Every merchant is at risk for fraud. And it can happen at any time for a variety of reasons. Regardless, all fraud claims can negatively affect your fraud-to-sales ratio — which comes with a host of problems.
In this guide, we’ll help you understand what a fraud-to-sales ratio is and how to manage it.
- What is a Fraud-to-Sales Ratio?
- Why Does Your Fraud Ratio Matter?
- What are Fraud Monitoring Programs?
- Best Practices to Prevent Fraud
What is a Fraud-to-Sales Ratio?
A fraud-to-sales ratio measures the number of fraudulent transactions you process in a given month against your monthly sales volume. If you process a transaction and the cardholder later claims it was unauthorized, your fraud-to-sales ratio will be impacted.
Each card brand has a different method of calculating the ratio.
Visa® fraud ratio
Visa’s ratio compares the amount or value of total transactions to the amount of transactions classified as fraud.
The Visa fraud-to-sales ratio is calculated in the following way:
Here is a real-life example:
Mastercard® fraud ratio
Mastercard’s calculation differs in a couple ways. First, Mastercard considers transaction volume — not amount. And, the calculation compares the current month to the previous month.
Here’s Mastercard’s calculation:
And here’s a real-life example:
Only brand-specific transactions are included in the calculations. For example, fraud claims made on Visa transactions will only count towards the Visa fraud threshold.
Which Types of Fraud Are Included in the Fraud Ratio Calculation?
There are two types of fraud that are factored into the fraud-to-sales ratio: criminal fraud and friendly fraud.
Criminal fraud occurs when a fraudster uses a payment card or account information to make an unauthorized purchase.
Friendly fraud happens when a customer makes a purchase and later disputes it with their bank — most likely because they forgot about the purchase or don’t recognize it on their bank statement.
Unfortunately, it's difficult to know which type of fraud you’re dealing with because there isn’t a friendly fraud reason code — it's just fraud. If a cardholder claims a transaction is unauthorized, banks will typically file a chargeback. They won't usually tell the customer no just because they suspect friendly fraud. Therefore, all fraud claims — valid and invalid — are included in the ratio.
Why Does Your Fraud Ratio Matter?
Each card brand sets its own fraud-to-sales ratio threshold or limit. And acquiring banks have to monitor merchants for thresholds violations — along with other risk metrics.
That’s because card brands and banks want to know if your business poses a risk to theirs. They don't want to work with merchants that could potentially cause them to lose money or damage their reputation. So they monitor metrics to gauge risk levels. If your risk levels get too high, banks can close your accounts.
NOTE: The fewer transactions you process with a card brand, the easier it is to breach that card brand’s thresholds. For example, if you only process five Visa transactions in a month and one of those is fraudulent, you could go over the threshold limits.
But before closing an account, the bank will usually give you a chance to improve your fraud problems. One of the ways they do this is by enrolling you in a fraud monitoring program.
What are Fraud Monitoring Programs?
Fraud monitoring programs are used by card brands to penalize merchants who breach risk thresholds — similar to chargeback monitoring programs. These programs are meant to help you better manage fraud.
Programs typically require you to provide a detailed remediation plan outlining your strategy for reducing your fraud ratio. And that may include submitting monthly progress reports.
A WORD OF WARNING: If you remain in a monitoring program for more than 12 months, your acquirer is required to close your merchant account and terminate payment processing privileges. However, your acquirer will likely want to minimize potential risk and close your account sooner than the 12-month deadline.
Visa Fraud Monitoring Program
The Visa Fraud Monitoring Program (VFMP) consists of four classification types. Each month you breach both thresholds (or get close to violating them), you could be flagged as one of the following:
FRAUD AMOUNT THRESHOLD
FRAUD RATIO THRESHOLD
The early warning threshold is not an actual violation. It’s an alert that your merchant account is getting close to the violation — which starts at the standard threshold.
A NOTE FOR U.S. MERCHANTS: If you use 3D Secure 2.0, there are additional metrics used to measure your risk and different threshold limits. Talk with your payment processor about those metrics and risks to see if the chargeback prevention tool is a good fit for your business.
Visa has three violation statuses that determine when fines and penalties are issued. Those statuses are:
- Notification: During the first month that your account is in the standard threshold, you will be notified. Visa does not issue any fines during this stage (but your processor might).
- Workout: In the months following the Notification status, Visa gives you time to fix the fraud issues and your account is moved to the workout status. Again, Visa won’t issue fines during this stage — but your processor probably will.
- Enforcement: If you do not fix the fraud issues, your account moves to the enforcement stage. During the first month and any subsequent months that your account meets the standard threshold or higher, Visa will issue fines and penalties.
NOTE: The notification and workout statuses are only applicable to merchants classified in a standard program. If you are classified as high-risk or excessive, you’ll immediately be fee-eligible. There is no grace period.
The fines and penalties you owe will depend on your program classification — standard, high-risk, or excessive. Fines start much earlier if you are classified as high-risk or excessive.
Regardless of the classification, the longer you are in the program, the more you’ll pay in fines. Costs usually range from $10,000 USD to $75,000 USD per month.
NOTE: It’s important to note how program monitoring fees are charged. Unlike a chargeback fee — which is a per-instance cost — monitoring program fines are issued in one large, lump-sum amount each month.
And it’s pretty rare to be enrolled in a monitoring program for one card brand but not the other. If you are consistently breaching Visa’s thresholds, you will probably also go over Mastercard’s limits. Therefore, you could receive fines from both card brands.
Don’t let these high-dollar expenses catch you off guard.
How to get out of the VFMP
Inclusion in the VFMP isn’t meant to be permanent. Visa intends for merchants enrolled in the VFMP to improve fraud prevention strategies and decrease their fraud-to-sales ratio to an acceptable level.
To exit the VFMP, your merchant account has to be below the standard threshold for three consecutive months. If you breach the threshold again — during month two, for example — you will have to start over.
Mastercard Excessive Fraud Merchant Program
The Mastercard Excessive Fraud Merchant (EFM) Program is designed to reduce fraud associated with card-not-present transactions.
Merchants are enrolled in the Mastercard EFM Program if all of the following criteria are met:
|VOLUME REQUIREMENT||AMOUNT THRESHOLD||RATIO THRESHOLD|
|At least 1,000 Mastercard transactions in the previous month||$50,000 (USD/EUR) or more in fraud-related chargebacks||0.50% or higher fraud-to-sales ratio|
NOTE: Enrollment criteria differs for Australian-based merchants. If you operate a business in Australia, your ratio must be below 0.2% and your fraud-chargeback amount below $15,000 USD.
If you use 3D Secure, there are additional thresholds to consider. These vary based on whether or not your country has legal or regulatory requirements for strong cardholder authentication.
Mastercard assesses fines for merchants enrolled in the EFM Program based on the time spent within the program.
The first month is a grace period — Mastercard doesn’t charge a fine. However, your processor might.
After the first month in the program, fines are issued monthly. Amounts can range from $500 (or €500) to $100,000 (or €100,000) or more.
How to get out of the Mastercard EFM Program
To exit the program, your merchant account must be below EFM program thresholds for 3 consecutive months.
And because you have to meet all criteria to be placed in the program, if either the fraud amount or ratio is less than the threshold limit, your account is considered compliant for that month.
Discover and American Express Fraud Monitoring Programs
Discover and American Express do not provide any public-facing information about fraud monitoring programs, terms, or fines.
We recommend you contact your acquirer to discuss thresholds and expectations for these card brands. If you are a Kount customer, contact your account manager for guidance.
Fraud Monitoring Program Reason Codes
Under normal circumstances, you can respond to chargebacks using compelling evidence and supporting documents. However, once you are enrolled in a fraud monitoring program, your response options are severely restricted.
The only way you can fight fraud-coded chargebacks while in a monitoring program is if:
- The customer no longer wants to dispute the purchase.
- A refund was issued before the dispute.
- A prior dispute on the transaction was already accepted.
A WORD OF WARNING: Because it’s so difficult to fight a fraud-related chargeback, prevention and mitigation is your best option for protecting your revenue and keeping a low fraud-to-sales ratio.
Additionally, if you are enrolled in a monitoring program, Visa and American Express will no longer send the standard fraud codes. Instead, chargebacks will be sent with a specific code indicating program enrollment.
For example, the typical dispute reason code for Visa is 10.4. But once you are in a monitoring program, that reason code is 10.5.
The following are the various card brands' fraud reason codes:
- Visa Reason Code 10.5 - Visa Fraud Monitoring Program
- Mastercard Reason Code 4837 - No Cardholder Authorization
- Mastercard Reason Code 4849 - Questionable Merchant Activity
- Discover Reason Code UA01 - Fraud: Card Present Transaction
- Discover Reason Code UA02 - Fraud: Card Not Present Transaction
- Discover Reason Code UA05 - Fraud: Chip Card Counterfeit Transaction
- Discover Reason Code UA06 - Fraud: Chip and PIN Transaction
- American Express Reason Code FR2 - Fraud Full Recourse Program
- American Express Reason Code FR4 - Immediate Chargeback Program
- American Express Reason Code FR6 - Partial Immediate Chargeback Program
NOTE: If you receive one of the above chargeback reason codes and aren’t aware of being in a fraud monitoring program, contact your payment processor or acquirer immediately for a copy of your violation letter.
Keep in mind, too, that you are automatically liable for the above reason codes for one year or within the timeline outlined in your violation letter.
Best Practices to Prevent Fraud
Prioritize fraud prevention by learning and implementing best practices, strategies, and tools that reduce the likelihood of fraud taking place. That way you can avoid monitoring programs altogether.
Use identity verification tools
Your processor offers various identity verification tools that can help you maintain a low fraud ratio.
These identity verification tools help to verify a cardholder’s identity during a card-not-present transaction. These tools compare information provided during checkout to the information on file with the card issuer.
If the information provided matches what’s on file with the issuer, there’s a strong probability the shopper is actually the cardholder. A mismatch could indicate unauthorized activity.
If you haven’t already, contact your payment processor to add the following tools to your fraud management strategy:
- Address Verification Service (AVS) compares a cardholder’s billing address at the time of checkout to the billing address on file with the issuer. Based on the information provided, the service returns a response code that indicates if a transaction should be approved or declined.
- Card Security Code (CVC2, CVV2, CID) requires a shopper to input the three- or four-digit code printed on the payment card during checkout. This code is sent to the issuer for review. Mismatched card security codes can indicate that the shopper doesn’t have the physical card and may be using stolen cardholder information to conduct a fraudulent transaction.
You can also use identity verification solutions from Kount Identity to prevent suspicious account sign-ups and give you better insights about the customers interacting with your business.
Understand the red flags for fraud.
Fraudsters typically follow similar patterns when conducting unauthorized transactions. Recognizing these red flags can help you avoid a hit to your fraud-to-sales ratio. Look for transactions that represent a high risk to your business, such as:
- Shopping for the first time
- Buying high-priced merchandise
- Placing larger-than-normal orders or buying multiple copies of the same item
- Using the same shipping address for different orders, or making multiple purchases with the same card but shipping to different addresses
- Using multiple payment cards to complete a single order
- Re-trying an order with a smaller amount after a first attempt is declined
- Choosing express shipping
- Shipping to a freight forwarding service
- Shopping from an IP address that doesn’t match the shipping or billing location
- Using obviously fake information
- Using an email address that doesn’t match the shopper’s name
- Receiving an approval after multiple declines
It can be difficult to detect these warning signs and know how to respond. If you’d like easier and more accurate fraud detection with instant decisioning, consider using fraud detection technology. Kount offers the industry's best fraud detection and prevention software.
Develop a holistic risk management strategy.
The decisions you make and the tools you implement can have significant impacts on your fraud-to-sales ratio. The reality is you can’t just use one solution to address fraud — you need to use a variety of tools and resources to make sure you’re fully covered.
Create a multi-layer strategy with different tools and techniques that compliment each other. That way, when there is a shortcoming in one area, other layers are in place to cover any gaps.
Visa’s CE 3.0 initiative.
Under Visa’s new CE 3.0 initiative, if you provide compelling evidence that disproves a fraud claim, the impact to your fraud-to-sales ratio will be reversed.
This works by comparing past transaction data to the disputed transaction. If there is a data match (such as IP address and device fingerprint) between at least two previously undisputed transactions and the current dispute, the fraud case is overturned.
Rapid Dispute Resolution.
Rapid dispute resolution (RDR) is a chargeback prevention tool that resolves disputes by initiating refunds for certain disputed transactions.
This helps control and limit your chargeback-to-transaction ratio. However, it doesn’t protect your fraud ratio. Therefore, you’ll want to supplement this tool with something like Visa CE 3.0.
3D Secure 2.0.
3D Secure 2.0 is an effective tool for combating chargebacks. Transactions that are fully authenticated with 3DS2 prevent issuers from initiating chargebacks for any resulting payment disputes.
However, fraud claims made against you still count against your fraud-to-sales ratio, so again, you’ll need to supplement this tool with another resource.
Chargeback insurance and guarantees
Chargeback insurance — also called a chargeback guarantee — reimburses you for certain fraud-related chargebacks. However, recovering revenue doesn't reverse the damage done to your fraud ratio or chargeback ratio.
A better option is to focus on true fraud prevention. Not only will this have the biggest impact on risk overall, it’s also the most cost-effective.
Analyze your fraud data.
Figuring out why chargebacks are happening might seem impossible. But if you analyze your data, you can identify problems at their source and fix them before they escalate.
Without data, you’re just guessing about the root cause of your fraud problems. Data gives you clarity — making it easier to stop fraud when it gets out of hand.
Use fraud detection technology.
Managing fraud is an essential part of growing a business. But it can also be a time-consuming, error-prone process if you use the wrong technique.
To get the best results in the most efficient way possible, you need to use technology. And Kount can help.
Kount offers a complete approach to managing fraud — chargeback prevention, payment protection, identity verification, and fraud detection. Essentially, Kount does all the hard work for you so you don’t even have to worry about fraud, chargebacks, or monitoring programs.
If your fraud ratio is becoming a concern or you’ve recently been enrolled in a monitoring program, reach out to our team of experts. We’ll help you create a strategy with both quick wins and long-term protection so you can have complete confidence now and in the future.