Like it or not, chargebacks are an everyday part of the payments ecosystem and whether they are legitimate, fraudulent or anywhere in between, they have consequences. As online transactions continue to surge, the prevalence of chargebacks has become a significant concern for merchants and businesses. Chargebacks occur when customers dispute a credit card transaction, leading to financial losses, damaged reputation, and increased operational costs. To mitigate these risks, both Visa and Mastercard have established chargeback monitoring programs.
These programs are continuously reviewing chargeback rates to pinpoint any merchants that are generating an unusually high number of chargebacks. If your numbers end up passing the program’s pre-defined thresholds, then you will become part of that network’s monitoring program but, what does that mean exactly?
Stripe does a fantastic job of outlining the various programs here (for Visa and Mastercard) so I won’t regurgitate this but rather, focus on some of the more unknown complexities of chargebacks and these programs. To recap, the main programs are:
Visa
- Visa Fraud Monitoring Program (VFMP)
- Visa Fraud Monitoring Program-3DS (VFMP-3DS) note: US merchants only
- Visa Dispute Monitoring Program (VDMP)
Mastercard
- Mastercard’s Excessive Chargeback Program (ECP)
- Excessive Chargeback Merchant (ECM)
- High Excessive Chargeback Merchant (HECM)
- Excessive Fraud Merchant (EFM)
- Excessive Chargeback Merchant (ECM)
- High Excessive Chargeback Merchant (HECM)
- Excessive Fraud Merchant (EFM)
If you have ever worked with chargebacks before or even glanced at the multitude of content out there, you will see the complexity. There are multiple programs with various layers, limits and rules. Unfortunately there is no “one size fits all” approach making it necessary to tailor your responses and have a multi-layer approach to chargebacks.
Generally, there are two things being monitored by these programs:
- The count of your disputes/chargebacks
- The rate of your disputes/chargebacks
The counts are simple enough, the sum of chargebacks raised during the given period (usually the past or current month) but these chargeback and fraud rates are calculated differently by Visa and Mastercard:
Visa calculations
Chargeback rate = # of chargebacks in current month / Visa sales in current month * 100
Fraud rate = # of Fraud Warnings in current month / Visa sales in current month * 100
Fraud amount = $ Fraud Warnings
3DS Fraud rate = # of EFW (Early Fraud Warnings) in current month / Visa 3DS Domestic (US) sales in current month * 100
Mastercard calculations
Chargeback rate = # of chargebacks in current month / MC sales in the past month * 100
Fraud chargebacks = # chargebacks with reason codes* 4837 or 4863
Fraud chargebacks amount = $ chargebacks with reason codes 4837 or 4863
Net fraud ratio = # fraud chargebacks in current month) / # sales in the past month * 100
Every chargeback is given a code that identifies the reason the chargeback was granted in the first place. In this example:
- 4837 = No Cardholder Authorisation
- 4863 = Cardholder Does Not Recognise - Potential Fraud
What are these Early Fraud Warnings?
These are fraud claims passed on by issuers to the schemes and subsequently to processors. For Visa this is called TC40 and Mastercard calls this System to Avoid Fraud Effectively (SAFE). In Stripe, these are referred to as Early Fraud Warnings (EFW) whereas Adyen refer to them as Notifications of Fraud (NOF).
As a result, you need to monitor both rates to understand where you stand at any given time and, more importantly, flag if things start to change for the worse. The chargeback count is a good early indicator of patterns shifting. If the overall numbers start to increase, this will most likely impact your overall rates. Ideally, set some internal limits that you track against. If you start getting close to these, intentionally lower limits, then you have time to act before you even get close to the early warnings of a monitoring program. This is also a really good way of visualising chargebacks across the wider business. One of the biggest challenges companies have is the unknown nature of chargebacks, we have heard of them, we understand they are generally negatively impacting but ultimately they end up being “someone else's problem”.
Example internal limits:
Visa
- Chargeback rate = 0.5% (EW* 0.65%)
- Chargeback count = 50 (EW* 75)
Mastercard
- Chargeback rate = 1% (EW* 1.5-2.99%)
- Chargeback count = 75 (EW* 100-299)
*Early Warning
Once you end up in a program (the exact measure, again, varies by program), you are accountable directly to the network and the rules they set out. You need to provide a firm plan of attack, take measures fast and continually demonstrate progress. Only when you have done this and maintained these improved levels for a period of time, are you released from the monitoring program.
Whilst in a program, you are subject to fees and fines, additional reporting and consultation with your processor (and the networks) as well as the internal pressure that will undoubtedly arise. The programs are built in such a way that they are compounding with the costs and damages only increasing if you don’t manage to reduce your chargeback rates.
Programs at a glance
Many of the guides and tools talk about the measures companies should take to make transactions more clear and to be as open and transparent with your users as possible. However, whilst this may reduce some chargebacks, it mostly focuses on building out your evidence so you are better equipped for challenging the chargeback itself. These measured include:
- Clear T’s & C’s that the users must acknowledge
- Confirming transactions (in-app and email/invoice)
- Better validation (3DS, AVS checks etc)
- Clear wording around what (and when) the user will be charged
What if you went further; better validation on emails (looking at domains, eliminating typos etc), enhanced billing descriptors, stronger authentication in markets that are generally more relaxed (CVV checks in the US for example)?
Fighting chargebacks is important and a process you should bake in early to your customer success/support model however, once the chargeback is raised, win or lose, that strike is made against you as a merchant. It is important to do the legwork to mitigate chargebacks occurring, where possible. This is the true challenge facing companies today. It is usually far easier for a user to raise a chargeback with their bank than it is to cancel a subscription directly with a provider.
Taking advantage of early signals to proactively reach out to users or even refund and cancel, prior to any chargebacks being raised, is a surefire way to start pulling these numbers down. There will always be a continual flow of chargebacks (especially friendly fraud) that runs through any business taking payments but, by taking steps early, you can vastly reduce this risk.