Really?

A 2% charge on the credit card transaction?, maybe a $30 chargeback fee? This is rather petty for a bank which cares more about keeping their credit card holders happy and feeling safe spending with the card, not to mention the chance of a cardholder cancelling the card when seeing a fraud charge appear on their bill.

No what I meant was, the banks care about fraud in terms of keeping their customers happy (those who use CC), but ecommerce merchants etc. they don't really care that much if you think about it, why would they approve a transaction when other 3rd party companies via their fraud tools know very well it is a fraud order? Who gets the $30 chargeback fee?

I have to agree with AffiliateDreamer. The banks LOVE the customers but do everything they can to nickel and dime the retailers.

No reason why the banks shouldn't have full ecommerce scrubbing built in as a requirement and no reason they shouldn't offer direct integration to retailers for PCI compliant solutions out of the box.

They DO love the patchwork system that is ripe for fraud because fraud makes them money.

If they require retailers to be PCI compliant, doesn't it make sense that they don't authorize orders that they *should* know are fraud related?

I was reading a guy's blog (he has a hosting company and so a high level merchant) and says that banks actually refund the trasaction fee but for some reason the refund doesn't trickle down to the retailer! He did say that he spoke to the provider about it and they now refund the transaction fee to him and suggested others to request the same.

"The banks LOVE the customers but do everything they can to nickel and dime the retailers."

It's a funny thing. You really can't trust anyone, especially the banks and merchant accounts.

we use maxmind minfraud which tracks ips locates if the phone numbers are in that area and it also lets merchants "flag" users and ips so other merchants will have some warning.

banks dont care. they get to charge the merchants $20-30 each chargeback.

AffiliateDreamer:

The PCI DDS standards are common sense security measures to try and keep card numbers (and associated cardholder data) out of the carders' hands, but are little more.

Unfortunately for online retailers and sellers, the most the major card associations (Visa and MasterCard but not AMEX) offer against fraud is 3-D Secure, which is a small band-aid on the huge wound of online fraud of all kinds, primarily because the issuing banks have no incentive to roll it out.

The issuing banks do not like Verified by Visa and SecureCode because it can shift some of the liability for card-not-present fraud onto them.

(And of course in their usual style, MasterCard has made sure that the card-not-present liability shift is basically irrelevant for most transactions even if you implement SecureCode.)

Bear in mind that interchange cost of chargebacks is US$10 (and is that really a real cost in today's day and age?). And anything above that US$10 is basically profit for the acquiring bank.

So we can see a nice juicy profit being made by issuing banks (in not eating the money lost for card-not-present fraud) and a nice juicy profit for the acquiring bank in accepting the chargeback.

And when the music stops, it is the merchant who is the one left without a seat, and all of the costs of the above.

So why would an acquiring bank want to offer merchants decent scrubbing and verification tools? You'll get AVS if you are lucky.

As you can see, I am full of my usual cheer for the state of liability of online merchants this evening.

[edited by: Bjorn_Iceland at 2:32 am (utc) on April 23, 2008]