Trends & Tactics

EMV Will Crush Card Fraud, Survey Says

It’s bad news, and maybe good news, for businesses accepting credit and debit cards.

Some 43% of businesses report they were exposed to card fraud in 2013, a whopping rise of 14 percentage points from 2012, according to the latest annual fraud survey from the Association for Financial Professionals, released early last month.

Nonetheless, survey respondents are remarkably optimistic about the Europay-MasterCard-Visa (EMV) chip card standard, with 92% predicting the standard will dramatically reduce or somewhat reduce card fraud.

Despite the spike in attempted or actual card fraud last year, checks remain fraudsters’ favorite vehicle, though the number of businesses subjected to check fraud declined, from 87% in 2012 to 82% last year, according to the survey.

Researchers at the Bethesda, Md.-based AFP, which has surveyed its membership about fraud every year since 2005, say the card-fraud result for 2013 was especially surprising and may indicate criminals are acting quickly to take advantage of the U.S.’s mag-stripe-based card system before the arrival of EMV chips, which are widely seen as more secure.

“We are seeing quite a dramatic increase here,” says Magnus Carlsson, manager for treasury and payments at the association. “Previous to this, [card fraud] has been fairly flat, so this [increase] is trend-breaking.”

Fraudsters are moving away from checks to exploit current vulnerabilities in cards, Carlsson says. “We kind of lack the security measures that are common overseas [like EMV],” he adds.

The nation’s card networks have set an October 2015 deadline for card issuers and merchants in the U.S. to convert to EMV. Those that aren’t capable of handling EMV by that date will be responsible for counterfeit card fraud.

The AFP survey shows businesses are sanguine about the arrival of EMV, expecting investments they make in new equipment to pay off in reduced fraud losses. Some 22% of members that accept credit and debit cards expect their investments to have a “significant” impact on fraud, while half expect “some” impact.

Asked about the effectiveness of EMV, only 8% said it would not reduce their levels of fraud. Carlsson expects many among the 50% in the “some impact” camp will move to the “significant” column next year as the liability shift draws nearer.

As for other payment methods, the automated clearing house experienced a mixed bag, with fewer companies reporting fraud exposure on ACH debits (22% vs. 27% in 2012) but slightly more saying they saw attempted or actual fraud on ACH credits (9% vs. 8%). Wire transfers also showed an increase, with 14% reporting fraud exposure vs. 11% in 2012.

For all payment methods, members reporting attempted and actual fraud fell to 60%, the lowest number seen since the survey’s first year.

Interestingly, businesses sustain actual dollar losses in relatively few cases of fraud. Indeed, for 2013, some 70% of those reporting fraud exposure said they had suffered no losses at all. At the same time, the costs to defend against fraud, and “clean up” in cases of actual fraud, are relatively small in most cases. Forty-two percent reported no costs at all, while another 47% said their costs were less than $25,000.

For its “2014 Payments Fraud and Control Survey,” the AFP received 449 responses, with 318 coming from member companies and the balance from corporate finance executives with non-member companies. Half of responding organizations receive payments mostly from consumers or from a mix of consumers and businesses.

—John Stewart

Get Ready for Son of FANF, Due in a Year

Remember Visa Inc.’s controversial fixed acquirer network fee (FANF)? Many acquirers and merchants can hardly forget it, and now Visa is making changes to it. The new terms are scheduled to take effect 12 months from now, according to sources who have seen the changes.

A bulletin Visa circulated last month to acquirers indicates the modifications to the 2-year-old FANF are aimed chiefly at very small merchants and at aggregators, acquirers that sign up micro-merchants for card acceptance and allow them to use the acquirer’s merchant account, the sources say.

While much of the FANF fee structure is apparently left untouched, the changes will require enough system reprogramming at acquiring operations, sources say, that Visa felt it necessary to give everyone a year’s head start.

The Visa bulletin, some details of which were obtained by our sister publication Digital Transactions News, introduces two new rate tiers, both for small merchants. The new lowest tier, for merchants with monthly Visa volume of $200 or less, carries no fee. The next lowest, also new, ranges from $201 to $1,249.99 and carries a fee of 15 basis points (0.15%) rather than the fixed fee that attaches to all other FANF tiers.

These new tiers replace the existing three lowest tiers in the FANF schedule for card-not-present merchants, aggregators, and fast-food restaurants. But it is also included in a separate FANF schedule for card-present merchants that is otherwise geared to the merchant’s store count rather than its monthly dollar volume.

Physical merchants that fall into either tier will be subject to the new, volume-based rates. These merchants are not likely to operate more than one store, which is the lowest existing tier in the card-present schedule.

The other big change is that aggregators will be required to report their merchants as separate tax identification numbers, rather than reporting them under a single tax ID. This could result in a higher or lower monthly fee for aggregators, depending on how the fees for individual merchants add up. Currently, the monthly fee for card-not-present merchants, aggregators, and fast-food restaurants is capped at $40,000 for monthly volume of $400 million and up.

This change is also likely to require considerable system work for aggregators and their processors, which starting next April will have to track volume and compute fees for merchants individually rather than collectively.

The new volume tiers could benefit some small merchants considerably. For example, an online seller whose volume amounts to $1,200 monthly will pay $1.80 per month under the new pricing, compared to $7 under the current rates. An even smaller card-not-present merchant will pay nothing in FANF fees for sales of $200 per month, versus $5 today.

Visa would not make the bulletin available to Digital Transactions News, calling it “confidential.” In a statement, the network said: “Visa continuously monitors our business and makes adjustments to our pricing as necessary based on market dynamics. As such, Visa is introducing select changes to its Fixed Acquirer Network Fee (FANF) structure, including modifications that are designed to lower–or in some cases, eliminate–FANF on volume from small merchants with less than $15,000 in annual Visa gross sales.

“We feel these changes could also serve to expand Visa acceptance among small businesses. While eliminating the fees for smaller retailers, Visa is also making other adjustments to FANF to improve the alignment of these fees whether a merchant connects to Visa through an acquirer, processor, payment facilitator or other party.”

Visa introduced FANF in April 2012 in response to new debit card routing flexibility handed to merchants under the Durbin Amendment to the 2010 Dodd-Frank Act. Under the new law, merchants must have a choice of at least two unrelated networks.

To encourage merchants to concentrate their credit and debit card volume with Visa, the network structured FANF’s fee schedules so that, within any given volume tier, merchants pay less per transaction as they add stores and volume. When they grow large enough to jump to the next tier, they incur a higher fee but can bring their per-transaction cost down by adding yet more volume (“What’s This FANF Thing All About?” September 2012).

The new set of network fees provoked controversy among merchants, many of which complained about the new cost coming on top of interchange costs and what they perceived as a lack of information about the fees. Unlike interchange, which is set by the networks but collected by card issuers, FANF revenues go to Visa.

—John Stewart

NACHA’s Test To Reduce Bill-Pay Bloopers

NACHA last month unveiled a program that will convert erroneous electronic bill payments that otherwise would go through as paper checks into automated clearing house transactions, with a new field for the biller to enter corrected information for the originator.

The ACH oversight body already has three participants in the effort it calls the Bill Payment Exception (BPE) Mitigation Opt-in Program, and is seeking more among the ranks of billers, biller service providers, financial institutions, and payment processors.

The first test companies are large credit card issuer Capital One Financial Corp.; telephone company Verizon Communications Inc., and iPay Solutions, a bill-pay processor owned by Jack Henry & Associates Inc.

The effort is aimed at greatly reducing errors on bill payments originated on online-banking sites. Such errors, which often involve incorrect biller account numbers, cost industry nearly $800 million a year to resolve.

The incidence of such errors is increasing along with electronic bill pay, but the error rate also is rising, according to Robert Unger, senior director, e-billing and payments, at Herndon, Va.-based NACHA.

Some 0.51% of ACH bill-payments coming through third parties such as bank Web sites produced exceptions, according to data NACHA released in 2012, but Unger says the true rate likely is much higher. One sign: nearly 8% of bill payments sent to lockboxes generate exceptions; many of these were originally ACH bill payments that had to be converted into paper checks when an error was detected, yet the check also triggered an exception because of an account-number mismatch.

In a successful bill payment on a bank Web site, the consumer’s bank as payment originator uses biller databases to verify a bill’s account number. Such screens typically use so-called “account masks” to ensure the account number provided by the consumer conforms with the biller’s internal logic for generating such numbers. If the bank’s screen passes muster with the biller’s editing process, the electronic payment is sent to the biller.

If the data fail the edit, the biller is likely to receive a paper check from the bank under a process known as “drop to check.” Consumers often enter account numbers incorrectly because of typing errors or failure to note a new account number.

For example, if a telephone customer adds a new service, the account number could change, says Unger. “The billers have different kinds of practices that mess people up,” he says.

Under the new BPE process, a suspect account number that would otherwise cause the payment to drop to check would go through electronically as an ACH credit transaction known as customer-initiated entry, or CIE. The transaction would include an 80-character addenda field for the bank to transmit information about the payer, such as address or “anything the originator can provide to the biller to help the biller research the problem,” says Unger.

After the biller posts the payment, the biller would return corrected information to the originator via a so-called NOC/CO9 (notice of change) transaction. That process is intended to prevent re-entry of the same incorrect data in future transactions from the same consumer.

Unger says the bill-pay test has three likely outcomes: continuation as a voluntary initiative, discontinuance if the trial fails, or conversion into a mandatory program, which would require a rules change.

“Once we have a good mass up and running [in the test] we would probably run it for a year, year and a half to get some good metrics,” he says.

Steve Hooper, senior vice president of payment strategy at iPay, says 20% of iPay’s payments to billers go out as checks. Processing the NOCs will require back-office changes, but he expects the BPE program’s returns will more than offset the costs. “A little bit of pain is definitely going to be worth it in the long run,” Hooper says.

NACHA began shining the spotlight on bill-pay exceptions in 2012 with the release of a major study by Blueflame Consulting LLC (“Bill Pay’s Costly ‘Sausage Factory,’” June 2012).

—Jim Daly