, and fostering a culture of integrity further enhance the effectiveness of fraud reporting programs.

At PayGlocal, we strive to empower our merchants to navigate the maze of the fraud world effectively. Currently, we maintain a false positive rate of less than ~0.1%, meaning that out of every 1,000 transactions, only one legitimate transaction might be incorrectly flagged as fraudulent. This low rate demonstrates our commitment to both security and customer service.

To learn more about how PayGlocal can help you optimize your fraud prevention strategies, please reach out to us at [email protected].