The massive deluge of eCommerce is not without its drawbacks — more than $440 billion of drawbacks to put a number on it if you add up all the would-be purchases that get thwarted due to erroneous credit and identity screening.
Tim Sherwin, co-founder and CEO of CardinalCommerce, a Visa subsidiary, explained: “As fraud happens, that causes card issuers to ‘tighten’ their rules — and that leads to false declines. It’s just a never-ending vicious cycle,” he told Karen Webster.
That vicious cycle creates problems between merchants and issuers, denting top lines and, perhaps, any chance to cement loyalty and recurring revenues.
The declined customer then plays the blame game, said Sherwin, punishing all stakeholders. The individual may opt to go to a competitor — which hurts the merchant — and pull another digital card from their digital wallet, hurting the issuer’s business.
“That one little mistake at the point of transaction, and switching of the card, is a lost lifetime value of that customer,” said Sherwin.
False Threat > Actual Threat
We all may be focused on the card not present (CNP) fraud, but it turns out that false declines dwarf any damage wrought by actual fraud. As Sherwin noted, false declines were estimated at more than $440 billion, leagues above the roughly $8 billion seen in CNP fraud in the same period.
And, as he noted, having better information — holistic information, you might say — about the customer trying to transact could save issuers and merchants tens of billions of dollars.
But under standard operating procedures, the enterprises are flying blind. Consumers know, first hand, that critical data is often lacking on their monthly credit card statements. And the same holds for the issuers.
As Sherwin noted, the issuers see the transaction amount, the merchant and not much detail about the consumer.
They have to decide, within milliseconds, whether it’s a legitimate customer who is trying to transact — or whether someone has stolen a set of legitimate credentials and is trying to pass themselves off as a real customer.
Of those issuers, he said, “they really don’t have visibility into the important data and insights that would allow them to make great decisions.” As a result, more friction is introduced into the process, stopping consumers in their tracks and driving them to abandon their online shopping carts. Friction, of course, varies by market and can even be mandated. Sherwin noted that in India, issuers have to conduct a step up on each transaction after a certain volume threshold has been reached.
Minimizing the Step Ups
But in markets like North America, where step ups should, ideally, be minimal, those bits of information could include the IP address to give a sense of where transactions are originating and make sure the billing and shipping addresses match up.
On the merchant side of the equation, the data is indeed rich — they know details related to cards on file, whether someone has shopped with them before and even whether IP addresses are legitimate (with insight right down to the device level).
Those data points, such as e-mail and mobile numbers, never make it across the payment rails, so issuers do not have a context that can help build the models that can optimize decisions, driving higher approvals while reducing fraud.
Getting that data to the issuers is easier said than done. The transaction value system, said Sherwin, is a “complicated spider web of several entities,” from shopping carts at one end of the transaction to gateway, processor and issuers. Every incremental piece of data, he said, requires massive change throughout the ecosystem tied to how that information is collected, used and presented.
There’s no silver bullet, no single solution to get there, noted Sherwin.
But platforms such as Cardinal’s (and the Cardinal Exchange) have the proverbial plumbing in place to connect thousands of merchants and issuers on board — and, via Visa’s rails, facilitate real-time data collaboration. Cardinal’s Visa Consumer Authentication Service (or VCAS), combines Visa’s risk engine and EMV 3-D Secure (3DS) data to help issuers gain better insight into cardholders.
“We’re really trying to create an environment where we can take the best of knowledge and information and insights that we can get from the merchant side, get it over to the issuer, or take what that issuer knows about that cardholder and share that data to create the best possible decision,” he said.
The standardized protocol EMV 3DS (or the latest iteration of 3DS2) enables merchants and issuers to create a holistic view of the customer to streamline and improve the decisioning process (while improving on the friction that the initial 3DS protocol had introduced via increased step ups). He said the platform fosters collaboration and considers that merchants and issuers have different risk profiles for different types of transactions. And as Sherwin said, “we build trust into this network data sharing and continually improve results over time.”
As of June, more than 1.5 billion EMV 3DS authenticated transactions have occurred worldwide, and in North America, there has been a 35 percent decrease in fraud and an increase in approval rates by 110bps vs. non-3DS transactions.
In the months to come, said Sherwin (as merchants need to get ready for PSD2 SCA), step ups are decidedly more consumer-friendly in nature, he said, where users are prompted to use biometrics such as thumbprints or face IDs to authenticate themselves.
“We’re really looking at facilitating real time collaboration between issuers and merchants to reduce false declines that leads to better consumer experience.”