By Melody Lashmar Operation Choke Point and increased pressure by bank regulators on Financial Institutions to identify and eliminate merchant fraud has certainly increased the monitoring efforts by banks regarding their payment services. Under Operation Choke Point, Financial Institutions, ISOs and IPSPs are being held liable and accountable for their merchants’ fraudulent activities.
The FTC has communicated that Financial Institutions and payment processors know or should have known about any deceptive acts or practices of their merchants. They lean on the assumption that these deceptive acts and practices are visible through the payment processing activities of the merchants.
The bank regulators have been publishing bulletins and incorporating into their exam processes, communication regarding the increased risk of banks to work with third party processors. They cite in their communications that indicators of fraud include: chargebacks, having multiple merchant accounts, having multiple bank or payment processor relationships, increasing online customer complaints and elevated rates of return. The regulators even go so far as to say that the solicitation for payment processing to a distressed financial institution, one seemingly looking for easy revenue, suggests that the soliciting party (payment processor or merchant) could be engaged in “improper or illegal conduct”.
The Financial Institutions are creating more transaction level monitoring as well as leveraging third party technology companies that specialize in comprehensive merchant monitoring. Some of the third parties that the Financial Institutions use are G2 Web Services, ControlScan Inc., Identity Mind, and Trustwave. By visiting any of these companies websites, you will get an idea of just how much data they can report back to the bank or ISO about your activities.
Now that you have an indication as to why banks seem to be getting a little less tolerant, and how they are protecting themselves, here are 5 common reasons that your bank may flag your merchant account, even though your account is compliant with card association rules:
- High Refund Ratio.
Although there is no predetermined ratio or a rule against issuing refunds to consumers, and it is a transaction that is necessary when conducting regular business, an increase in refunds or an increase in the ratio for refunds to sales can get your account flagged for further investigation.
- Online Consumer Complaints
Banks are now monitoring the complaint boards for feedback on their merchants. It is a process that is performed during the initial underwriting activities but we are seeing more often that these banks are also looking regularly at the feedback online to discover bad activities faster. When the banks see an increase in complaints it is likely that this will trigger some interaction with the merchant to explain why this is occurring and what they are doing about it.
- Unusual Activity
Do you have a high ratio of prepaid cards hitting your account? Do you have a particular BIN from which you are receiving lots of payments? Do you have a sudden increase in sales? Although these occurrences can be natural and not fabricated in any way, it will often result in your account being flagged at the bank for further investigation. Banks are performing both BIN analysis and velocity checks on your transactions.
- Changes to your Website.
Banks have monitoring tools that will notify them of changes on your registered websites. This will notify them of language changes, pricing changes, T&C changes, hosting changes, link changes, etc. If these changes are undesirable or change the risk profile of your account, then you will be hearing from your merchant account provider as well.
- High Decline Rates
Card transactions can decline for many reasons but an overall high decline rate on your merchant account will flag the account for further investigation. For example, a merchant with a high number of 'Pickup' or 'Fraud' declines could lead the bank to inquire about your traffic sources.
We are seeing an unprecedented level of scrutiny on payment providers and the financial institutions that partner with them. With this aggressive behavior by law enforcement and regulators, financial institutions and payment processors simply have to put into place technology and process that provide layers of protection against any potential merchant fraud. As a result, even compliant merchants will be flagged by these systems.
Some practical ideas to address these issues:
- It is in your best interest to notify your payment processor if you are making any significant changes to your business. By being proactive with your merchant account provider you will alleviate the unnecessary intrusion into your business and provide the bank with the information necessary to demonstrate that they are informed and have evaluated the risk associated with the change.
- You should address consumer feedback on the complaint boards. You should even consider making changes to your processes if there are a significant number of similar complaints.
- Work with gateways and other third party technology companies to help make your transactions as valid as possible.
- Ensure your payment pages are clear to the user and that you have scrubbing technology to reduce the number of transactions that you send through your account that will be declined. Not only will you keep your decline ratios lower but you will keep your bank fees down as well.