The PSD2 SCA rules came into effect across the EEA on Saturday 14th September. These SCA rules essentially introduce additional anti-fraud security steps to correctly identify a customer before certain types of remote payments are authorised and processed. However, as you may know, due to a lack of ecosystem readiness, the EEA regulatory authorities are allowing for an SCA “transition period”.
In this transition period, there are plenty of issues for merchants to work on. Sharing experiences, expertise and best practices are going to be critical. One interesting area to consider is the impact of SCA on chargeback rates. There is perhaps an assumption that if SCA reduces fraud, it will therefore also reduce chargeback rates. But there is more at play in the world of chargebacks. A recent report suggested that in the UK over the last 24 months, chargeback rates have climbed from 11% to nearly 23%. The reason is the rise in so-called friendly fraud – a chargeback category that SCA will have a mixed impact on. Let’s find out why.
Recap On The Chargeback Process And Reason Code Categories
A chargeback is a form of consumer protection and is essentially a payment reversal. It is typically triggered when a cardholder reports a problem with their card issuer. The issuer will then typically immediately refund their cardholder, and initiate a chargeback process according to card schemes rules. This involves the payment reversal request being communicated via the card scheme networks to the merchant's acquirer together with a reason code. The merchant acquirer is then obliged to return funds to the issuer and debit funds from the merchant's account. This will also include a fixed fine per chargeback. Moreover, the merchant’s all-important ‘chargeback rate’ - so closely monitored by schemes – is also negatively impacted. The reasons codes fall into one of four official chargeback categories as follows:
- Fraud – cardholder claims they did not authorise a transaction
- Authorisations – chargeback due to the merchant not following authorisation processing rules e.g. forced an authorisation
- Point of interaction error (POI) – chargeback due to merchant making other processing errors such as entering incorrect currency or transaction code
- Cardholder disputes – this is an important category which includes non-payment related reason codes such as Goods or Services Not Provided, Not As Described, Damaged or Defective as well as Cancelled Recurring Billing.
Amex also defines one further category for Inquiry/Miscellaneous which generally refers to requests for further information.
Under the card scheme rules, the merchant is obliged to review the reason code and respond to the chargeback by either accepting the chargeback or disputing it. To be successful in a dispute, the merchant must produce so-called ‘compelling evidence’. For example, in the case of a chargeback reason code 'unauthorised transaction', a proof will be required that the genuine cardholder participated in the transaction. The issuer will review the evidence and may decide to return the funds back to the merchant. Winning back revenue by challenging chargebacks with compelling evidence is the holy grail of merchant chargeback management. By overlooking this revenue win-back opportunity and simply accepting all chargebacks, many merchants leave considerable amounts of money on the table.
Reclassification Of Chargebacks To Identify Revenue Win Back Opportunities
When assisting a merchant to improve their chargebacks and win-back revenue, the first step is for us to perform a deep-dive analysis of the merchant's chargeback data. The objective of the analysis is to create transparency by identifying the root cause of the merchant’s chargebacks. This approach typically leads to a reclassification and an initial high-level view of which chargebacks are justifiable and the merchant should accept, and which are less justifiable and the merchant should consider challenging to win back their lost revenue. The reclassification is as follows:
- True fraud - These are cases of actual criminal fraud and are always ‘fraud’ reason coded. A fraudster has obtained payment card credentials by malicious means and successfully uses them to purchase a product or service from a merchant. The fraudulent transaction is subsequently spotted by the genuine cardholder who then informs their issuer that they didn’t authorize the payment. The result is a fraud reason code chargeback. As it stands the merchant is unlikely to win any dispute and they are advised to accept the chargeback. It’s worth noting that the merchant can achieve a liability shift to the issuer by voluntarily switching 3DSecure on.
- Friendly fraud - These are also ‘fraud’ reason coded chargebacks, but where it later turns out the cardholder made a mistake and they did indeed authorise the payment. There could be a number of reasons including simply forgetting the payment or not immediately recognising it. Or another family member has made a purchase - perhaps on the cardholder's device. Friendly fraud cases are responsible for a major driver in overall chargeback growth. They are on the rise because cardholders more frequently check their accounts via mobile banking apps and contact their issuer on the spur of the moment if they don’t immediately recognise the transaction. In contrast to ‘true fraud’, these are clearly not justifiable chargebacks, and these are opportunities for merchants to win back. Hence, merchants are advised to challenge the chargeback.
- Merchant error – The default position is that the merchant is unlikely to win a dispute and are advised to accept the chargeback. However, the frequency of merchant error chargebacks can all too often be radically reduced by basic changes in the merchant's internal processes – thus representing a significant cost-saving opportunity for the merchant.
- Chargeback fraud – This is a more complex category. Chargeback fraud is often hard to identify and can be reason coded as both ‘fraud’ and ‘cardholder dispute’. Chargeback fraud is in situations where the cardholder is deliberately abusing the chargeback system in an attempt to recoup the purchase cost while retaining the product or services rendered. Chargeback fraud typically involves a cardholder informing their issuer that either they did not authorise the payment – knowing that it's often hard to prove that they did. This is recorded as a reason code ‘fraud’ but it’s not ‘true’ fraud. Alternatively, they will claim that they did not receive the product or the product or service was received but was defective, damaged, or not as described. This is recorded as a reason code ‘cardholder dispute’. These are clearly not justifiable chargebacks, and there is an opportunity for the merchants to win back revenue but it can be difficult to prove. Merchants are advised to potentially challenge these chargebacks based on a case by case review.
Impact Of SCA On The Four Different Chargeback Classifications
In the post-SCA world, by default, the liability sits with the issuer rather than the merchant. The merchant is advised to share enhanced data via the 3DSv2 channels with the issuer so that the issuer can make a more informed decision as to the level of risk of each individual payment. If it's a low risk situation, then potentially the issuer will apply a Transaction Risk Analysis (TRA) exemption and the customer will not face a challenge and will have a so-called frictionless flow. If the issuer deems the risk not to be low, then the customer will face an SCA challenge. In all these cases, the issuer still has liability. So if the merchant does nothing and hands control to the issuer, then the merchant has no liability for any potential fraud and will consequently not receive chargebacks where the reason code is categorised under fraud.
However, many merchants will seek to participate in the application of TRA exemption via their acquirer who will apply the exemption on their behalf. In these situations, the liability shifts back to the merchant via their acquirer, and the risk of fraud related chargebacks is back on the table for the merchant.
The same applies to friendly fraud – where the cardholder has forgotten about a payment. If the merchant does nothing, then the liability sits with the issuer by default. The issuer will have to resolve the situation by themselves, and merchants can consequently expect a reduction in friendly fraud type chargebacks. But this only holds true if the merchant does nothing. If the merchant seeks to participate in the application of TRA or other permitted SCA exemptions, then the risk is back on the table. So depending on the merchant’s TRA strategy, SCA may have a large or small impact on the occurrence of fraud related chargebacks.
The chargeback fraud category is probably the one area of chargebacks where SCA will have a relatively limited impact. SCA should stymie the ‘I did not authorise the payment’s situation. But SCA offers merchants no protection against chargeback reason coded product not delivered or damaged, defected or not as described. These are events that take place after payment is made and SCA will have little impact on reducing chargeback fraud in this area.
The final chargeback category of merchant error is an interesting one. SCA may reduce some of these chargebacks as issuers.
Merchant errors may become less frequent as issuers tighten up the processing policies, and merchant error chargebacks will reduce. But the flip side of this is that issuer decline rates will simply go up. In effect, the issuer’s processing systems will not allow the error to be made in the first place, and will decline the transaction.
Conclusion – Managing Chargeback Risk With A Tactical SCA Exemption Strategy
So the impact of SCA on chargebacks from a merchant's perspective is a mixed picture, and depends a lot on the individual merchant’s SCA exemption strategy. If they allow the issuer to make exemption decisions, then they can expect a significant drop in certain types of chargebacks. If on the other hand, they seek to actively participate in the application of SCA exemptions, the chargeback risk is back on the table. The other major driver to reflect on is customer cart abandonment rates and whether a merchant can control this by more actively applying SCA exemptions. Possibly, there is a case for a tactical application of an SCA exemption. If for example, one particular issuer, is showing signs of stepping up to an SCA challenge more frequently than other issuers (in the exact same scenario setting), and due to greater check out friction, this issuer’s behaviour leads to a higher cart abandonment rates, then the merchant might consider developing specific processing logic to proactively apply the SCA exemption in these particular situations. Finally, where SCA may reduce lower merchant error chargebacks, it will lead to higher issuer decline rates. These situations may turn out to be far more costly for merchants since they more directly interfere with the customer experience.
The content of this article does not reflect the official opinion of Edgar, Dunn & Company. The information and views expressed in this publication belong solely to the author(s).
Martin Koderisch is a Former Principal in the London office. He has 20 years of experience as adviser and operator within financial technology industry with a focus on payments. He specialises in accelerating digital transformation of client businesses through industry expertise, data analytics, and fintech enablement. His approach seeks to bridge the gap between strategy and execution with hands-on delivery of value creation initiatives to achieve growth, control or operational efficiency outcomes. He previously held senior leadership roles within industry at Mastercard, Citibank and start up Luup Payments covering digital product innovation, operations, and commercial partnership development. He hosted and produced EDC's popular podcast ‘Leaders in Payments and Fintech’ podcast available on major podcast platforms.