Ai Editorial: Stepping up card payment conversion via deeper introspection

3rd Februrary, 2020

Ai Editorial: Dealing with credit card decline codes is a daunting task. Ai’s Ritesh Gupta explores how a deeper analysis of these codes and collaborative approach can help in payment authorization.

 

Evaluating ways to improve upon approval rates for online card payments is always high on the agenda of travel merchants.

Independently travel e-commerce players are looking at ways to seamlessly authenticate users across the omnichannel customer journey. The role of cloud-based intelligence, backed by artificialintelligence and machinelearning, is coming to the fore. Assessment of both risk pointers and positive identity indicators is the way to go. This way travel merchants can better comprehend the context of a shopper, their behavior, and their score in terms of digitalidentity trust and risk. Other than ensuring that a legitimate shopper shouldn’t suffer owing to a wrong decline of a card, travel merchants also need to be in control of processing costs as well as focus on fraud prevention. There is no secret sauce for all this in the payment landscape, but crafting an astute authorization strategy is an ongoing effort that demands continuous introspection. Working with other stakeholders holds key here.

When it comes to authorization and acquiring for more than one market or cross-border transactions, a merchant can assess options such as  working with a payment services provider, setting up a local legal entity and entering into merchant agreements with local acquiring banks etc.

Coming to grips with soft and hard declines

Technically, credit card rejection happens when a card payment cannot be processed and the transaction is declined by the payment gateway, the processor, or the bank issuing the money. A credit card decline code is a message issued in response to a request for authorization during a transaction.

It is here dealing with the travel shopper in an apt way – via a simple and transparent communication – can help.

According to Chargebacks911, the issue is credit card decline codes are not standardized; they differ from one payment gateway to the next. They also tend to be rather unclear, as this helps in shielding the cardholder’s privacy and avoid giving away sensitive information in the event of a genuine fraud attack. Details pertaining to why a payment tends to get rejected can be provided by an acquirer and this in turn can boost the conversion rate. As Ingenico points out, even though the rejection or response codes offered by acquirers may appear dauntingly technical, it’s extremely useful to understand what they mean.

Adyen recommends that  profile of each transaction needs to be considered based on its amount, if it’s recurring, local regulations, issuers' authentication preferences, your relationship to your shopper, and more.

Some declines may be the direct result of the cardholder's actions while others are the result of external factors. The most important distinction is between “hard” and “soft” declines. A hard decline happens  when the issuing bank or processor denies the processing of the transaction and retrying the card won’t help at all. Hard declines are not recoverable at the time of the transaction. Whereas soft declines are generally a temporary issue. Retrying the provided payment method information may be successful.  One way to deal with such scenario is to automatically route selected failed transactions to a secondary acquirer for a “retry”. This can increase authorization with virtually no impact on the customer experience, asserts Ingenico. Essentially merchants need to constantly explore ways to salvage such situations.  A partner should be adept at analysis of past declines, transparent data, ongoing analysis of global transaction types etc. Also, developments like PSD2 are all about more carefully processing and managing data, including payment transactions.

PSD2 SCA 2020 - how to go about it as a travel merchant?

Not just merchants

And it’s not just merchants, but even other stakeholders, including card schemes and issuers, too, are focusing on sorting some common issues that tend to block transactions that simply should not have failed in the first place.

Traditional companies are stepping up their efforts  in the wake of increasing competition from alternative form of payments plus new developments that are fueling emergence of fintech digital payment specialists. For instance, it is being acknowledged that as a vital link in the payment chain issuers need to share relevant details regarding why the transaction has been declined. Many tend to supply response codes that are ambiguous and tough to comprehend. And in certain cases such codes cannot be interpreted at all. Effective fraud prevention and detection requires real-time collaboration and data sharing. In fact, with a collaborative approach where data on fraudulent and suspicious transactions is shared (and keeping it anonymous, too, where required), details are out on new fraud attempts no matter where they first appear.  But all of this demands a diligent effort. For instance, considering the case of passing SCA or Strong Customer Authentication  messages through complex transaction flow in the travel e-commerce sector.  

It is imperative for merchants to work collectively internally (fraud and risk management, customer service, operations, technology and product management teams) to optimize authorization and fraud strategies, and work with various external stakeholders as well for the same.

 

Keen on exploring fraud prevention and payment-related issues?

Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T

 

Ai Editorial: Controlling fraud via a blend of right data + right people

29th October, 2019

St. Petersburg, Tampa Bay

Ai Editorial: Amidst all the talk around use of machine learning and artificial intelligence (AI), and overall transaction analysis, the industry tends to forget that the human element is vital, too, in preventing various types of e-commerce fraud.

 

A well-balanced approach, one that encompasses an apt blend of a proficient anti-fraud team and data/ tools expertise, is must to protect travel e-commerce businesses against fraudulent transactions, account takeovers (ATOs), data breaches etc.  

Speaking at the 2019 LFPA Fall Conference in St. Petersburg, Tina Burgess, Senior Manager of Risk and ePayments, Points, mentioned that amidst all the talk around use of machine learning and AI, and overall transaction analysis, the industry tends to forget that the human element is vital, too. She underlined the significance of hiring the right people as organizations try to curb various forms of fraud. "Diversity (while recruiting people), specialized knowledge/ skills, and training and support (is key to curbing fraud)," mentioned Tina. Citing an example, she said pattern analysis and the ability to identify certain patterns/ links is a way in which a skilful team contributes is important, and that's where diverse background of the specialists in the team comes into play.

Right type of data

Tina also asserted that acting on the right type of data, related to payment authorization, membership data and transactional history is another aspect that needs to looked into.

In addition to human expertise, organizations are also looking at machine learning technologies to secure accounts and prevent fraudulent transactions. Rely on both supervised and unsupervised machine learning to comprehend both the historical patterns of use, as well as identify anomalies. Specialists like Sift and CyberSource emphasise that airlines should analyze user behavior throughout the entire journey- including account creation and login, any account activity and also at the point of transaction such as redemption of points. Overall, favourable results come from the ability to experiment with various machine learning-based methods, trying variations on them and testing them with a variety of data sets. It is fascinating to assess how machine learning automates the extraction of known and unknown patterns from data.

Not comprising CX

IBM Security's Shaked Vax highlighted the role of real-time fraud detection across digital channels.

Travel merchants are evaluating ways to quickly and transparently establish digital identity trust. This can allow them to create a more seamless customer experience.

Vax said that digital trust top use cases include establish trust during initial on-boarding, frictionless and password-less login, and continuous trust validation.

He stated that it is going to be critically important for businesses to authenticate users in a way that’s less intrusive than multifactor authentication.  

"Silent security means using risk – your users’ background information and contextual data – instead of the password to authenticate, and letting your good users right in without bothering them. Great, successful digital businesses will differentiate based on this kind of smooth experience and they’ll know their users are who they say they are,"  said Vax.  

Balancing act

As highlighted previously by Ai, travel merchants need to be proficient in validating a buyer and such verification, it shouldn’t interrupt the manner in which they interact and transact with a business. Merchants need to look at new regulations, what sort of action is required and its impact on the user experience, and also the flexibility of consumes when it comes to additional measures that are being taken for authentication. Plus, merchants need to leverage the prowess of data-driven, artificial-intelligence powered offerings for combating fraud. And lastly, businesses also need to efficiently manage the operational costs of fraud management activities.

 

Follow Ai on Twitter: @Ai_Connects_Us

 

Ai Editorial: Data infrastructure – key to balancing CX and fraud prevention

29th February, 2020

Ai Editorial: Astute infrastructure that facilitates capturing of real-time data and processing the same with minimal latency is key to setting up an apt risk assessment for legitimacy of transactions, writes Ai’s Ritesh Gupta  

 

A key factor in sharpening a merchant’s fraud risk assessment for transactions relates to data infrastructure and its scalability. E-commerce players need to excel in this area, and ensure all of it is streamlined so that the experience of a travel shopper isn’t hindered. It is about conducting the check for the legitimacy in a fraction of a second, so that the evaluation doesn’t adversely delay the transaction/ payment. Travel merchants must be adept at probing and investigating data in real-time to sense fraudulent transactions or any other anomalous activity.

Fraud detection specialists acknowledge challenges associated with the performance of digital assets and the significance of a scalable application.

 Some aspects that must be considered before looking at the infrastructure that support real-time fraud detection:

  • Scaling is a bi-directional process: systems must scale up to meet increased demand and scale down when demand is low, as highlighted by SecuredTouch. Count on the proficiency of microservice workloads when it comes to scaling and automating.  The team at SecuredTouch chose to scale horizontally by replicating services across the cluster, or scale vertically by adding new nodes.
  • Evaluate budget: While stepping up the performance is important, one shouldn’t forget that initiatives like switching from HDDs to SSDs, adding intermediate caches etc. also tend to increase  costs significantly, according to SecuredTouch.
  • Processing data in real-time tends to be expensive and computationally intensive, so it’s critical to ensure the fields that are required in real-time are utilized for that objective, but the others are not. Also, here we are looking a real-time or near real-time processing. Then comes the methodological choice, and for this entities have to rely on the sort of data, its volume and the database.

Key infrastructure-related areas for fraud detection

The turnaround comes from having the capability to analyze data via cloud-scale data ingestion and real-time analytics. To garner and examine a huge magnitude of transaction data calls for a vigorous database component for storage and management. Plus, a large-scale distributed computing component for running algorithms is also mandatory.

Also, from infrastructure perspective, one has to do away with managing individual servers.

Streaming data requires a data architecture that can handle rapid input and on-time output with efficient data processing. At the core of the entire exercise is to bank on a query established in advance and the objective is to alter the input stream and evaluate it based on a fraudulent-transaction algorithm. And in case there is anomaly detection, the same is conveyed to the output interface.

Some of the infrastructure-related requirements when it comes to ingestion, storage, processing, and analytics :

  • A major component is a real-time streaming platform and event ingestion offering, adept at processing a big volume of events per second.
  • Another aspect is having the ability to pulling out relevant details from data streams to identify meaningful pattern and relation.
  • Focusing on stringent security, for instance, how to deploy and manage cloud set up.

Key metrics, according to SecuredTouch, in this context are the time taken for a service to receive and respond to a request, and the time it takes to communicate with the end user.

In the whole exercise, the decisions that are related to right-sizing data, data processing method, the chosen database etc. are extremely important.

 

Keen on exploring fraud prevention and payment-related issues?

Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T

 


Ai Editorial: Shielding traveller’s data and combating fraud as an OTA

First published on 20th June, 2016

Ai Editorial: Be it for shielding customers’ information or nullifying fraudsters’ move to grab funds, OTAs have to be alert all the time, writes Ai’s Ritesh Gupta  

 

Online travel agencies (OTAs), even the established global intermediaries, tend to be vulnerable when it comes to online fraud.

There are a couple of issues. One of them is fraudsters gaining access to contact details of customers. OTAs frequently receive complaints from customers about unauthorized credit card transactions. Plus there are areas where OTAs can be at the receiving end. Of course, nobody would like to face implications in case they end up with excessive fraud and chargeback rates.

Merchants are expected to adapt their risk settings and business practices accordingly to ensure fraud and chargeback levels are at an acceptable level.

The likes of Booking.com have had problems in the past as far as customer data is concerned. Also, fraud today is as an organized crime. I spoke to a couple of OTAs in the Asia Pacific to gain insight into 5 key areas/ trends:

-       Protecting customer’s data

It is imperative to shield customers’ personal and financial information. Otherwise it can severely impact a brand’s image. Travel companies need to understand how hackers are gaining access to system data or server functionality. The breach of data is happening and it could be owing to a web application getting manipulated and a fraudster tricks that application into performing commands and accessing data. Another way is to get hold of an authorized account via focus on session IDs, and eventually stealing them.

Experts recommend that additional steps can be implemented to curtail risk of credit card and personal data exposure, such as compartmentalization and tokenization on the inside of the company’s DMZ (Demilitarized zone. Network added between a private and a public network to provide additional layer of security). This is being considered to be a vital add-on to firewalls and external fraud measures. Such mechanism keeps a tab, acts and reports on dubious activity and can feature configurable fraud-alert rule sets, data- profiling modules, and other validation methods. Also, at another level, it is important to know how to strike a balance while focusing on stringent fraud rules. Otherwise this can result in reduced acceptance and revenue.                                                       

-       Going beyond passwords

It is being highlighted that password is no longer the best way to authenticate users. In fact, there is a need to go beyond conventional passwords and PIN based approach.

As highlighted by Visa, biometrics offer “the only way to link” a person’s physical identity to his or her digital identity. Biometric authentication features fingerprints, facial recognition to authenticate one’s identity. This is something that cannot be replicated with ease. Also, from a user experience perspective, there is no need to remember a password. However, an OTA executive mentioned that biometric authentication is still in its nascent stages as far as intermediaries in the region are concerned.

Also, Visa is working with EMVCo to develop an updated and enhanced version of 3D Secure, paving way for more consistent UX across various payment channels, including mobile web, in-app etc. The company has asserted that 3DS version 2.0 will offer a more seamless checkout experience via intelligent risk-based decisioning.

This sort of authentication features data to assess genuine user behaviour, device, location and other well-known characteristics, so there’s less need to ask for a password. 

-       Sudden spurt in dubious activity from one region

A senior executive from Mumbai-based OTA Cleartrip.com shared that there tends to be sudden spurts in fraudulent activity from one market/ country. For instance, last year it related to “seemingly Russian citizens” booking itineraries featuring a particular LCC in the Middle East. “The bookings featured destinations like Moscow, Kiev, Bishkek etc. Most of the passengers booked through these transactions sounded like Russian citizens (female names ending with “ova” or male ones ending with “ev”.” The carrier had strict policies, and before the OTA could verify and reach out to the airline, fraudsters were cancelling those flights, and gaining credit vouchers for future bookings. “We eventually decided to cancel the sector.” And this year, the same executive referred to “Indonesia fraud”, where fraudsters are using cards issued in the U. K., US and Australia, and booking same day check-in hotels and non-refundable/ non-cancellable airlines. Lot of activity is related to travel and booking of hotels in Indonesia.

There are tools in place that can differentiate between threats and genuine transactions by pinpointing the buyer’s location.

-       Reviewing cancellations

Cleartrip.com also shared that it has been working on plans to curb virtual wallet fraud. “In this case, a fraudster does the fraud transaction using international card and cancels the trip to obtain the refund in a virtual wallet. The same can then be used for future booking. It also surpasses all the fraud conditions due to payment mode.” So rather than funds going back to the original instrument after cancellation, when fraudsters decide to cancel a booking they put into a private closed wallet. So Cleartrip.com reviews such cancellations, and nullifies the action taken by a fraudster. Rather the money is sent back to the credit card or the original instrument. “We revert in quick time,” shared the executive, who also referred to discount coupon fraud (the fraudster finds out a loophole in the system and uses the code to obtain false cashback).

-       Relying on machine learning

While the moments between when a shopper clicks “buy” and when a merchant must deliver a reservation seems fast to us, it’s plenty of time for a computer to recognize a bad user or reward a good one with a smooth, easy buying experience. A flexible and online (instead of offline) machine learning system can start learning the second a user lands on your site, gathering behavioral data so you can spot a suspicious user long before he enters a stolen credit card number and you get hit with the inevitable chargeback. Armed with actionable machine learning findings, a business can create an adaptive checkout flow, that is tailored based on how risky each user is.

One of the best things about using machine learning is that it automatically learns about new fraud patterns in real time so you don’t have to keep close tabs on new tactics.

Moving on

Fraudsters always move on. Managing online fraud is an ongoing initiative, one that needs constant improvisation for better results. If this is not the case, then a travel organization would end up being a soft target.

Here it needs to be mentioned that the booking experience of a customer shouldn’t be jeopardized.

I know of an instance where an airline called up my colleague in the U. S. past mid-night, who had booked me for a trip in Asia. The airline had concerns about the itinerary, considering that the booker was in the U. S. But my colleague felt the check needed to be more vigilant, considering that the airline had information about him, and disturbed his sleep by calling at 3am!   

 

Hear from experts at the upcoming 5th Airline & Travel Payments Summit Asia-Pacific to be held in Kuala Lumpur (17-18 August, 2016).

For more, click here

Follow Ai on Twitter: @Ai_Connects_Us

 

Ai Editorial: All new payment options may not pay off in travel commerce

First published on 15th June, 2016

Ai Editorial: New payment options, especially 3rd party mobile wallets are exciting. One needs to assess how all of this fits with the complex world of airline payments, writes Ai’s Ritesh Gupta

 

The buzz around some of the new ways in which one can pay for a transaction is unmistakable.

What is increasingly standing out is the ease with which we can pay.

Options like Apple Pay and Android Pay let travellers check-out with a single touch. Travellers can get going by adding their preferred debit or credit cards. And this means businesses gain instant access to an extensive user base potential.

And it’s not only Apple (which continues to make progress, for instance, Apple Pay in China) and Android, even Facebook and Amazon are making news. Plus, one can’t ignore other options such as Alipay that have become dominant for targeting a particular section of audience/ market. In fact, talking of Alipay, the fact that it is a part of Alibaba group (includes Alitrip and other divisions such as big data/ cloud computing), brands need to be a part of such shopping ecosystem. It offers content/ information and shopping environment in a seamless manner. The likes of Air France-KLM and Cathay Pacific already have Direct Connect agreements in place with Alitrip. As for Alipay, supported methods include standard web, web-to-mobile, and in-app transactions.

Embracing various mobile payment options are paying off. Early movers in mobile payments are already witnessing benefits. Transavia’s mobile payment share stands at 20%, which according to Adyen, is 65% higher than the airline average. The airline has benefited as it focused on crafting a mobile-optimized experience.

Dealing with constantly evolving payments ecosystem 

There are several areas that need to be looked upon as options increase:

-       Be realistic: The travel commerce ecosystem is complex, with many moving pieces. “I think airlines will always need to be in full control of the payment ecosystem. It’s something that an airline or OTA does very well, better than these (Facebook and Amazon) networks. Some brands like PayPal make total sense and work well within space, but when it comes down to it, managing payments needs to be owned entirely by the airline or OTA. Many of the reasons why to revolve around risk, bookings, issuer relationships, travel rewards and beyond. Getting from point A to point B on the map hinges on money moving from account A to account B. As travel itineraries change, upgrades, cancellations, and delays occur there’s a delicate dance that needs to happen,” explained CardinalCommerce’s VP, Consumer Authentication, Michael Roche.  

In case of airlines, “may be you will see little to no incremental sales lift from adding an alternative payment brand. Much of the time offering another brand is going to cannibalize your current card business, so you need to make sure that it’s going to be worth it: rates, risk, and operational overhead,” asserted a source.

Referring to the likes of Facebook and Amazon, a source said, “(I doubt) if it will ever make sense to outsource the full payment functionality that airlines and OTAs have today. I also don’t think these networks will have the capacity to handle it on the levels that would be required. There’s a big difference between buying and delivering a pair of shoes vs. booking an international trip with two layovers. Being a great airline or OTA means you have an efficient payment ecosystem.”

-       Adopting new options: Airlines are going to have challenges with any new payment types that don’t pivot on the credit/ debit. “Anything that doesn’t use the authorization and settlement model will cause additional work across the travel infrastructure. Most payment networks and brands are going to present a challenge. PayPal, however, has had adoption success within the travel industry since it ties closely with the network card model,” said Roche. When considering any new payment options, you will need to do your due diligence to ensure all entities within the supply chain can handle how it operates from authorization to settlement along with all other payment functions like refunds, reauthorization, split orders, and any other type of customer service use cases that you could imagine.

Airlines need to work with their respective acquirer or PSP when identifying a new payment type. They should also discuss it with all other entities which handle bookings, customer service, or any other function where payment is tied to action throughout the travel lifecycle.

A specialist like CellPoint Mobile highlights that when it comes to supporting Android Pay, it would only require a few tweaks to their existing configuration, and passengers will have access to Android Pay in less than one week. Option like Android Pay should work seamlessly across all the e-commerce channels deployed by airlines, and one also needs to ensure how passengers’ payment, loyalty, and transaction data would be protected.

-       Keep an eye on the future: What we’re going to see in the future would be a payment ecosystem that’s more secure, confident, and accountable. The risk is going to be mitigated across the supply chain, and the online payment channels will become as trusted as the Card-Present space. Experts recommend that airlines keep their eye on these concepts in the next couple of years:

-       Wallet Mobilization of the POS

-       Strengthened and streamlined acquiring relationships

-       EMV Online

-       3-D Secure 2.0

-       Payment Tokenization

How is the world of 3rd party mobile wallets shaping up? Hear from experts at the upcoming 5th Airline & Travel Payments Summit Asia-Pacific to be held in Kuala Lumpur (17-18 August, 2016).

For more, click here

Follow Ai on Twitter: @Ai_Connects_Us