Payer Authentication – Problems as Usual

Posted on July 1, 2006 by Tom Mahoney

As some of you are aware, when Payer Authentication (Verified by Visa(R) and MasterCard’s SecureCode(R)) were in their infancy – if we can say that they aren’t still in that stage – I made the observation that banks were not going to readily assume liability for credit card fraud and would probably just change the chargeback reason codes to suit their needs. We now have anecdotal evidence that this has been the case in numerous situations.

I received the following piece of information about a week ago. It came through a third party with permission and the original source is reliable. “The concern regarding the issuing bank changing reason codes to downgrade a chargeback has been noticed by Visa and MasterCard. They recently sent us an update on the International Operating Regulations which will fine banks up to $50,000 who change the ECI of 06 or enter improper reason codes so that they do not have to cover the chargeback.” According to an attorney, this potentially places a direct liability on both Visa and the issuing banks because it amounts to a direct admission of a problem that they have refused to acknowledge in the past.

What all this means to the future of Payer Authentication, I don’t know. What I do know is that when the issuers change reason codes, they are committing fraud just as surely as the dirt balls that do the transactions.

About Tom Mahoney

Tom Mahoney is the Founder and Director of Merchant911, a site dedicated to helping e-commerce merchants.
This entry was posted in chargeback, e-Commerce, profit from fraud. Bookmark the permalink.
Post comment as
twitter logo facebook logo
Sort: Newest | Oldest
Leksus

I think chargeback initiated for "I don't recognize the charge" reason is actually a reason code 75 which in fact is covered. Check it here:
http://www.cardinalcommerce.com/Newsletter/Cardina...
However, there are rumors that Visa International recently downgraded all non-US transactions for US merchants from ECI06 to 07, which means no liability shift.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Merchant911

Extremely thin logic is still logic. The fact remains that Visa and MC saw the potential for the problem and, at least potentially, fixed it.

However it goes further than that. At merchant911.org several of our members have presented evidence that this has happened.

Remember there is a very fine line between "I didn't make the charge" and "I don't recognize the charge." The former is subject to VbyV block, the latter is not. The merchant may prevail on rebuttal, but the chargeback fees stick. That's what it's all about - getting the fees. $550 million give or take a few.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Rick

Your post implies that there is actually 'some' evidence of issuers changing chargeback reason codes to avoid fraud liability.

However it seems you are simply using circumstantial evidence (the presence of fines) to 'assume' that the fines must be there because the rules have been broken in the past. This is extremely thin logic.

If you examine how issuing bank call centers operate, you can understand how it is extremely difficult for them to defraud the payer authentication system.

A cardholder calls in to initiate a chargeback, claiming fraud, which is then categorized by the customer service operator as Visa Chargeback Reason Code 83. At this time, the operator does not know a) whether the cardholder is enrolled in Verified by Visa or b) whether the cardholder was shopping online at a website that was actively participating in Verified by Visa. The operator, an entry-level position, simply keys in the customers reason and goes on to the next call. Later, not in real-time, the chargeback is submittted to Visa for review, and it is at this time that transaction details are examined and it is determined that the Merchant was actively using VbV on their site and is not liable for the transaction. This then gets kicked back to the issuer. It is now impossible for the issuer to re-submit the chargeback under a different reason code, as an electronic paper-trail has been established that would expose this behavior. Consider also that US cardholder enrollment in VbV is only at about 3-5% overall. This would require a huge amount of effort on a relatively small population on cardholders to avoid liability.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like