ACTA Fraud Update
ACTA attended the third Canadian Travel Fraud Prevention Group (CTFPG) Meeting on May 30 at Toronto Pearson Airport. This is a joint committee ran by ACTA and IATA. The following information is condensed notes from the meeting that ACTA would like to share with our members.
The terms chargeback and fraud are used interchangeably, but in fact, it is not accurate since not all of chargeback cases are fraudulent. Other causes are related to processing errors and authorization issues.
- 80% of chargeback cases are fraudulent and out of those cases, 80% are related to no cardholder authorization issues. The top chargeback types for airlines are
- No Cardholder Authorization
- Cardholder does not recognize
- Goods or Services not provided and credit not processed.
- The chargeback cycle for non-PIN transactions involves chargeback, second presentment and arbitration chargeback. In Cycle 1 (Chargeback), an affidavit, which can be taken in various formats, from the customer is required contesting the transaction. A filing fee of $500.00 is charged if the merchant loses the case. Typically, a merchant has up to 120 days to submit a chargeback.
- One main challenge is providing the name of the cardholder to the merchant. Master Card advised that it is not mandated but a recommended best practice.
- Steps are being taken to streamline the dispute process and eliminate certain chargeback codes.
- Best approach to chargebacks is prevention in the first place, secure the transaction upfront, effectively authenticate customer and deal with the issue at the very beginning. Authentication is a part of the arbitration process. The agent initiates arbitration and Master Card makes a decision based on the evidence provided.
- Service Not Rendered chargebacks address only whether the flight flew, not who flew on the flight.
- A Chargeback Guide is available on-line at https://www.mastercard.com
CURRENT FRAUD CHALLENGES IN CANADA
- Concern regarding card-not-present and internal fraud, especially with independent contractors.
- L’Association des tours opérateurs du Québec (ATOQ) pointed out that workflow processes areoutdated and the way the industry does business would have to change in order to reduce the exposure to fraud. Lack of information being shared internally and externally is also an obstacle and the group has to keep talking, share information, set up a committee to deal with “friendly fraud”. (“Friendly fraud” – using the services, paying for them and then disputing the charges.)
- Air Canada advised that agencies should be alerted regarding fraud attacks and they have adopted measures including the addition of more resources, password protection and working on a solution to alert agencies and checking bookings.
- RCMP highlighted the importance of reporting cases to law enforcement and include as much detail as possible including IP addresses.
- The Canadian Anti-Fraud Centre has an online reporting tool called the Fraud Reporting System (FRS), located in the “Report an incident” section of the Canadian Anti-Fraud Centre website for users to report a fraudulent activity. The RCMP will use the data provided and cross reference with their files. Participants can reach the Canadian Anti-Fraud Centre by email: firstname.lastname@example.org or email@example.com and by phone: 705-494-8845.
3-D SECURE BENEFITS & HOW TO AVOID SALES FRICTIONS
Card-not-present fraud constitutes the highest monetary loss has increased by over 26% between 2015 and 2016.
- With technological changes underway, credit card not present fraud will reduce. VISA has tools but not all of them are used.
- Currently cardholders have to setup a password to complete transactions and merchants are not in favor of this since it deters customers from completing transactions and it results in a loss of sales.
- In the future it will be based on risk authentication and users will no longer have to setup passwords. If the transaction is found to be risky, the issuer can send the cardholders a temporary password to enter.
- 3-D Secure 2.0 works because 10 times the amount of data will be shared with the issuer in order for them to make a decision. There are two separate tracks in the decision-making:
1. Authentication: To determine the cardholder with the extra data
2. Authorization: To determine if the transaction is through a Point of Sale (POS), swipe, PIN, what country did the transaction take place in, the time and date of the transaction and CVV.
- There will be zero liability for consumers, they will not have to enter a password, reduced cardholder friction and maximized approvals and increased sales.
- If there is a fraudulent transaction done through Verified-by-Visa, merchants will not be held liable. However only about 3% of the merchants in Canada are subscribed to Verified-by-Visa.
- Participants advised the main problem they would like to focus on is how to implement 3-D Secure 2.0 in Canada for airlines, travel agents, GDSs and tour operators. A coordination committee has been formed with four participants that include ATOQ, ARC, VISA and WestJet
- GDSs cannot support 3-D Secure or Verified-by-Visa.
- Currently Global Distribution Systems (GDS) do not require CVV to authorize transactions
- A pilot project by VISA has introduced a Dynamic CVV Chip Card where the CNN number changes hourly. The challenge is that the card is expensive to produce
Fraudchasers is a secure online fraud discussion forum that allows industry fraud experts a place to share information and best practices. Fraudchasers offers a discussion forum to facilitate the sharing of information and staying connected. To join the Canadian forum for Fraudchasers send an email to firstname.lastname@example.org, please include ‘CTFP Group Fraudchasers Access Request’ in subject line. Also, include in your email: Your Name, Organization/Company Name, Job Title, Email address, Phone number, Country