Payments fraud doesn't begin and end with stolen credit cards. There are sophisticated international networks of criminals who dedicate their entire lives to scheming and scamming merchants and consumers for every cent that they can extract. But there are also experts in the payments fraud field who are actively fighting back. True Fraud features real-life stories of the battles that are raging across the world, one transaction at a time.
Hello. Welcome to the new episode of True Fraud. My name is Pablo Torres. I'm your host. And today we're going to talk about the risks associated with recurring transactions.
Pablo Torres:If you want to learn more about how to mitigate the risk of your business, you can go to withreach.com. Before we jump into it, I think it would be a it's a good idea to define what are recurring payments, AKA subscriptions. I think these have been around for a long time now, but they're definitely getting a lot more traction lately. The reason for that is because there's a lot of businesses nowadays, could be digital, SaaS, physical products that are selling products that are being shipped or delivered on a monthly basis. Right?
Pablo Torres:If you have a digital product, it might be a a digital license for some sort of, software that you're selling or something like that. And then this type of solution is comes very handy for your business. These recurring payments differentiate themselves from kind of like your one time payment because the setup of these payments is completely different with your service provider. And without getting into much detail, basically, what's important to to gather from this is that the the information that your service provider or whoever is is handling these payments for you is going to need certain details from your clientele and the people that are checking out on your website so that you can set them up for future payments without them being present. Commonly, these are known as, you know, like, if you if you segregate these recurring payments, you have your initial payment, which is, customer initiated, and then you have all the subsequent payments that are basically a merchant initiated payment, right, or a merchant initiated transaction.
Pablo Torres:CITs and MITs. The the reason why it's so important to segregate these is because there is a very tangible cost associated with the way that you're handling both of these. I guess I'll kind of digress a little bit. Having recurring payments with a business like a, you know, a SaaS, that that offers a SaaS. But, yeah, this this is a great of, a great way of locking in revenue where you don't need to, you know, spend more money or spend more time thinking of how am I gonna get people, into my website and create that that revenue.
Pablo Torres:So that's number one. The other one is, when you're insuring when you're locking in that that revenue, then we're talking about transactions that you have already pushed through maybe your regular transaction monitoring. Right? So, like, if you have a fraud engine, there's a cost associated with it. And so when you are segregating the the merchant initiated transactions and the and the customer initiated transactions, then maybe your,
Pablo Torres:fraud monitoring or at least that kind of, like, bigger umbrella of the
Pablo Torres:subscription model for that customer. And so when you have that fraud engine that's gonna be looking at, you know, like, the device fingerprint or, like, any other criteria, and then you're gonna be kinda mixing it with the data that's available from other clients, then this is kind of like the the brunt cost of generating that future revenue. And so when you complete that analysis for that customer initially, and they've had they have gone through all the the red flags, I guess, if you wanna call it that, of your system, then you know that any subsequent payment that you're gonna get from that is gonna be something that it where the risk profile of that transaction has been brought down to a minimum. The only risk associated with those transactions at that moment would be linked to maybe account takeovers, which, of course, you know, there's gotta be some sort of sign in sign ups, monitoring for that matter. Or it may be it may maybe there's a concern with the quality of the product or maybe they didn't the link that you provided doesn't work anymore, it expired, or something along the lines, then those could still generate a chargeback, right, or a dispute at that at that point.
Pablo Torres:But from a fraud perspective, then the risk associated with these with this new revenue has gone from, you know, a 100% to maybe 10-15%. So it is it is definitely a a good way of diversifying the revenue that you're getting, that you're drawing to your business. So some of some of the special considerations that you should have when you're looking at this type of volume. So you're looking at transactions that, like I mentioned, the first transaction is gonna be the one that carries the higher, risk profile for for the payment. Right?
Pablo Torres:And then once you establish that that monitoring and you have gone through all the all the checks with with that payment, then any subsequent payment, you're gonna be treating it in a very different way, which means that maybe you may not be doing the same fraud checks that you were doing with those initial transactions. And that also means that because of that, maybe you're not running running them through all of the checks that you that you normally do or which could also translate to maybe different types of engines that you that you are that you are using to to identify fraud. And so by doing so, then you can minimize, or lower that, cost associated with with those payments. Also, because you're not looking at that data, then it gives you the time to focus on anything that's net new knowing that the risk profile of the new the payments for these relationships that you're establishing with these clients, are basically risk free, if you wanna call it that. Recurring transactions is definitely a great way of generating clean revenue for your business, especially when you know what you're doing.
Pablo Torres:Recurring transactions or recurring revenue, it's kind of a bit of a double edged sword. When you're looking at the way that maybe you're handling your business, if you know what you're doing, if you know your product, then you know that the quality is there, you're providing good customer service, then, yes, absolutely. Your risk, that profile of that risk profile that you're looking at on each payment is significantly lower. If you're just providing subscription model for the hell of it and just to get more money, but you're not kind of backing up the the quality of the product. You're not providing good customer service.
Pablo Torres:There's nobody that's answering calls to, you know, ask where the product is or how they can use it or, you know, maybe like I said, you know, if it's a SaaS, then the link that, that you provided initially is not valid anymore. It expired. There's there's many ways of of kind of messing things up when when you're offering doing, then that's just clean revenue. When when things get ugly, they get ugly very fast because it normally is not gonna be kind of like a one customer, one issue. It's gonna be 20 customers having the same issue.
Pablo Torres:Right? And so if you don't take care of things, then you can it it's kind of like a snowball effect. Right? This is why, you know, listening knowing your customers and and understanding their purchase habits and understanding what they're looking after with your product provides so much insight into how you can scale your business up. Up.
Pablo Torres:When you have a a product that's giving you a lot of headaches and you're offering it in a subscription model base, those those are normally gonna translate into not just one chargeback. It'll translate into the chargeback for the transaction this month. And maybe depending on how often you're doing it, like, if you're doing on a biweekly, monthly basis, it could translate into the payments that or the products that they bought through you, you know, like, two months ago. So one one complaint could turn into three or four different chargebacks from the same customer. So if if a customer, for example, they're not they don't are unhappy with the the product, the quality of the product, the the service, or something like that, they could go back to their bank and say, you know what?
Pablo Torres:I've been dealing with with this this product, this merchant specifically for the last two months, three months. They're not helping me. I want my money back. They're not just gonna go back and do the the first payment. You know?
Pablo Torres:Like, you're gonna show the bank that you're you've been trying to fix this issue with the merchant and the and the merchant is not helping you. The bank will 100% back you on that. And they'll file disputes for the two or three payments that you already have going through them. So there there's there's certain types of of merchants nowadays that as you're going through the checkout flow, you don't realize that you're getting into a subscription model, which is very dangerous. Right?
Pablo Torres:Because you expect to see maybe a single time payment on your bank, on your bank account or your or your bank statement. And suddenly, you know, two weeks later, you get another package or maybe a month later, you get another package and you get another charge. And so you as the buyer, you're wondering, okay. So I do recognize the this first payment for $20. Why are you charging me another $60 on top?
Pablo Torres:And it's because at the time of the checkout, the this subscription model that we're talking about wasn't clear enough for the buyer, and it wasn't, I guess, expressed, clearly, and it wasn't displayed clearly on the screen for the buyer for them to to be able to either opt in or opt out of it. Now the FTC is taking steps into, you know, making sure that all of the merchants that are offering this type of of business model then, or programs, I guess, they're making it so that customers like that. They're trying to empower the cardholder so that they can go to the website and and they can cancel their own subscriptions, which which I think is is a great way of of dealing with it. There's the other side of that. Right?
Pablo Torres:So if the FTC is doing this, then I'm sure that there's gonna be a lot of merchants that are gonna say something like, oh, well, anyone can go into our website, and they can cancel their subscription. So let's just offer it to everyone and make it kind of ambiguous, for the buyer to understand if they're getting into a a subscription plan or not. And then, you know, you're going through the checkout. Suddenly, you didn't even realize it until the second month, and then you get another charge. And then you're like, oh, well, I already have the goods.
Pablo Torres:Now I'm just gonna go and cancel that that subscription, which is kind of crazy to to think about it that way. But that's that's how a lot of businesses operate these days. And and the disadvantage for the buyer is that you're getting, yes, you're getting another box with more product, but it's something that you didn't want or need initially. And in addition to that, you're, going through the expense. Right?
Pablo Torres:Like, you you already spent the money. And a lot of people just think of it logically as in, like, well, just keep it, cancel the the membership, or cancel the subscription, and that's it. You know? But, it shouldn't be like that. That's that's not, I guess, an ethical way of operating.
Pablo Torres:Yeah.
Pablo Torres:You know, if you if you're
Pablo Torres:a merchant, if you're a business that's that's, offering this type of service, I guess, it is very important to to know how you're gonna address these type of situations, especially with the changes that are coming up for Visa with the new VAMP program. The chargeback ratio that or how it's going to be calculated with a new program is slightly different from or rather very different from, the previous programs. Now we're not looking at, you know, kind of like a fraud program separated from chargeback program. We're looking at everything combined. We're also looking at you know, for a merchant that has, maybe that is using, RDR or CDRN or one of other verify other products, then those disputes are not gonna count towards that.
Pablo Torres:However, not all payments turn into a chargeback. And so the clear example that, as we were talking about earlier, is that customer that gets that second box, and they're like, I didn't want this. You know? I don't recognize this. This this merchant, this website scammed me.
Pablo Torres:And maybe they and they'll call their their bank, and they might report the transaction as fraudulent. And but maybe they won't file a chargeback because they'll think, well, I have the product here. You know? I just wanted you, bank, to know that I I didn't agree to this. And so those transactions that are reported as fraudulent, that may not make it as, as a chargeback.
Pablo Torres:Maybe the the merchant refunded it prior to to it turning into a chargeback. Those are called TC-40s . And so all of those make it into that count. And that's that's where where an ecommerce, business could get into into trouble when when calculating, the new ratio with the VAMP.
Pablo Torres:You can if you're if you have
Pablo Torres:a business that's offering a subscription model, then, you know, you can make it work with for you, with you, and not against you in the way that if you are providing clear information for your customer, your buyer at the time of checkout, and they know clearly that they're getting into a into a into a a regular payment program, you know, you're you're empowering them to make that decision. And when they know that they're getting into something where clearly, by they accepting that they're gonna go into into a subsequent payment program, then that means that they also trust that the quality of the product or the service that you provide is there. And so that just adds that much more, value to to what you're offering. Right? I don't see people going into a website and kind of wondering, like, oh, I wonder if this is good or not, and then just, you know, yeah.
Pablo Torres:I'll take a subscription for the next, you know, twenty years of my life on a product that who knows? You know? So I I think when you're providing clear information for for these customers at the time of checkout, then you're you're empowering them. You're giving making them or guiding them to to make an informed decision. And then, of course, that means that, normally, those that type of clientele will stick with you.
Pablo Torres:And then, again, that risk profile of that customer in general, not just that transaction, goes way, way down. On the other hand, you can make it work against you if you're tricking customers into getting into some sort of subscription, and then, you're not making it very clear, and you're also not providing enough information as to what the payment cycle is gonna be. And then those can turn into chargebacks. So you're gonna affect the reputation of your business, but you're also gonna be generating a wave of chargebacks that could put you very well in into one of the card network, programs. So with subscription models, or businesses that that offer products, whether they're digital, or or physical products, and you're going into a recurring payment plan, your descriptor needs to be so clear because I am conscious that I am and I am aware that I'm making a a purchase in this moment.
Pablo Torres:Next month, I'll see it, and then I might remember, oh, yes. This. I bought this. And then and then I'm gonna get the package. Right?
Pablo Torres:Because a merchant is not going to ship a product that they haven't been paid for. So you're probably gonna see that payment first, and then you're gonna get the product a week later, five days later. Maybe it was already on the way when when they by the time that they shipped the order, or that they captured the payment. If your descriptor changes because of, some sort of issue with, the at the time of the the capture of the payment. Maybe the bank had some some issues with their with their platform, the payload of the the transaction or something like that.
Pablo Torres:That could turn that could get ugly very quickly. Right? So these people that have been buying this buying and paying the same product for the last six months, they're not gonna remember that they bought through you in that moment. They're just gonna see something that looks slightly different, and they're gonna say, what the hell is this? And so this is why being consistent with your descriptor, with what you're showing your your customers in the bank statement is so important.
Pablo Torres:Providing information about what that payment is gonna look like on their bank statement is critical. The number of times that I've gone and bought one coffee and then I go back home and, you know, I'm going through my papers or whatever. And then I see a charge, and I'm like, $5 for what? Who who is this? What is this?
Pablo Torres:And then, you know, like, $5 doesn't seem like a lot, but somebody that's, you know, kind of aware of all of this stuff immediately, I'm paranoid, and I'm going into my head thinking, oh my god. Somebody compromised my credit card. And then suddenly, I'm gonna remember, oh, wait. I bought that coffee. And it's it's just stress and friction that you're adding to your business that's 100% unnecessary and 100% avoidable.
Pablo Torres:So a clear descriptor is yeah. If you're the cardholder, you will see the descriptor. When I say descriptor, it's the name of the business the name the name of the merchant, the website, if it says a brick and mortar store, something like that, it is their responsibility to put that name so that it shows in your bank statement. And so sometimes when they're setting up their stores, they enter the corporate entity name, which is the reason why there might be a bit of a difference, or they'll enter something else. You know, maybe somebody's contact.
Pablo Torres:I've seen this happen before too. And if the information they provided is not accurate, then, of course, people are gonna start filing disputes for for those payments. The descriptor is what you see in your bank statement. It'll say, you know, like, if you're buying, let's say, for example, good coffee shop in town, Phil and Sebastian's. So you might see Phil and Sebastian's there.
Pablo Torres:Perfect. You identified, you know, oh, I bought a coffee. The business responsibility is to ensure that that name that they want to display to customers is there in that bank statement. I have seen and this is also kind of growing in popularity where, like, the the business is focusing more on the product rather than the brand of the business, and so they want the descriptor to have the name of the product rather than the name of the business. That's also not uncommon because you might be buying something you know, like, you're not gonna remember the name of the store where you bought that Spalding basketball, you know, special edition or something like that.
Pablo Torres:But you might - you will remember the product, and so they will put their, you know, basketball or something like that. This so the and this happens when when these business owners know that people will recognize the product product rather than recognizing the brand. Totally okay. I don't I don't see any issue with it. As long as the customer is able to understand and remember, oh, yes.
Pablo Torres:I bought this. Okay. Perfect. Otherwise, then those are gonna turn into likely into chargebacks, right, which you don't wanna be dealing with. There's a, and I think we've we've talked about it on previous episodes.
Pablo Torres:There's a a cost associated with each chargeback, and it's not just the chargeback fee. There's people that are handling that chargeback. There's people that are providing evidence, submitting it, reviewing it, etcetera, etcetera. Right? So there's there's a lot more to it.
Pablo Torres:Then there's also the part where, depending on who you're dealing with and, you know, that this whichever platform you're you're using or whatever type of integration you're using to to run your business, your ecommerce site, There are different fields where you can enter different type of information. A descriptor is basically formed or divided in, from different, sections. One of one of them is the static, then the dynamic, and then then you have kind of, like, the space for the phone number. Or some websites, prefer to redirect people to kind of, like, a contact us web form, and you'll see, like, a a URL on on that section. But the the the static descriptor or the static part of the descriptor will have likely the the name of the business and then the the dynamic.
Pablo Torres:If they're focused on the product, for example, that they're selling, they might want to play with that and then just kind of, like, change it as the word dynamics explains it, saying that it changes based on whatever the merchant is deciding to send with that payload. Now some banks will take that that information from that payload, and then they'll handle it properly. And they'll, you know, provide you the information as you send it in a way that, you know, you as the merchant, know your customers. It will make sense for them. And then there are banks that every once in a while will just kind of grab everything and just say, no.
Pablo Torres:Not today. And then they'll just provide whatever information they want with it. Right? It will still be somewhat related to your business, but it's not always gonna be consistent. Recurring payments or subscription models, they're they're definitely a good source for, revenue, clean revenue.
Pablo Torres:If you are listening to your customers, if you're taking care of your business and the health of it, and you're addressing the concerns from your buyers, then it can really turn into into something very positive to to help you scale your business up. If you decide to neglect it, then, of course, it can turn into something that could bring you your business down. Empowering, your your customers and providing all the information that they need so that they can make the right decision and giving them the option to opt in or out of it is is critical.
Pablo Torres:Thanks for listening. Don't forget to share and subscribe.
Pablo Torres:If you want to to learn or know more about, fraud mitigation and maybe business strategies for to scale your business up, just go to withreach.com.
Voice Over:Brought to you by the reach network. Visit withreach.com/network for more.