Search results:

October 28, 2016

Three ways to manage payment risk: In theory, with insurance, and with risk management

Three ways to manage payment risk: In theory, with insurance, and with risk management

There are two theoretical solutions: reach 100 percent trust, and not use credit cards. As these solutions are rarely practical, there’s 3D Secure, which protects e-merchants against the risk of loss (but does not stop payment fraud). And there are also rules- and scores-based risk management solutions. Although imperfect, the latter tend to be the least expensive approaches.

We cover various solutions to prevent credit card fraud below. We regard the first type of solutions as theoretical, because they are rarely practical—as of today. The second type of solution is 3D Secure. And the third type encompasses rules- and scores-based risk management solutions.

  1. A theoretical solution;
  2. An insurance-based solution—3D Secure; and
  3. A risk management-based solution: With rules and risk scores.

1. A theoretical solutions

The first solution is to have complete trust in your buyers and their cards. Although 100 percent trust is unachievable, some e-merchants [1] already engineer trust, thereby reducing risk for sellers and buyers in the marketplace. Airbnb, for example, lets you add social profiles and request or provide reviews, which helps buyers and sellers build credibility and, in turn, trust.

The second solution is to stop using credit cards. This way, you are sure that credit card fraud won’t happen again! At first look, it’s crazy, of course, because online credit card payment is so ubiquitous. Yet in practice, alternative payment methods exist that have almost no fraud risk (e.g., direct debit or bank transfer). Moreover, the payment industry, financial technology, and Blockchain world may bring about new payment solutions that could, possibly, make credit card fraud a problem of the past.

2. An insurance-based solution—3D Secure

3DSecure by Visa, SecureCode by MasterCard, and SafeKey by American Express are today’s popular solutions to payment fraud. If e-merchants opt for 3DS and fraud occurs, then e-merchants are protected. However, as we see after, it has a price.

In practice, buyers input their credit card number and CVC code, and then are asked to respond to a security challenge such as a password, birthdate, or code sent by SMS or email. If the challenge is successful, then the e-merchant is guaranteed against losses due to payment fraud; on the other hand, the issuing bank that designed the security challenge takes over the liability. In case the challenge was unsuccessful and the e-merchant still want to process a payment that turns out, later, to be a fraud, then the merchant is liable.

However, there are many reasons why 3D Secure may fail. Notably, it may fail if the authentication system is down, if the bank has not yet implemented 3DS, if the card is not 3DS-enabled, or if the challenge sends an SMS but the buyer does not have her phone at hand during the purchase (or if this is not the correct phone, or if the phone has no more battery, or if the mobile phone is out of coverage, e.g., in a basement, abroad, or in the wild…). Hence, all these failure possibilities hurt the conversion of payments, which, in turn, reduces revenue opportunities for e-merchants. Very significantly...

3. A risk management-based solution: With rules and risk scores

Rules- and scores-based risk management solutions [2] are today’s trade-off solutions to payment fraud by credit card. Their downside is that they require quite some expertise and IT resources to run. However, their total cost—in particular the loss in conversion—is usually many times less expensive than that of 3DS.

Moreover, some e-merchants that are exposed to a very high risk of fraud (e.g., online travel agents), need to combine both 3D Secure as well as rules- and scores-based risk management systems.

In turn, with these systems the goal is to properly calibrate the rules and scores to make as few errors as possible and to operate those systems as efficiently as possible.


We have mentioned several types of solutions to payment fraud. There are theoretical solutions, such as having 100 percent trust or not using credit cards anymore, which cannot be achieved. A possibility is to approach these ideal solutions by developing trust, or by opting for alternative payment methods with no risk of payment fraud. If those options are not practical, then e-merchants rely on 3D Secure as well as rules- and scores-based risk management solutions.


[1] How can I reduce fraud for a jewelry rental site?
[2] How does Etsy prevent credit card fraud?

Credits : Image by mohamed Hassan from Pixabay