Fight-or-flight. In normal conversation, it’s understood to be a reaction to a perceived attack or to the threat of survival. It has been observed in all mammals. It is the point at which a decision is made in response to an approaching threat – to either run away (flight) or boldly take it head-on (fight).
It has now been two years since merchant operations were turned upside down in March 2020, and most had to close their doors on face-to-face commerce. For merchants who had only been dabbling in eCommerce and mobile ordering suddenly it became their only lifeline to keeping their (figurative) doors open and staying afloat. Buy online, pick-up in store (BOPIS) was suddenly everywhere as it provided a way for consumers to stay safe by placing an order for products online or via mobile in a remote environment, and then pick the order up at a designated location. This new format minimized social interaction. Another flavor of this umbrella concept is curbside, where consumers pull up to a storefront and a merchant brings your order out to your car and load it directly into your trunk. Once again face-to-face interaction was minimized, but commerce could continue. We saw these newly expanded experiences not just with those types of merchants you would expect like quick service restaurants (QSRs), but with all verticals. You could pre-order an iPad at a big-box retailer and pick it up at your convenience. Online grocery ordering, which was just gaining some modest popularity pre-pandemic, skyrocketed as capacity restrictions meant only so many people could be in a supermarket at a given time. You could even reserve a case of wine at your local liquor store, and an employee would bring it to your car for you. Merchants in every corner of the world had to think outside the box to continue operations in a way that adhered to local restrictions and made their customers feel safe.
So, what do all those new shopping experiences have in common? The majority of transactions taking place during the most severe part of the pandemic were digital or card-not-present (CNP). Volume drastically shifted from in-person to ecommerce in a matter of weeks. According to a recent Digital Transactions article, online commerce volume jumped 60.4 percent in December 2021 when compared with December 2019. With this shift to ecommerce and digital channels, merchants’ costs rose significantly because what were once in-person, card-present transactions were now CNP transactions. As such, they were subject to higher payments card interchange without the protection of the counterfeit fraud liability shift to issuers, which normally takes place when cards are physically dipped in a payment terminal. When online shopping first began in the 1990s, determining the level of risk a transaction held was done by identifying whether the card itself was physically present or not, thereby inventing the interchange and fraud liability classifications we in the payments industry still live by today in 2022 – “card present” and “card not present.” Despite merchants’ investment in risk mitigation at the highest levels ever, they are still bound by the rules established in the ‘90s when mail-order catalogs were all the rage.
MAG formally created the Omnichannel Community of Practice back in 2020, although discussions on the topic had been ongoing for several years. Its mission is clear: to bring together stakeholders across the industry to discuss and brainstorm solutions to the challenges that exist with current networks’ rules as merchants innovate their customer shopping experiences and invest more heavily in fraud prevention. Some of the top omnichannel use cases and scenarios the community has been focused on more recently are:
- Known Customers are treated the same as unknown – Merchants have a lot of data about their customers, most particularly when a customer is enrolled in a merchant’s loyalty program or is a registered customer that has stored a card-on-file (COF) with that merchant, yet they are treated by network rules the same as a guest checkout from a cost and liability perspective despite retailers’ implementation of fraud prevention tools to minimize risk of account takeover.
- Buy Online, Pick-Up In-Store – A transaction experience that ends with a cardholder physically interacting with a merchant to pick up the product(s) purchased online is referred to as BOPIS or BOPUS. Under current rules, merchants are not allowed to authorize a transaction under one merchant identifier (MID) (such as an eCommerce MID when a BOPIS order is placed) and settle under a different merchant identifier (such as an in-store MID when the product is picked up). This results in the transaction settling under the CNP MID at higher acceptance costs without liability shift to the issuer. No accommodation is made to recognize that the cardholder physically arrives in-store to pick up their product and is authenticated by the merchant as the legitimate cardholder or an authorized designate.
- Online grocery orders are not supported by appropriate pre-authorization rules – In certain circumstances, merchants must choose the type of authorization to perform – either the exact amount (where there can be no tolerance between the pre-auth and settlement amount) or an estimate which could stay on a consumers account for up to 30 days if not processed timely by the issuer. Transaction amounts between the pre-auth and the settlement can fluctuate particularly for weighted items like produce from the time an order is placed to when the actual product is selected, or as another example, an out-of-stock item requested requiring the merchant to perform a partial refund.
- Airline tickets still recognized as high risk/card-not-present despite identity validation at security check-in – Airline merchants bear the liability risk and increased cost of card-not-present interchange even though the passenger that arrives for the actual flight is validated by TSA and the airlines boarding agent as a known traveler.
- Mobile wallet identification & verification process (ID&V) is inconsistent - for the Pays, such as Apple Pay or Google Pay, it is the issuer’s responsibility to perform this validation when a cardholder requests their payment card be converted into a digital account and is the same process regardless of where the wallet is ultimately used - whether in-app or via near-field communication (NFC) at the point-of-sale (POS). The fraud liability and cost differ however based on some network rules. In addition, merchants are unable to take advantage of this ID&V process themselves which could provide them additional data points about the cardholders broader spend patterns to create a more comprehensive risk assessment.
It truly is like trying to fit a square peg into a round hole. Payments happen today in ways that we could not have been foreseen 35 years ago, and merchants have invested in using services like 3DS, proprietary fraud solutions, synthetic identity verification and continue to pay rising costs on commonplace tools like AVS (Address Verification Service) and CVV/CVC (Security Code) checks. Yet, the cost to accept payments continues to rise for merchants who bear the liability in the end anyway.
The MAG urges a conversation among all industry stakeholders – merchants, issuers, networks, fintech providers and payfacs alike. We must transition into the 21st Century by playing better in the sandbox together and sharing data amongst ourselves at the transaction level. This will allow us to better identify and communicate to all parties the evidence of authentication for good customers. It is not only naïve to apply the same rules we were using on mail-order transactions in the mid-90s to today’s biometric-authenticated wallet transaction, but it is also irresponsible to do so. Because at the end of the day, who pays the price? Our mutual customer. Omnichannel transactions are happening every day, and they provide an opportunity to reach more targeted customers in the ways they prefer and respond to. A fight-response in the face of a continuously evolving commerce environment.
Together, let’s build new rules for the modern payments era. Let’s build new structures. Let’s share more. Let’s design policies in collaborative discussions taking all perspectives into account. Let’s discuss our challenges together. Let’s whiteboard and brainstorm. Let’s build new products together that drive approved transactions up and drive fraud out of the payments system.
It is what our customers expect from us. But more importantly? It is what they need from us