Commentary by Michael Campbell, Senior Associate – Acquiring & Issuing Risk Specialist

Merchant risk management is an art as opposed to an exact science; no acquirer should be lulled to sleep by five plus years of low levels of chargebacks with any high volume merchants.  It is easy to do when the merchant has great name recognition and has been in business for many years; however, there are far too many cases wherein a merchant changes the nature of their business, slows down on the delivery of their product or decides to shut their doors.

Three key principles of risk management comprise the merchant’s nature of business: product and delivery cycle, fraud risk, and financial solvency.

Understanding the nature of the business includes a thorough and ongoing review of the product and delivery time frames. Some of the largest losses in the acquiring industry have been cases where cardholders have received their product with high-level promises; for example, in the form of a Ponzi scheme wherein the merchant eventually takes off with the money or the FTC shuts the merchant down after an investigation.  There are too many mid six figure to low eight figure losses after an acquirer woke up to find high chargebacks or the merchant’s name in the news due to questionable business practices.

Monitoring fraud risk is a great key to controlling losses, but an acquirer cannot stop with the verification of a card transaction or even documentation on the transaction.  Too often an acquirer will allow a merchant to exceed reasonable and established processing volumes.  This often occurs because the decision was based on a call to the issuing bank verifying the sale as valid or was allowed after obtaining copies of the documentation from the merchant.  Fraud teams must go beyond the position of mere verification of a valid sale and ensure they truly understand the merchant’s nature of business.  We have seen highly significant losses where a substantial number of cardholders have verified they received the product and are very happy, and then later initiated chargebacks when the merchant did not fulfill the second part of the transaction or the product did not produce the promised end results.

Financial risk is probably the hardest risk to manage and identify concerns.  In many cases the merchant either does not want to divulge financial information because they do not see the acquirer as a creditor or the merchant knows their financial status will raise concerns.  The concern is greatly enhanced by the number of acquirers who choose not to monitor credit risk or do not understand the advance payment nature of the business.  There are major events where the acquirer was lulled to sleep by five plus years of clean processing experience or was afraid to ask for sufficient financial information for fear of losing a profitable, low chargeback customer to a competitor by requesting additional information.  Agreeably, it is a balancing act which includes weighing the need for information against the potential of losing a profitable merchant.

The bottom line can be addressed through a few simple questions.

1. How well does your team understand what their merchants are selling and how long does it take to complete fulfillment when approving the merchant account?
2. How should credit risk be calculated, monitored, and reviewed on an ongoing basis?
3. Remember that last year’s losses are not always indicative of this year’s results – are you knowledgeable of the organization’s appetite for losses?
4. Does the fraud team look at risk comprehensively or just try to verify the validity of the transactions?
5. Is there a process for calculating risk at the time of boarding with ongoing calculations?
6. Has there been a third-party review of practices and procedures in the past two years?

Click here to learn more about our Risk services.

Contact TSG for more information on how we can help manage your risk.

Main: 402-964-2617

Email: Info@TheStrawGroup.com