If you’ve ever taken a peek at the Visa Core Rules, you’ll know that the card scheme’s regulations can be pretty in-depth and complicated. These rules govern interactions between cardholders, banks, and merchants. Everything from transaction timetables and processing requirements to guidelines for managing fraud are in the book.
As outlined in the Visa Core Rules, the company currently operates compliance programs for merchants and acquiring banks who see excessive fraud instances. The same goes for Visa transaction disputes (commonly known as chargebacks).
For example, let’s say the number of disputes filed by your customers routinely breach the monthly threshold set by Visa (0.9% of sales and $ 75,000 per month as of October 1, 2019). If that’s the case, Visa will force you into the Visa Dispute Monitoring Program. The goal of this and similar programs is to help merchants and acquirers get their issues under control, and to identify problematic merchants and even remove them from the Visa network if necessary.
Now, Visa will expand this range of programs to include issuing banks as well. The company is launching the new Visa Issuer Monitoring Program, or VIMP, in most global regions on October 1, 2019 (the Asia-Pacific markets launches in April 2020). A similar setup already exists in Europe, called the Cross-Border Fraud Issuer Monitoring Program. This program will be decommissioned and rolled into the new VIMP scheme.
So, let’s take a closer look at the VIMP, see what it entails, and what its introduction means for global eCommerce.
Why Adopt an Issuer Program?
The stated purpose of the Visa Issuer Monitoring Program is twofold. The card scheme wants to identify banks who produce above-average amounts of card-not-present fraud, and ensure they’re following best practices. Visa also wants to ensure all stakeholders are working to reduce fraud, rather than merely shift the burden to someone else.
Ultimately, Visa wants to see better approval decisions, appropriate use of fraud prevention tools, and compliance with 3-D Secure protocols to verify all cardholders during online checkout.
Of course, not all issuers will find themselves in the VIMP. Like the Visa Dispute Monitoring Program mentioned above, entering the VIMP is only necessary when Visa detects a problem. So, what standards does Visa use to identify at-risk banks?
Visa outlines their guidelines on page 571 of the Core Rules published in April 2019. Banks here in the US will be subject to the VIMP if the fraudulent card-not-present transactions they process in a given month meet or exceed $ 500,000 and surpass 1% of their fraud-to-sales-dollar ratio. For domestic transactions in which 3-D Secure is applied, the threshold is much lower: $ 100,000 and 0.75% of their fraud-to-sales-dollar ratio.
Are there Consequences for Entering the VIMP?
Of course, the Visa Issuer Monitoring Program isn’t a simple status or designation handed out by Visa. Entering the VIMP could have serious consequences if left unaddressed.
First, Visa will notify a bank when they first breache the fraud threshold outlined above. Following that notice, the bank is granted a three-month Notification Period. Visa offers this window of time for the bank to showcase improvement and try to get their fraud issues under control. If they manage to do so, they can exit the VIMP with no consequences. But, if the bank is unable to show any improvement, they’ll enter the Enforcement Period.
The Enforcement Period carries stiff penalties, including:
- Non-compliance fees of up to $ 100,000.
- Requirements to continue reducing CNP fraud.
- Issuer may be unable to collect Visa Chargeback Monitoring Program reimbursements.
- Time-consuming assessments and written summaries of performance after 12 months.
If the issuer is still unable to reduce their fraud incidents to an acceptable range after 12 months in the program, they will face Visa member risk reduction requirements. They may even be unable to issue new Visa payment cards, making it impossible to carry out even the most basic functions of a bank.
How VIMP Will Impact the Market
The Visa Issuer Monitoring Program imposes new restrictions on issuing banks. However, that’s not necessarily a bad thing.
Over the last several years, we’ve seen a staggering increase in instances of “friendly fraud,” or chargebacks filed without proper justification. For instance, a cardholder might make a purchase, then experience buyer’s remorse, or simply forget they made the purchase in the first place. The buyer turns to their bank, claims the transaction was unauthorized, and files a chargeback.
Part of the problem is that, frankly, the bank has little incentive to investigate the customer’s claim. It’s not a deliberate move on the part of issuers, but banks want to keep their customers happy…and fulfilling a cardholder’s chargeback request will do that.
Implementing the Visa Issuer Monitoring Program, though, provides the incentive that’s currently lacking. Now, if banks fail to conduct due diligence in cases of eCommerce fraud…they stand to lose, too.