Given the extraordinary circumstances of the last six months, it comes as no surprise that contactless payments are on the rise. Due to increased consumer fear of the spreading virus, merchants had to adopt new practices to reduce the amount of physical contact experienced while handling cash or a card during the checkout process.
Contactless payment methods offer a perfect solution to this problem. Tap-and-go payments and digital wallet apps like Apple Pay allow buyers to conduct transactions while minimizing touch points. For instance, there’s no need to deal with cash or touch a card reader to enter a PIN code.
Many countries have dollar value limits imposed on contactless payments. However, given the extreme circumstances, Visa and Mastercard recently decided to alter their rule sets and increase the limits attached to contactless payments. These alterations differ depending on the country, but they usually vary somewhere between a 50% and 200% increase in transaction maximums.
This is a sensible change to make as a way to deal with the current situation. That said, all financial institutions must ensure that their staff is educated on new guidelines and equipped to deal with customer disputes as a result of these contactless payments.
Contactless Fraud and Disputes
We usually view contactless payments as a safer option compared to regular payment cards. After all, they employ EMV technology just like chip cards. Thus, the means of payment can’t be duplicated or cloned like an older magnetic card.
Best of all, if a customer uses a mobile app to conduct a transaction, this usually involves two-factor authentication. The buyer must unlock the device, then authorize a payment using another form of identification, usually a biometric signature like a thumbprint. Of course, that’s not to say contactless payment fraud doesn’t happen.
Disputes resulting from contactless fraud are a very small portion of overall disputes, but these transactions are not totally without risk. Most fraud committed through contactless payment methods occurs when bad actors steal a user’s card, credentials, or device, then use that asset on purchases not authorized by the cardholder. This is a form of account takeover, which is a well-documented fraud tactic.
There are barriers in place that make it difficult to attempt contactless payment fraud. Remember, though: fraudsters are sophisticated, and are constantly gaining new skills and tactics. Whenever technology advances, we will see some bad actors looking for ways to exploit it.
COVID-19 Adds Greater Risk
Contactless payment fraud is a problem even under normal circumstances. However, COVID-19 complicated matters even further.
Fraudsters saw the increased transaction limits as an opportunity. Now, they can complete numerous fraudulent transactions with a higher dollar value, then disappear before the account holder realizes any fraud took place. This makes it an attractive target, despite the additional barriers.
Dispute claims regarding contactless payments hinge on the card being lost or stolen. Although two-factor authentication is hard to spoof, it can be done. Plus, fraudsters will devote more resources to cracking this puzzle as the adoption of contactless payments grows.
COVID-19 didn’t create the problem of contactless payment fraud. But, as with the widespread of increased limits, it accelerated a preexisting trend.
Managing Contactless Payments Disputes
So, how do you prevent fraudulent contactless transactions from occurring?
Visa and Mastercard recommend that issuers recommend a state-of-the-art risk management system that can flag high-risk transactions and pick up on suspicious or unusual card activity. Two well-known leaders in this category are FICO, who provide the Falcon Platform and SAS, who provide Detection and Investigation services.
Without an extensive risk management system that will flag suspicious activity, the cardholder will see the charge on their statement and report the unauthorized transaction to their issuing bank. Customer service agents need to be equipped to sit down with the cardholder and understand the events leading up to the transaction. They must also have enough knowledge to determine the best way to recover lost funds.
When training staff to handle contactless payments disputes, there are three main steps to complete:
- Establish whether the cardholder is in possession of the card or device used to complete a transaction.
- Decide if the transaction was correctly authorized by the bank and check to ensure the right to file a chargeback.
- Examine the cardholder’s spending pattern and the location of the fraudulent activity in relation to the home address in order to eliminate the possibility of a family member being involved.
Of course, you can’t prevent every dispute. Some amount of fraudulent activity will still slip through the cracks. Plus, there’s also the risk of friendly fraud, which can’t be prevented using any kind of conventional fraud management solution.
Manual vs. Automated Responses
While the chargeback rules for identifying contactless transactions remain the same, it’s essential for banks to review the increased value amounts and effective dates for each country to determine chargeback legitimacy.
If chargebacks are manually processed by a person, then standard operational processes (SOPS) need to be reviewed and amended. You need to consider your internal communications and ensure everyone impacted is aware to reduce operator error losses.
What about automated processes, though? For Mastercard, you must assess the logic behind the technology and make changes to accommodate the new limits to prevent invalid decisioning. For Visa, the Visa Claims Resolution system will automatically detect the new limit. The bottom line: chargeback rules stay the same, but the parameters within any automated systems need to change.
If you have additional questions, feel free to reach out to us. Fi911 can help you ensure that the correct logic is in place and that you can accommodate these updated contactless payment limits. Click below and get started today.