The Invention of Lying: ”It’s a great flick if you haven’t seen it. I think it captures the reality of today’s payment landscape. Those who make the rules, do so in the perceived environment of the consumer being truthful.
This mindset is apparent when examining the rules and regulations for the ACH network. The rules are very clear with everything they define. However, there is one element of a transaction for which there is no accountability. This oversight would be the person who enters the transaction information into the website.
I think there are some very simple things that can be done to start to address the issue without putting more burden on the merchants while still being reasonable to the interests of the rest of the stakeholders.
At first glance you would not notice this oversight because the rules are very clear that a payment transaction has the following parties: a receiver (consumer), an originator (merchant), an ODFI (the merchant’s bank), an operator (Federal Reserve), an RDFI (the receiver’s bank) and a receiver (the bank account holder). Can you see it now? I’ll give you a hint: receiver is there twice. Yes, the receiver is both the consumer and the account holder. This initially seems reasonable. In what society would someone who does not have signing authority on an account use that account information online? It just wouldn’t happen in this day and age, would it? Nah, I don’t think so … well, perhaps once in a while but not at any rate that would really be worth considering for further examination, right? WRONG! This is a known issue that just keeps getting ignored and as a result, keeps getting worse.
In my search for any indication that someone has investigated this problem, I came across a few items that we should not ignore.
The first item is a survey that was published in the Journal of Marketing in October 1978. The title of this publication is “Fraudulent Behavior of Consumers. The other side of fraud in the marketplace: consumer-initiated fraud against a business.” This survey was conducted in an era during which consumers were mainly transacting in a face-to-face environment. The ACH network was only four years old and there were very few, and closely controlled, transactions flowing through its network.
The article started out by framing the annual cost of retail-level fraud by consumers. They reported that annually fraudulently cashed checks totaled at least $1 billion; fraudulent redemption of coupons was worth $100 million; store losses due to shoplifting translated into a $150 tax per family passed on through higher prices, and because of these abuses, business spent $2 billion on store security. It is important to remember that these figures represent values from 35 years ago. Using http://www.dollartimes.com/calculators/inflation.htm let us determine that only using the rate of inflation to get today’s values you would simply multiply each of those figures by 3.63. Astounding numbers, even without considering the natural growth of consumer initiated fraud.
The survey looks at 15 different fraudulent situations but I chose four as representative of the mindset and opportunity afforded the consumer in an online environment.
I chose “shoplifting” because that is a consumer stealing, with no attempt or intention to pay. We see this everyday in the news concerning people downloading copyrighted content for free. I chose “using a worthless check” because this represents people knowingly using a payment instrument that will fail. This is also an interesting one because, for the most part, this act is a criminal offense. “Dishonest coupon use” was defined as people handing coupons over to the check out that contained coupons for items they did not purchase. “Invalid warranty claims” were knowingly making a warranty claim for an item out of warranty. These last two I equate to consumers who knowingly state to their bank or a merchant that they did not authorize a transaction as well as those consumers who claim both fraud and a refund to make some money on their double dip.
One of the aspects investigated was people’s attitude toward various fraud situations. Shoplifting .9 percent said it is NOT wrong and another .8 percent said it is not serious. In terms of using a worthless check 1.7 percent said it is understandable and 13.1 percent said it is not serious. Dishonest coupon use had 2.6 percent state it is not wrong, another 29.3 percent saying it is not serious. Invalid warranty claims sat at 1.4 percent not wrong, 9.7 percent understandable and 36.1 percent saying it is not serious.
The survey then asked respondents to evaluate the situations from the behavior of their friends. The respondent selected either most of the time, once in a while, very seldom and never. The results for shoplifting were 9.5 percent most of the time, 1.7 percent once in a while. Using a worthless check had 7 percent most of the time and 9.5 percent once in a while. Dishonest coupon use scored 7.8 percent most of the time and 18.9 percent once in a while. Invalid warranty claim sat at 22.2 percent most of the time and 34.7 percent once in a while.
Finally the survey asked respondents about what they perceived as appropriate actions related to each of the situations. The potential responses were management should: do nothing, take preventative action, give warning or notify authorities. Related to shoplifting, 1.7 percent responded do nothing, 0 percent take preventative action, 59.5 percent said give warning. Using worthless check rated .9 percent do nothing, 6.1 percent take preventative action, 60 percent give warning. Dishonest coupon use posted results, 2.6 percent do nothing, 6.9 percent take preventative Action, and 26.7 percent give warning. Invalid warranty claim reported, 2.8 percent do nothing, 13.9 percent take preventative action and 29.1 percent give warning.
I encourage you to read the entire publication as it really does investigate and evaluate the issue of consumer initiated fraud.
Another mention of consumer initiated fraud was found in this paper published by the Philadelphia Fed http://www.philadelphiafed.org/consumer-credit-and-payments/payment-cards-center/publications/discussion-papers/2002/fraudmanagement_042002.pdf, In November 2001, The Philadelphia Federal Reserve office hosted a workshop on fraud management in the credit card industry. This report detailed various aspects of fraud and not just the consumer initiated fraud that a merchant receives. There are a couple paragraphs out of this publication that I want to share.
“In the Internet world there is no such connection. The order flows anonymously from a computer that can be located anywhere with no ability for the merchant to authenticate that the card number presented is associated with the actual cardholder. At this point there is no authentication system that has been generally adopted by all parties (credit card associations, issuers, merchants and consumers). Smart cards used with readers attached to computers offer one possible solution; but to date there has been little interest by consumers or computer manufacturers to invest in this technology. Issuers broadly indemnify cardholders from Internet fraud; therefore there is little incentive for consumers to make such investments. Association rules allow issuers to charge back these fraudulent transactions to merchants, which further diffuses incentives to tackle the problem.
“Another factor, according to Buttafogo, is the percentage of Internet fraud transactions that may be classified as “familiar fraud.” A transaction may be legitimately initiated by the cardholder for a product that could be considered dubious in nature, (i.e., pornography on the Internet). When confronted by a family member the individual may deny knowledge of the transaction and then report it as fraud. A legitimately billed transaction can then be reported as “never received” and reversed by the issuing bank. The U.S. Banker in a December 2001 report on cyberfraud titled “I Didn’t Do It” suggested that pornography charges like these probably accounted for half of all online fraud.
“Buttafogo then spoke about an even more insidious abuse in the card not present Internet environment. Computer programs, such as CreditMaster and Credit Wizard, are easily available on the Internet, and can be used to generate sequences of 16-digit credit card numbers from valid bank identification numbers or BINs (the first six digits of any card number). This enables the criminal to quickly transact multiple fraudulent sales from online merchants whose security does not block sales to sequential numbers. According to Buttafogo, these programs are the favored tools of organized gangs who are believed to be responsible for a significant percentage of the dollar losses associated with Internet fraud.”
To sum up the above discussion, consumers lie and steal at a rate that easily surpasses the restrictions for fraud placed on merchant accounts, online transactions suffer from a lack of systems that can guarantee the identity of the person entering the transaction information, online purchasing is targeted by fraudsters with computer programs to find and use card numbers and finally, merchants must bear the responsibility of this fraud as there is no incentive for anyone else in the transaction chain to take corrective action.
I think there are some very simple things that can be done to start to address the issue without putting more burden on the merchants while still being reasonable to the interests of the rest of the stakeholders. I will address these options in the next issue. In the meantime, ensure that your gateway and your merchant account provider can clearly articulate their current fraud measures and that they are continually working on your behalf to identify fraudulent transactions such as blocking sequential numbers to reduce the cost of fraud for your business.
Melody L is chief operating officer for L3 Payments.