The MRC has written and educated extensively about the problem of first-party fraud (historically referred to as ‘friendly fraud’ and, most recently, as ‘first-party misuse’) and how to combat it effectively. In a recent MRC blog, MRC’s CEO, Julie Fergerson, talked about the launch of Visa’s Compelling Evidence 3.0 programme (Visa CE 3.0), introduced in April 2023.
In this article, we will address what’s happened since – and what comes next. Transforming how the industry deals with these new compelling evidence programmes will require a highly coordinated effort across all payments ecosystem participants: merchants, supporting fraud and dispute solution providers, card issuers, card networks, and PSPs/acquirers.
Each has a vital role to play in ensuring the promise of card network programmes like Visa CE 3.0 is realised. Without all the hand-offs in place and each party following the correct process, we won’t see all the potential benefits. Earlier this year, Mastercard announced it will also begin rolling out its First-Party Trust solution in 2024. In speaking with our merchant and payments ecosystem members, we noticed a few key misconceptions regarding CE 3.0 that need clarification.
To fulfil its dispute prevention benefit, CE 3.0 requires integration with Visa’s upstream tool – Verifi’s Order Insight. In the CE 3.0 pre-dispute flow, API-enabled access to the merchant’s qualifying data elements is what ultimately prevents the chargeback from moving forward and effectively shifts liability to the card issuer. In addition, these prevented disputes will not be reported as fraudulent transactions, positively impacting merchants’ fraud ratios.
However, in markets that have regulated Strong Customer Authentication (SCA) (such as under the PSD2 directive in Europe, as well as emerging regulations in Australia and Japan), there is a belief that CE 3.0 is less compelling since merchants don’t bear the chargeback burden for fully authenticated transactions. While merchants won’t see the chargeback for SCA-compliant transactions, this is problematic in a couple of ways.
Firstly, even issuer-liable fraud transactions must be reported under TC40 requirements – any merchant with sensitive fraud ratios will not see this benefit without CE 3.0 participation. Secondly, if issuers don’t have the opportunity to present compelling evidence to the cardholder, we’ll miss the key benefit in all of this: cardholders accepting accountability for good transactions they performed. Even in SCA-regulated markets, it will take global industry adoption for this new generation of compelling evidence to eliminate the pervasive problem of first-party misuse. Merchants should think about the ultimate benefits downstream if they participate now – the chargeback is just one input into the overall value equation.
A subscription merchant recently asked us why they haven’t seen much of a win-rate impact in the post-dispute flow since the introduction of CE 3.0. For this to happen, multiple parties must follow the right process.
Firstly, as defined by Visa, acquirers must pass the compelling evidence in the correct questionnaire format. Secondly, if the qualifying evidence meets the CE 3.0 criteria, the card issuer should accept it and the merchant ‘wins’ the representment. Because the CE 3.0 programme is new, it will take time for all the hand-offs and supporting processes to settle into a predictable rhythm. Once the merchant knows the right questions to ask their payment processors, feedback can be provided to card issuers so they can adjust their dispute resolution procedures and refine their team training. These learnings are taking place all over the industry right now – often facilitated by organisations like the MRC, and sometimes simply through real-world trial and error.
There is a parallel journey happening now in the global regulatory landscape. As regulators look to impose tighter controls on fraud prevention through SCA, it’s imperative to closely consider the progress we made on next-generation compelling evidence programme adoption. Genuine fraud and first-party misuse are intimately tied together, and we need to think about them in parallel.
One good example is AusPayNet’s published CNP Framework. The MRC has been consulting closely with AusPayNet in Australia, as they made the effort to introduce tighter fraud ratio controls (20 basis points) into the market. While not a hard SCAmandate on all transactions, the framework requires merchants to put SCAcontrols in place progressively as they breach the threshold over successive months. It’s pivotal to remember that for many digital goods, merchants’ first-party misuse can easily exceed 20 basis points – and SCAwill not address it, given that these transactions are not fraudulent.
This is a great example of how regulators should pay close attention to their card-not-present (CNP) fraud programmes to ensure their requirements are in lockstep with the scaling of card network compelling evidence rules and standards. It will take time for these programmes to fully launch, mature, and scale. Setting appropriate overall fraud reduction goals for merchants that are aligned with compelling evidence programme efficacy is a vital part of keeping the industry fair and balanced.
Compelling Evidence 3.0 is the start of a transformation in the payments industry to finally address the damaging consequences of first-party misuse. We need a global, coordinated push, and a harmonised approach – across all card networks – to fully realise the benefits that all stakeholders in the ecosystem will share. With Mastercard’s incremental rollout of First Party Trust, we should begin to see greater industry alignment by the end of 2024.
This editorial piece was first published in The Paypers' Cross-Border Payments and Ecommerce Report 2023–2024, which taps into the fast-growing cross-border market and provides a comprehensive overview of trends and developments that are pivotal in this space, being the ultimate source of information for ecommerce businesses interested in expanding globally.
Keith is a 25-year payments, fintech, and fraud prevention veteran with functional expertise in product management, marketing, and corporate strategy. He currently co-leads the Merchant Risk Council’s advocacy efforts, working closely with MRC members, including the world’s top ecommerce merchant brands, card issuers, solution providers, advisory organisations, and card networks.
The Merchant Risk Council (MRC) is a globally recognised industry association dedicated to enhancing online payments and fraud prevention. Comprising a diverse network of ecommerce professionals and experts, MRC facilitates collaboration and provides valuable insights, tools, and resources to safeguard businesses against online fraud and ensure secure digital commerce experiences.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now