Jennifer Watkins, ARC’s Director, Credit Card Services & Fraud Prevention and Christophe Kato, IATA’s Head, Payment Services, discuss the trends in fraudulent Card Payment activities in our industry and how ADM reduction could be an indication of fraud prevention.
Fraud prevention

What is the relationship between a Chargeback and an Agent Debit Memo (ADM)?

J.W: Some would say that there is a one-to-one relationship between chargebacks and chargeback ADMs. However, the difference is that with a chargeback there is an opportunity to provide supporting documentation to reverse it before an ADM is issued. 

When data is presented to attempt to reverse the chargeback, a debit memo is only issued if the card brand determines that the liability still falls to the airline. In other words, the supporting documentation didn’t provide enough evidence to prove that the actual cardholder authorized the transaction. 

Through this process, by addressing the chargeback fraud (also known as “friendly fraud”) cases, the number of chargeback ADMs issued could be much less than the number of fraud chargebacks that occur.

Through the chargeback management process, the hope is that there will be a lot fewer chargeback ADMs than chargebacks. However, the ultimate goal is to eliminate unnecessary chargebacks before they are initiated.

C.K: The chargeback is the transaction through which the issuer of the card ‘claws back’ from the acquirer the financial settlement they previously made for the purchase their cardholder made at the merchant. Chargeback rules are set by the card scheme under which rules the purchase was made. 

The ultimate goal is to eliminate unnecessary chargebacks before they are initiated

In turn, the ADM is the transaction through which the airline, who is the ‘merchant of record’ for the transaction, passes that financial loss on to the Travel Agent. ADM rules are set by IATA Billing and Settlement Plan (BSP) provisions.

Do you think that the volume of Chargebacks in our sector have been impacted by the endeavors of the two Agency Debit Memo Working Groups (ARC & IATA) and how?

J.W: Yes, because most chargebacks are due to fraud, I would argue that ARC’s and IATA’s efforts to educate agents about fraud prevention have had a big impact on reducing fraud that would have become chargebacks. Both of our organizations work year-round to educate agents on fraud in our industry, and we identify and integrate tools that agents can use to reduce fraud.  

Are there any technologies or methods that help airlines and agents detect and prevent credit card fraud and how can they apply these mechanisms to protect their business from fraud? 

J.W: There are almost countless technologies and tools available for agents and airlines to plug into their transaction flows to evaluate the risk of credit card fraud. The challenge is identifying which tools to employ as part of a comprehensive fraud prevention strategy — and weighing that against the potential customer impact associated with some tools such as 3D Secure, Address Verification or Card Identification. (A list of free fraud prevention tools is available on ARC’s website: https://www2.arccorp.com/support-training/fraud-prevention/free-internet-tools/)

C.K: Absolutely, there are many, but because of the peculiar set up of Agency card sales where the agent operates on behalf of the airline, I feel that neither of the two parties ever felt fully in charge and, therefore, neither researched deep how they could improve things over time. There are three dimensions to look at:
•    First, making full use of the fraud prevention mechanisms proposed by the card schemes.
•    Second, passing the transaction through the filter of a fraud detection tool that will spot details hinting it may be a fraud. 
•    And third, airlines and agents need to collaborate when a fraud chargeback hits, so that the airline stands the best chance to challenge it with success, because if it does, then there is no financial loss to assign.

What are the different ways for the “brick and mortar” travel agents and online travel agents (OTAs) to reduce exposure to credit card fraud?

J.W: In the U.S. market, the risk of fraud in a face-to-face (card-present) environment is much lower than in a non-face-to-face (card-not-present) environment. That isn’t to say that bad guys won’t create counterfeit cards and present them to an agent. The good news is that, to date, most fraudsters are not willing to present them in a face-to-face environment.

In an online travel agency environment, validating that the customer is the actual cardholder is more difficult and requires a more sophisticated set of tools that collects all kinds of data about the customer and the transaction. 

How would you describe the role that credit card merchants have in fraud detection?

J.W: ARC defines the credit card merchant as the entity accepting the credit card. In the payment industry, the merchant is defined as the entity that has the merchant agreement with the card company. Regardless of how it is defined, there is opportunity for agents and airlines to work together to reduce fraud losses.  

Fraud detection needs to happen at the point of sale, whether online, over the phone, or face-to-face.  This is the opportunity to collect the data that validates that the cardholder is the actual cardholder and they are participating in the transaction. 

In an online travel agency environment, validating that the customer is the actual cardholder is more difficult and requires a more sophisticated set of tools that collects all kinds of data about the customer and the transaction

C.K: The card accepting merchant is told very precisely by its acquirer, in the merchant agreement, when it is liable for fraud losses. Hence it is the merchant’s duty to act to protect itself from such losses, by making full use of the card scheme provided fraud prevention features, by using a fraud detection system and by developing the policies allowing them to challenge chargebacks with a chance of success.

In BSP card sales, that duty is split between airline and agent because although the airline is undoubtedly the ‘merchant of record’, it does not conduct the card transaction at time of sale, the agent does it on behalf of the airline.

How do you foresee the future of fraud prevention and how would it impact ADMs?

J.W: The bad guys are constantly improving their techniques for perpetrating fraud. This means merchants must employ fraud prevention tools that are constantly evolving. Most large OTAs and airlines have developed sophisticated fraud prevention strategies. My concern is that they will move to agents and airlines that don’t have the same sophisticated infrastructure in place — which is why it’s so important for agencies of all sizes to implement tools and training to help detect and prevent fraud.

C.K: Education, education, education. We know there will always be hackers and fraudsters who can defeat the best. But the great majority are not geniuses, they are simply using ready-made tools and techniques. And there is no excuse to lose money to incompetent fraudsters, such as the one writing ‘use the cards in the list I emailed you, and if they don’t work, just ask me for other card numbers’. Don’t smile, I have read such email exchanges between ‘customers’ and sellers.

What are the top industry best practices that are proving successful in fraud and chargeback reduction? 

J.W: I could talk about some of the sophisticated fraud tools that agents and airlines have employed, but for the agents we talk to every day, it comes down to educating agents about some common sense red flags to look for. It includes putting processes in place in call centers to stop bad actors from manipulating team members into ticketing transactions using stolen card numbers. It’s about identifying the level of risk an agency is willing to take and developing a fraud prevention strategy around that. 

It is the merchant’s duty to act to protect itself from such losses, by making full use of the card scheme provided fraud prevention features, by using a fraud detection system and by developing the policies allowing them to challenge chargebacks with a chance of success

C.K: Take any white paper or publication on fraud prevention, they are always aligned on their core message:
•    Awareness first, which means setting a fraud prevention policy with clear KPIs (Key Performance Indicators) and responsibility for those assigned no less clearly. 
•    Take full advantage of all basic fraud prevention features provided by the card schemes:
o    Card security code (CVV2) match and mismatch response alongside an approval code
o    AVS (address verification service)
o    3DSecure when relevant and when the actors in BSP are ready to support it

•    Using a fraud detection system supported by clearly defined review policy stipulating what to do when a transaction is flagged as suspect.
•    Cooperate closely with your business partners to reduce the volume of problems, rather than just looking to fraud as a loss to assign somewhere. 
•    Use feedback from good, and from bad experiences (‘when you lost’) in order to update your KPIs and policies.
•    Stay in touch with all work groups, forums and publications that will help you remain aware of what you should know.

How effective are the real-time credit card fraud detection mechanisms and how can they help Agents and Airlines to get instant decisions before fraudsters can harm their business further?

J.W: There are many tools in the marketplace that use real-time artificial intelligence. These tools are very effective at helping merchants confirm the good transactions therefore reducing friction to the customer, and immediately reject the transactions that are identified as fraud. The best tools either reduce or eliminate the need for people to further evaluate transactions. 

C.K: There is today a large selection of providers proposing a very rich portfolio of services, with extensive experience and operating on all sales channels and in any geographical location. However, it is crucial to remember that merely buying a fraud detection service will not bring down fraud by itself, like, magically.

Such an investment must be the consequence of a clearly laid out fraud prevention policy. The tool, or service, is only a means to an end, it will deliver alerts as per the KPIs set by the user, and such alerts need to be ‘worked on’ by a review team assigned to this task and operating a clearly laid out ‘review policy’.

Let me conclude by noting that fraud prevention is not a finite time project, because if you hit your KPIs and disband your fraud team…. the picture is going to change pretty fast. Fraud prevention is merely a cost of doing business and is part of normal and ongoing operations. It will never be a onetime effort that makes a problem go away forever.

Note: This interview has been edited for length. To read the full transcript click here.

Top