When customers make a purchase online, they’re unlikely to give a second thought to what goes on behind the scenes. It’s generally a matter of entering card details, clicking ‘pay now’, and, within seconds, finding out whether the payment has been accepted or declined.
What is going on under the hood, however, is critically important. Before a merchant’s bank can process the payment, it must confirm that the customer’s card is good for the money. This small but vital intermediary role is handled by a payment gateway - a virtual middleman that determines which payments should or should not be authorised on behalf of the online shop.
To do that, gateways need only use very basic information: the card number, expiration date and security code alongside the name of the cardholder and billing address.
“An authorisation is really nothing more than validating that there is credit available on that card,” says Joe Libby, vice president for strategic initiatives and organisation operations at Kount, an Equifax company. “If credit is available, the gateway feeds the initial transaction data to the payments processor to complete the payment.”
Because the aim of payment gateways is to make the process as smooth as possible for both the merchant and the end customer, speed is critical. Yet the escalating toll of online payment fraud introduces complexity to the idea of frictionless digital transactions. A recent Juniper Research study forecasts a staggering global trajectory for online payments, poised to surpass $362bn in losses between 2023 and 2028. Governments and regulators are clamping down on the issue, recognising that simply establishing if an end customer has sufficient funds available on their card is insufficient.
Card providers such as Visa and MasterCard are also stepping up to reduce first-party misuse, or ‘friendly fraud’, where customers dispute valid transactions, either because they regret their purchase or they simply don’t recall making the payment.
“This is a huge portion of what is deemed to be fraud,” says Libby. Indeed, according to a recent Datos study, 75% of fraud experienced by ecommerce sellers is first-party misuse.
To combat this type of fraud, Visa has introduced new rules, Compelling Evidence 3.0, that it says will curb losses for small businesses by giving merchants more ways to prove that a disputed card payment was genuine. MasterCard has also launched its ‘First-Party Trust’ programme along similar lines.
“These programs require the collection of very specific data points in the pre-transaction phase, constituting more data than what many gateways typically collect,” says Libby.
These data points include the email address and shipping details, but they can also extend to the IP address, user login, and the device ID or fingerprint used in the transaction. If the merchant can provide at least three of these as evidence that the cardholder initiated the payment, the card provider will dismiss the dispute and the merchant will be spared a chargeback. Using a gateway capable of collecting this information may seem like a minor consideration, but it may well be a strategic win for merchants looking to minimise their exposure to fraud risk.
“Different payment gateways have different capabilities from a fraud perspective, but they are generally fairly limited,” says Libby.
Some gateways are already using fraud screening tools, which scan for potential red flags such as instances of rapid card use or repeated attempts to use a card from varied locations. Such platforms may also capture the IP address and overlay it with other demographic information to determine if there is a potential problem with the transaction. However, the imperative to curtail fraud introduces a challenge: gateways run the risk of inadvertently blocking legitimate transactions. This is what’s known in the industry as a ‘false positive’.
“The better gateways will eliminate false positives, but there’s always going to be some overlap,” Libby warns. “As long as it’s a small enough percentage, it’s not going to be impactful for the merchant.”
Retailers may occasionally configure the gateway to adopt a more rigorous approach, even at the cost of blocking payments that should have been authorised. This is especially common when merchants deal in high-value goods, as potential losses from a fraudulent transaction could be substantial.
Gateways are not inherently designed to be fraud prevention platforms, and vice versa. There’s a clear synergy for them to collaborate
The good news is that fraud prevention tools are also getting better at recognising problem transactions. As they continue to build up more data points over time, the rate of false positives will no doubt fall, says Libby.
He adds that the urgency of the online payment fraud problem necessitates increased collaboration between payment gateways and fraud prevention platforms. “Gateways are not inherently designed to be fraud prevention platforms, and vice versa. There’s a clear synergy for them to collaborate and advance the shared objective of card brands - to reduce overall disputes within the payments ecosystem - from a regulatory perspective,” he elucidates.
By joining forces to identify and eliminate malicious actors, the payments industry can play a vital role in supporting merchants and bolstering the broader economy. “There is intrinsic value in supporting merchants, enabling them to maximise their potential growth without succumbing to the negative impacts of fraud and losses,” Libby explains.
The risks that come with repeated chargebacks can be immensely damaging to businesses. Beyond potential financial losses, merchants may also be met with additional chargeback fees and fines, particularly if there is a violation of a chargeback programme. “Once you get to a point where your merchant account has breached a programme and been fined by the card brands, you risk losing the ability to process payments altogether,” says Libby. “So not addressing fraud up front collectively within the industry really can lead to merchants losing their businesses.”
This underscores the need for payment gateways to work with fraud platforms to provide a more robust product for their merchants and ensure their longevity. “The benefit of working together is a pretty powerful story,” says Libby. “The biggest thing for payment gateways is to focus on making sure that the right data is being collected to allow merchants to leverage the dispute processes within card brands.”
Therefore if the gateway doesn’t have all that information - and most of them don’t, says Libby - then collaboration between payment gateways, fraud prevention platforms and sellers will be an essential safeguarding measure in the future fraud landscape.
For more information, view Kount’s chargeback management solutions.
When customers make a purchase online, they’re unlikely to give a second thought to what goes on behind the scenes. It’s generally a matter of entering card details, clicking ‘pay now’, and, within seconds, finding out whether the payment has been accepted or declined.
What is going on under the hood, however, is critically important. Before a merchant’s bank can process the payment, it must confirm that the customer’s card is good for the money. This small but vital intermediary role is handled by a payment gateway - a virtual middleman that determines which payments should or should not be authorised on behalf of the online shop.
To do that, gateways need only use very basic information: the card number, expiration date and security code alongside the name of the cardholder and billing address.
