Merchant acquirers are making big changes to fight a recent surge in card fraud, but those changes could cost credit unions a lot of money.
According to Monica Eaton-Cardone, co-founder and COO of dispute mitigation and risk management firm Chargebacks911, a spike in card-not-present fraud in recent months has prompted acquiring banks to put more and more online retailers on their unapproved lists. The result is a mushrooming number of declined transactions, which could threaten interchange income for credit union card issuers.
"The risk of fraud and the expense of fraud has become such an issue in the industry that it happens to be the one enemy that everybody has in common," she told CU Times. "So even the acquirers now are saying, 'What things are you guys doing on your end to help proactively prevent these types of things?'"
The trigger was the Oct. 1 EMV liability shift, which transferred the cost of card fraud from EMV card issuers to parties in the authorization chain that don't support EMV cards. EMV cards generally just mitigate fraud perpetrated at physical point-of-sale locations, however, which is why criminals are quickly pivoting to card-not-present fraud typically perpetrated in online purchases.
And it's a big pivot. In 2014, about $10 billion in card-not-present fraud occurred; that's forecasted to roughly double to $19 billion by 2018, according to Javelin Strategy & Research.
Today, 55% of all card fraud is perpetrated online. In 2014, it was 42%, according to a recent LexisNexis study of 959 risk and fraud decision-makers and influencers.
It's also up to seven times harder for merchants to detect fraudulent transactions that aren't done in person, according to the LexisNexis study.
Given all that, online retailers can look increasingly risky, which is fueling demand for third-party providers that use algorithms to flag potentially fraudulent transactions.
But there can be serious flaws in automating that process, Eaton-Cardone warned. One of the biggest is the potential for false positives. According to Javelin, more than 15% of all cardholders had a transaction falsely declined due to suspected fraud in 2014.
"How do you predict behavior? It always starts with a trial-and-error process," she said of the algorithm approach. "Unfortunately, you have innocent retailers who become guinea pigs, innocent cardholders who become guinea pigs."
Automation can rely too much on the assumption that if one merchant has a high fraud rate, all similar merchants must be risky, too, Eaton-Cardone noted.
The price of the resulting erroneous declines can be very high for merchants and issuers.
"The total amount lost due to false declines in 2014 ($118 billion) was vastly greater than the total amount lost due to actual card fraud ($9 billion), and avoiding that lost business is a priority in an industry where customer loyalty is at a premium," Javelin found.
For credit unions, that may mean dealing with members who blame them for declined transactions or even switch to other cards they believe "work."
"By casting a wider net with fraud solutions, merchants expect to keep fraud in remote channels in check. Yet we know this isn't working as fraud losses as a percentage of revenue continue to trend up, rising from 0.68% in 2014 to 1.32% in 2015," LexisNexis reported.
"What's needed is actually more intelligence and a better method of actually scoring a merchant," Eaton-Cardone said. "That's a huge issue currently that we see – there's no standardization on how to score a merchant to identify that they've reached this risk."
The approach should be totally different, she said.
"It shouldn't be behavior, trends and transactions," she explained. "It should actually be, how's their fulfillment? Do they answer the phone? How's their operations? How creditworthy the owner is. Is there growth? What about the quality of their product? These are the types of things that you would think logically would score a merchant. We have to wait for our technology to advance a bit."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
