Why penalising retailers won’t help fight fraud
Australia has finally got serious on its $478 million fight against credit card fraud. But the new regulations may not be the best outcome for those worst affected: retailers.
As repeated cyber breaches and attacks eat away at the profits of Australia’s long-suffering merchants, a new regulatory framework places more onus and cost on retailers through tighter authentication and tougher financial penalties for breaches.
Naturally, it’s fair that consumers are prioritised as they are most vulnerable to fraudulent attacks, but AusPayNet’s ruling fails to recognise just how much merchants’ fraud-busting tactics are already costing them — and in some cases, is more than the fraud itself.
Unveiled in July, the framework will impose financial penalties on both retailers and issuers for repeated attacks. These will be based on a 20 basis points breach trigger threshold that is backed up by a dollar limit of $50,000 in online fraud per quarter.
The $50,000 ceiling will undoubtedly create concern among online retailers which are the most hit by scammers using stolen card details, a major cost to their business. Coupled with research from Auta, which revealed 62 per cent of surveyed merchants reported false decline rates have increased over the past two years, for some merchants this must feel like a war on two fronts.
To avoid being hit by both fraud and regulatory penalties, it would not be surprising to see retailers become more zealous in their efforts to weed out the scammers. However, by doing so they face the short term costs of false declines and the potential long-term effects of genuine customers being left angry and disgruntled whose cards have been mistakenly flagged as suspect.
This is something merchants cannot afford to spiral, especially given another element of AusPayNet’s framework. If the merchant thresholds are breached for two subsequent quarters, the merchant will be compelled to perform multi-factor authentication on all transactions until their fraud rate falls.
Although not perfect, AusPayNet’s framework marks a significant milestone against CNP fraud, especially in terms of giving consumers greater protection. While for businesses the battle is far from over, there are a number of steps merchants can do to improve customers’ experience and mitigate the effects of false declines.
These include measuring consumers’ second purchase attempts after a false decline that do not result in a chargeback. This means merchants can assess whether it is likely or not that a false decline was behind the original transaction.
Merchants can also use control groups to understand what legitimate customer behaviour looks like compared to fraudulent activity, and they can fine-tune their fraud management accordingly.
Fraud prevention is no easy task, but merchants must review online payments internally or through a third party to protect their profits and reputations amid a landscape of tighter scrutiny and regulation in Australia.
There is a balance to strike with which merchants choose to prioritise you must, of course, consider the resources available to you. But if prevention becomes costlier than the effects, then surely it is worth it for any online retailer to take the problem seriously.