Keeping Your Business Safe: To Pivotal Payments' Risk Management Team in Action
October 1 2015 |
This insightful interview with one of Pivotal Payment's Risk Analysts will help you understand the importance of risk management in the Payment Processing Industry, and will explain some of the measures that the Risk Team takes to catch and prevent fraud.
Q: How does the risk team help to reduce potential fraud on merchant accounts?
A: Here, in Risk Management, we constantly monitor transactions, analyze patterns and track trends. We work with issuing banks and receive notifications for unusual activity on cardholder bank accounts. We can advise a merchant to postpone the shipping of a product until we confirm that the information provided by the customer matches the information of the cardholder so the merchant doesn't lose any inventory. While it's not always possible to prevent fraud, we do our best to warn our merchants and to keep them well informed.
Q: What do you mean by "analyzing patterns"?
A: Imagine a cardholder named John from a small town in Oregon. John likes fishing and doesn't believe in online shopping. He doesn't travel and his buying habits have stayed pretty much the same over the last 10 years. Now let's say the issuing bank notices a purchase of expensive electronics somewhere in Alberta. If this transaction is caught on time, we could potentially prevent losses for all parties by informing the merchant to delay shipment until the transaction is validated. Unfortunately this is not always possible due to multiple factors and cybercriminals becoming smarter, but we are doing everything in our power to catch and prevent fraud.
Q: Why are you putting some refunds on hold?
A: A refund usually goes through if there is a matching sale on the same card number in the system. When the system fails to find one, the transaction is placed on hold and the risk analyst has to manually check what's going on there. This is done to prevent unauthorized refunds or refunds processed by mistake. Did you know that up to 40% of the refunds were actually meant to be processed as sales? Employees do make mistakes and these systems are meant to reduce the impact.
Unfortunately, employee theft remains a big issue for a lot of businesses. Setting up refund limits, setting up a password on the terminal level and checking for matching sales helps prevent large unauthorized refunds.
Q: What determines the risk on merchant accounts and what are the main risk factors?
A: The risk in payment processing industry is complex and there are many variables that determine the level of risk on an account. I would say that the risk in merchant services could be compared to a revolving line of credit. Here are a few items that the industry takes into consideration when determining the level of risk:
- Projected sales volume vs available financial resources
- Debt to equity ratio
- High percentage of deferred revenue
- Industry type
- Product or service delivery date vs payment date
- Method of billing (recurring billing, billing for services provided in the future)
- Card-present vs card-not-present environment (swipe/chip vs manually keyed transactions)
Q: What is an example of a situation where a merchant service provider incurs risk?
A: Let's say a merchant sells annual gym memberships and then goes bankrupt half way through the year. In this case there is still half of a year of financial obligation for the merchant service provider. Essentially, if the merchant can't fix the situation using their own financial assets, the merchant service provider would be liable for losses and possible chargebacks.
Q: What would you like to communicate to our merchants?
A: I'd say be pro-active. Train your employees to look for red flags and go the extra step when it comes to verification. Give us a call if you have doubts about a transaction's validity. Inform us of any changes to your volume or average ticket size. Ask us how to reduce the risk of getting a chargeback and to prepare your documents to contest it if you get one.
Our main goal is to provide you with maximum security while having minimal impact on your day-to-day operations.