Stolen Credit Card Number Testing Increases 200 Percent in 2017 Proving eCommerce Fraud is set to Explode

Alarming new data from Radial warns retailers of the urgency to manage fraud without compromising revenue or customer loyalty.

01 May, 2017, 09:00 ET

KING OF PRUSSIA, Pa., May 1, 2017 /PRNewswire/ — Just released data from Radial’s leading eCommerce Fraud Technology Lab adds another alarming statistic for retailers to contend with when delivering a seamless customer experience. To date in 2017, data shows a 200-percent increase in credit card testing, a tactic used by fraudsters to test stolen credit card numbers with small incremental purchases before making large-dollar purchases on the card, compared to the same quarter in 2016. Fraud also is up 30 percent year over year, proving to already struggling retailers that this is just the beginning of online fraud in the post-EMV world.

Managing fraud continues to be a double-edged sword for retailers. Many either apply tools that over-reject orders, but in the process decrease their customer transaction approvals and lose valuable revenue in return. Or, retailers build their fraud teams in-house, which often lack the historical data and rules to catch subtle card testing tactics like the ones identified by Radial. Card testing leads to more eCommerce fraud as it’s easily identifiable when a retailer is allowing these types of fraudulent transactions through.

“Our data adds another alarming statistic for retailers who may be unprepared to manage fraud activity in eCommerce. We know fraudsters won’t stop looking for opportunities to monetize their stolen data and will even automate this process once they have a card that appears to be working,” said Stefan Weitz, chief product and strategy officer at Radial. “This results in quick, large volume purchases that leave retailers vulnerable.  When retailers miss card testing, they’re contributing to future card attacks. Fighting card testing is complicated, but can stop millions of unanticipated fraud attacks if tracked and managed efficiently.”

The fraud landscape is rapidly changing and presents pervasive and growing threats for eCommerce merchants. Radial’s Fraud Technology Lab and a team of data scientists use their robust fraud platform to uncover how trends in fraud can drive down retailers’ bottom lines and increase their risk. According to Radial’s analyses, since August 2016, the market segments of electronics, entertainment, jewelry, and sporting goods experienced the highest increases in online fraud during the 2016 peak season.

“Increasing revenue has never been more important for retailers. They cannot afford to be slammed with fees that stem from missing fraud activity and must count on each good order getting approved,” said Weitz. “More retailers claim they are combatting fraud, but underestimate the other areas they’re endangering – like revenue and customer loyalty – when they don’t use the types of data sets Radial has to increase transaction approval and take on full liability of combatting fraud.”

About Radial

Radial is the leader in omnichannel commerce technology and operations, enabling brands and retailers to profitably exceed retail customer expectations. Radial’s technical, powerful omnichannel solutions connect supply and demand through efficient fulfillment and transportation options, intelligent fraud detection, payments, and tax systems, and personalized customer care services.

Hundreds of retailers and brands confidently partner with Radial to simplify their post-click commerce and improve their customer experiences. Radial brings flexibility and scalability to their supply chains and optimizes how, when and where orders go from desire to delivery. Learn how we work with you at www.radial.com.

Visa Stored Credential Transaction Mandates 2017

Whether you use token billing or have been considering it, all businesses storing credit cards are impacted by Visa rules updates. Visa has published multiple updates about requirements for its Stored Credential Transaction framework, including mandates to identify initial storage and subsequent usage of payment credentials.

If your business stores credit cards, including a 3rd party payment gateway or any software, you’re impacted. Merchants should not assume that any software or technology in their payment processing ecosystem is automatically updated and compliant. To the contrary, there are specific items that merchants will need to take action to implement. Now is the time to learn more and make a plan. While some businesses were impacted in April, most have until October 14, 2017 to comply.

Visit the Visa USA web site for more information; Visa Merchant Business News Digest. PDF download: Advance Copy of Rules for Stored Credential Transaction Framework REGIONS: US, AP, Canada, CEMEA, LAC, Europe, 15 JUN 2017.

##

TIP: All card brands have their own spin but frequently have similar rules. Need help to get compliant? Contact Christine Speedy to learn more about solutions for your business that are quick and easy to adopt, increasing efficiency and growing profits virtually overnight.

VISA FRAUD DISPUTE RULES CHANGES IMPACT CARD NOT PRESENT

April 5, 2017—This alert contains critical information regarding new and revised Visa card acceptance rules effective now and coming in the future for merchants. Business to business companies may be at higher risk of associated chargeback losses or declines due to the average size of order. Effective April 22, 2017, Revisions have been made to split the “Other Fraud” Dispute condition under Enhanced Dispute Resolution into separate conditions for Card-Present and Card-Absent Transactions, and to incorporate changes to the payment flow related to Disputes.

Christine’s Analysis: Merchants need to support both EMV chip for Card-Present and Verified by Visa for card not present. Verified by Visa is their brand for 3-D Secure, a global security protocol for cardholder authentication across all card brands. For example, a  cardholder might be asked to enter a PIN number or answer some other type of authentication question. Cardholder authentication for Card-Absent Transactions shifts liability for “it wasn’t me” disputes to the issuer. This card-absent cardholder authentication process requires cardholders self-initiate payments, eliminating collecting card numbers via phone or paper credit card authorization forms. Merchants are rewarded for using cardholder authentication with reduced interchange rates and increased approvals.

Christine’s TIP: Per Visa rule 5.4.2.5, a US merchant or its agent must not Request the Card Verification Value 2 data on any paper Order Form. Replace paper forms with digital, PCI Compliant forms and online payment solutions with cardholder authentication ASAP.

Online payment solutions include a hosted pay page like the one shown below.

hosted paypage online payments

A hosted pay page empowers customers to make secure payments online using a 3rd party provider (Payment Gateway also known as a Payment Facilitator.)

Other solutions include pushing out payment requests, such as via a text or email. electronic invoice presentment and payment eippWith new and revised rules impacting the entire payment ecosystem including issuer, acquirer, gateway, merchant, and potentially other software like ERP’s and ecommerce shopping carts, merchants should verify all parts their payment ecosystem supports them. Desktop terminals are not capable of supporting all the rules for card absent needs; a cloud-based payment gateway is required whether non-integrated, or integrated ecommerce shopping cart, ERP or other software.

Does your online payment solution support Verified by Visa, or do you need a solution? Contact Christine Speedy at 954-942-0483 for a fast and easy solution, compatible with your existing credit card processor.

Hotel credit card authorization form 2017 change

Hotel and lodging industry must update best practices due to 2016 and 2017 changes in Visa and MasterCard rules. Cardholder authentication and multiple authorization indicators are two key components of change. Hotels that comply will maximize profits and security. Noncompliance will result in higher credit card acceptance fees due to penalties, increased declines, reduced profits, and new chargeback risk.hotel credit card authorization formFor those still using paper credit card authorization forms, few are in compliance with Visa Core Rules 5.4.2.5 Prohibition against Requiring Cardholder or Account Data – US Region.

“A US Merchant or its agent must not: Request the Card Verification Value 2 data on any paper Order Form.”

Authorization validity is front and center to the 2017 rules changes. Merchants used to get and authorization, and settle it later at checkout. Now merchants must send the correct transaction types and link them all together with a unique identifier:

  1. The ESTIMATE (Visa) or UNDEFINED (MasterCard) indicator is sent when the final settlement amount is unknown. The customer must be informed that it is an estimate as well.
  2. INCREMENTAL authorization is obtained when the original authorization expires or to increase the amount on hold.
  3. Final Authorization says this is the final transaction.

TIP: Merchants need 3-D Secure (Verified by Visa, MasterCard SecureCode), a global cardholder authentication standard for card absent transactions, to maximize profits and compliance for card not present transactions, which is only available with customer initiated transactions: hosted pay page, digital payment request, online booking. Paper forms don’t create a digital record tied to the credit card, and cardholder authentication is not possible, as defined by the card brands. It’s also not possible to comply with the rule by key entering data into any desktop terminal.

The unique transaction transaction identifier can be a point of breakdown in the process. For example, the events manager obtains a paper credit card authorization form. The first charge is a deposit; the second charge is at the end of the event; a third charge occurs after assessing damages to a room. In each case, the amount is key entered into the payment processing terminal. Since there is no transaction identifier tying them all together, the authorizations are invalid and the ISSUER is within their rights to chargeback for invalid authorization, example Visa reason code 72.

There are so many nuances to the rules, and changes needed in the payments ecosystem, hotels should not assume existing partners have completed the required updates to comply. Technology that can automatically manage the authorization and settlement process- not the old way, but with all the new rules changes- requires a sophisticated payment gateway. Like EMV, there will be vendors that struggle to adapt.

For compliant solutions that can be used standalone or integrated, improving your customer experience, contact Christine Speedy, 954-942-0483.

Reference materials:

  • MasterCard® Pre & Final Authorization Mandate by CyberSource, December 2016.
  • Visa Core Rules October 2016.
  • MasterCard Revises Standards for Processing Authorizations and Preauthorizations by Vantiv December 2016.
  • MasterCard Transaction Processing Rules, November 2016.

See merchant bulletins – downloads for links to many resources.

Visa and Viewpost to Accelerate Electronic Bill Payments for U.S. Businesses

Partnership to Simplify B2B Payments with Visa Virtual Credit Cards

SAN FRANCISCO & ORLANDO, Fla.–(BUSINESS WIRE)–Mar. 28, 2017– Visa Inc. (NYSE:V) and Viewpost®, a secure B2B network for electronic invoicing, payments and real-time cash management, today announced an exclusive partnership to bring electronic business payments to Viewpost’s small to medium-sized business clients (SMBs). By using Visa virtual commercial cards through their participating financial institutions, SMBs will increase automation, convenience and security for their B2B transactions.

Viewpost’s SMB customers will be able to benefit from Viewpost electronic payment capabilities and the use of a secure, one-time Visa virtual account number. When a virtual card payment is made through Viewpost, the supplier will receive a one-time virtual account number for posting funds to its merchant account. Viewpost will then deliver data-rich remittance information to both businesses, such as, paid invoices, the amount paid and the due date. If a supplier does not accept virtual commercial card payments, an invitation can be extended through a proprietary automation method, which makes enrollment quick and simple.

“Providing access to simple, secure working capital solutions for SMBs is a critically-important focus for our business,” said Vicky Bindra, global head of products & solutions at Visa Inc. “Our collaboration with Viewpost gives SMBs comprehensive financial management tools in a single portal – right where they bank. We are thrilled to partner with Viewpost and make our customers’ lives easier by significantly reducing time, cost and friction around payment, so they can focus on what is most important – managing and growing their businesses.”

As a trusted, open B2B network available to businesses of all sizes, Viewpost gives financial institutions the tools that enable SMBs to connect and exchange electronic invoices and payments, share transaction data and access working capital on demand with unprecedented ease and visibility. Visa’s partnership with Viewpost will help financial institutions in the U.S. bring to market a fully integrated and optimized SMB finance management solution that seamlessly integrates with their online banking site.

“We’re excited to partner with a renowned brand and payments technology leader like Visa,” said Max Eliscu, CEO at Viewpost. “This partnership accelerates our ability to address costly pain points in the multi-trillion-dollar B2B payments ecosystem1 while also, and perhaps most importantly, bringing flexibility, cost savings and simplicity of payment to the massive and underserved small business marketplace.”

“According to our 2016 Small Business Payments and Banking Survey, over two thirds of respondents indicated they preferred to pay bills through online banking tools, rather than a supplier’s website,” said Ken Paterson, vice president of research operations, Mercator Advisory Group. “The Visa/Viewpost partnership promises to offer a seamless integration for banks who are looking to enable their customers to have one centralized destination for all of their corporate payment needs.”

About Visa Inc.

Visa Inc. (NYSE: V) is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable electronic payments. We operate one of the world’s most advanced processing networks — VisaNet — that is capable of handling more than 65,000 transaction messages a second, with fraud protection for consumers and assured payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, pay ahead of time with prepaid or pay later with credit products.

About Viewpost

Viewpost North America is revolutionizing the way businesses transact with each other. Viewpost built the most trusted open business network to empower businesses of all sizes with real-time cash management for anytime operating decisions. On the secure Viewpost network, companies connect and exchange electronic invoices and payments with unprecedented ease and visibility, accessing working capital on demand. Enterprise clients are using Viewpost to cut costs, increase efficiency and improve cash management, including Accenture, Florida Hospital Medical Center, Georgetown University, the Orlando Magic and Whole Foods Market. With enterprise-grade security, including ISO 27001 and SSAE16 audited certifications and the TRUSTe Privacy Seal and Skyhigh CloudTrust Enterprise-Ready Rating, Viewpost is partnering with financial institutions to bring cash management tools to business customers at U.S. Bank, Bank of America and Fifth Third Bank. Viewpost innovation has been awarded Best in Show by Barlow Research, Best CISO/CSO by FireEye Cyber Defense Summit, CSO50 Award (four-time honoree) by IDG’s CSO, and Best B2B Payments Platform by Tradestreaming. Since Viewpost was opened to the public in early 2015, the total invoices presented and payments processed has reached $71.4 billion across the network. Founded in 2011, Viewpost is headquartered in the Orlando area with additional teams in Boston, Minneapolis and San Francisco.

1 Source: Accenture, https://www.accenture.com/us-en/~/media/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Industries_5/Accenture-FS-Payment-Services-Corporate-Payments-PoV.pdf

Source: Visa Inc.