Merchants with High Level Fraud Transaction

Doing credit card transaction in any website is a major challenge. The servers are to be secured and the applications are to be PCI compliant. Over and above we have to have proper fraud transaction checks.

If we miss a little, hackers will use the phished credit cards to do the transaction in our website. The card owner will not know that his credit card is compromised until he see his bill. Once he see that there were fraud transaction, he will go for charge back. This is where the merchant's head ache starts. He has to defend but there are limits in the number of fraud transactions.

Master card will allow max of 50 charge backs and Visa card will allow 100 transactions a month. if it crosses that then the % of fraud transaction will be checked by the Mater Card. If it exceeds 1% then the merchant will be entered into a watch list.

The Credit Card Associations of Visa and MasterCard maintain the Global Merchant Audit Program (GMAP) to monitor merchants processing an excessive number of fraudulent transactions. GMAP is a rolling six-month database that identifies merchants that for any one calendar month have:

• At least three fraudulent transactions.
• A cumulative total of at least $2,000 in fraudulent transactions.
• A minimum fraud-to-sales volume ratio of 1%.

Merchants identified under the GMAP program are divided into the following three tiers based on their fraud-to-sales volume ratio in any one month:

• Tier 1 – fraud-to-sales volume ratio minimum of 1% and not exceeding 3.99%.
• Tier 2 – fraud-to-sales volume ratio minimum of 4% and not exceeding 6.99%.
• Tier 3 – fraud-to-sales volume ratio of at least 7%.

If a merchant is identified in Tiers 1 or 2 more than one time in a 12-month period, it will be automatically escalates into the next higher tier. If a merchant is escalated into Tier 2, the processor is required to provide it with additional training on fraud control. If a merchant is escalated into Tier 3, the processor is required to decide whether to accept liability for fraud related chargebacks or to terminate the merchant account.

If a merchant is identified in any one of these tiers, it should expect certain actions from its processor. Some of these actions are required by Visa and MasterCard, for others the processor will follow its own policies.

• Tier 1 merchants. When a processor is notified that one of its merchants is placed into Tier 1, there is no requirement that the processor respond formally to the notice. A Tier 1 notice is provided for information only. The merchant should expect, however, that the processor will implement a fraud control program or enhance an existing one.
• Tier 2 merchants. When a processor is notified that one of its merchants is placed into Tier 2, it is required to conduct training on credit card acceptance and fraud control procedures at the merchant location. The Credit Card Associations (Visa and MasterCard) do not require processors to terminate the merchant account, although the processor can do it, if that is its policy. The more likely scenario is that the processor will implement a rigorous fraud control program.
• Tier 3 merchants. When a processor is notified that one of its merchants is placed into Tier 3, the Associations require that it must either terminate the merchant account or accept liability for chargebacks for all reported fraudulent transactions (except fraudulent application and account takeover fraud) during the applicable chargeback period. The chargeback period will be determined to be a minimum of six months or a maximum of 12 months. Most likely, the processor will terminate the merchant account.