The domain of point of sale (POS) has three legs to its security stool: EMV, point to point encryption, and card number tokenization. Card not present (CNP) merchants and issuers have the more challenging task of assembling fraud mitigation tools on their own. The networks have had, until EMVCo’s move into payment card tokenization, not much more than 3D Secure to offer. Merchants and card issuers have a lot of transaction and fraud data and when that data gets shared, improvements are possible. That’s what Ethoca is about. Its growing network of merchants and issuers share their fraud data to improve fraud detection and lower chargeback rates. Take a listen to this discussion with Keith Briscoe, Ethoca’s CMO, on what’s possible through collaboration.
Read the transcript below.
George: Welcome, everyone, to another of Glenbrook’s Payments on Fire podcasts, and as usual, I’m George Peabody, a partner with Glenbrook. Today, it’s my pleasure to have Keith Briscoe, who’s the chief marketing officer of Ethoca. So, welcome. Glad to have you here, Keith.
Keith: Thanks a lot, George, really appreciate the invitation.
George: I’m eager to have this conversation with you. I know Ethoca is well-known, particularly amongst the leadership, from a performance point of view, for example, the leading members of the merchant risk council know all about you and this ‘card not present’ merchant space who use Ethoca’s data to help manage their fraud risk and charge-back concerns.
But, for those who don’t, and one of the reasons I’m interested in having this conversation today is that ‘card not present’ transactions are growing as a percentage of all transactions. Visa just reported that 3 out of 10 of their US transactions are ‘card not present’, and we’re pushing faster and faster into this omni-channel world, so I’m going to be real curious to hear from you on how your data is being used in this blended omni-channel environment.
But first, for those of you who aren’t familiar with Ethoca, could you give us a little background, tell us how Ethoca works.
Keith: Sure, I can do that. So, in the simplest terms, George, you have to think of Ethoca as a collaboration platform. If you think about card issuers in they’re kind of a separate silo, doing the things they do to stop fraud, you know they’re running a selection of highly sophisticated fraud tools and various processes to stop and protect fraud. You know, think about merchants as well, they’re running a completely separate set of fraud tools and processes.
The problem is that between the two, they’re not really sharing the intelligence that either party is getting a hold of very proactively. There’s just not any kind of scale or mechanism to potentially share that data or intelligence, so that’s where Ethoca really comes between the two and offers a bridge, if you will, between the merchant and the card issuer. So, in many cases, the merchant is going to detect fraud that the card issuer might not be aware of and on the card issuers side as well, their systems will detect fraud that the merchant is not yet aware of. And with the charge-back process that exists today, it’s a very complex system that often takes anywhere from 3 to 6 weeks to get that information back and forth between the two parties. Eventually, what will happen is a card issuer will detect fraud with, let’s say you, George, but it might take 6 weeks for that information to actually reach the merchant.
What we do is offer a mechanism for the card issuers to send us that confirms fraud or disputes data and we then send that through to the merchant as a real time alert, so they can actually act on that information quickly to stop the fraud and avoid a charge-back.
George: So, there’s a real time component here as well as an offline component. Describe a little bit about how those actually function.
Keith: The frequency is essentially going to vary by the type of data feed we have with our card issuers, so, it depends on the capabilities of the card issuers to some degree. Some card issuers will send us files more frequently, like once every hour or every fifteen minutes, other card issuers will maybe send us a batch file every 4 hours. So, it’s as real time as the data that we get. So, as soon as card issuers send us that data, we would then process it immediately and send that to the participating merchants. Now what we’re working toward is a higher level of automation as well as by partnering with the issuing processors that work with the banks, once we get integrated by working with those issuing processors, we’re going to get that data even faster than we do today.
George: Are you the ones that encourage the issuers to participate?
Keith: Yeah, that’s right. So, essentially what we do, it all starts with the issuing data. So, what we do is start by getting the issue onboard the platform, and it started 4 or 5 years ago with just one single issuer in the US and a kind of trickle of alert data that we started operationalizing with a couple of merchants. We then started increasing, we call this kind of a network affect, the way the merchant side and the issuer side network. So as issuers send us more data, we can send more of that data to merchants and it’s a reciprocal exchange too, so that when the merchants are actually refunding and avoiding the charge-back, that’s helping the issuer to avoid all the costs that go with the charge-backs and low-dollar write-offs and things of that nature. So network value proposition increases as each side gets bigger.
George: I know you all just got another round of funding to help expand that growth. Talk a little bit about how big you actually are already and one of the metrics that I’d be interested in is the percentage of cards out there that are covered by Ethoca at this point.
Keith: Right, of course. I’ll start with a few key facts. In the US, we currently have 7 of the top 9 US card issuers. Each of them have different portfolios obviously credit, debit, confirmed fraud customer disputes, so in terms of US pure market coverage by purchase volume or issued cards, we’re at about 30% to 35%. In the UK market, we’ve been entrenched in the UK for a couple of years now, we’re probably at the 15% range. So we’re growing fairly rapidly, those are our markets that are rapidly maturing and developing. We’re also expanding throughout the Emir region, we just launched our first issuer in South Africa, we have an issuer live in Israel at this point, we have 30 issuers globally live on our platform and we’re pushing into new markets like Asia, South America, regions such as that.
George: What do the metrics that your customers on both sides of the network reporting to you?
Keith: In terms of overall fraud mitigation rate, it’s going to vary quite a bit based on the type of merchant. So, if this is a goods merchant who is looking to stop a fulfillment of goods and services, typically the effectiveness rate is in the range of 30%. So, you know, in some cases the merchant is already going to be aware of that fraud. So let’s say out of a pool of 100% alerts we might send an issuer, if you look at, lets say 100 alerts, then a number of those cases are going to have already discovered that fraud. 30 times out of 100 they will not have discovered the fraud, but will actually be able to stop that using the Ethoca alert. So it really depends on how fast a merchant ships, for example, obviously the faster we get the alert data from the merchant, the better chance they have to actually stopping the fraud, but it’s a number of factors that impact the effectiveness on the merchant side.
George: So you must be pushing hard to get your issuers to use the latest API’s and get that data update windows to as short a period as possible, as opposed to good old batch.
Keith: Yes, precisely. The faster we get the data, and as merchants move to shipping within a few hours, if they can get that data in minutes and hours as opposed to days, then they have that much better of a chance of avoiding the shipment of goods and services.
George: So, I get that in the physical goods shipping environment, you do have a big impact. Digital?
Keith: Yeah, digital is interesting, right? Digital merchants, because it’s primarily all margin, they primarily care about transaction acceptance. For them, it’s all upside in terms of margin, so what they ultimately want out of the network and why they participate is for two reasons. One, they want to control their overall chargeback ratios. More mainstream digital goods providers, media games, low value transactions like music and that kind of thing. For them, it’s a fairly low value transaction. All they ultimately care about is driving more of that consistency, which isn’t to say that they don’t care about fraud, but they’re not as impacted financially by the fraud loss, they haven’t gone out…
George: They’ve lost a little license revenue.
Keith: Exactly. So what they’re trying to utilize the network for, we have a couple of upcoming services along this line, is to really help the issuers open up their overall acceptance rates. So, if the merchants agree to refund transactions that turn into fraud consistently, the issuers will loosen their decline rates and actually accept more. As you’re probably aware, what some of those low value transactions, in the neighborhood of let’s say $0.99 to $2 they would generally fall under the threshold for raising charge-backs, and they’re considered low dollar write-offs to the issuers, so that leads to a fairly significant degree of loss, and if merchants agree to essentially accept liability for those, and make the card issuer whole, the card issuers will consider opening up their overall approval rates.
George: Do you represent the card brands who look very closely at that 1% charge-back rate? Do you go to bat for that merchant who says “Hey, we’ll take it all on, but our rate might get higher”?
Keith: Generally, the major digital goods brands don’t really have fraud platforms that push them into that 1% ratio territory. They’re concerned about wanting to be proactive about it, but generally it’s helping them potentially resolve disputes as proactively as possible, and if you can think of something to talk to the brands out there, a lot of them are absolutely focused on customer experience . As you know, anytime a cardholder gets turned down, and it’s a good transaction, that potential insult is huge, so that’s ultimately what those merchants really care about.
George: Talk a little bit about how the system, your data stream, is in fact integrated into both, where does it show up with the merchant? Where does it show up with the issuer? Is it going into review que’s? Is it going into some kind of reports? What’s the interface?
Keith: That’s a really good question, George. So, you know, the first service we talked about is the flagship service that we first launched on our collaboration network, but there are all kinds of other use cases that merchants and issuers are helping us discover. One of those is the problem of false positives on the merchants sides. Every merchant and every card issuer are trying to strike that balance between accepting as many good orders as possible and obviously stopping as much fraud as possible. But invariably, merchants and card issuers are sometimes going to get it wrong in an effort to strike that balance. So we have a new service that is in pilot right now called ‘order rescue’. What happens in that case is that the merchant sends us the transaction they are about to decline or that are in their manual review que’s , and what we’ve proven out through our existing pilot is that in 42% of cases where the merchants were about to reject those orders, they were actually good orders that they could have shipped. So, if you think of the potential for…
George: That’s a huge number.
Keith: Yes, 42%. I know we were, it’s by dollar volume, actually shocked at how big that number was. One of the ways we leveraged the networks to solve this problem is get the merchants to send us the transactions they were about to decline or had declined. We would then leverage the network to send those through to the issuer. The issuer would then call out to the cardholder to confirm whether that transaction was in fact confirmed to be a good order. We would then get that information back to the merchant as quickly as we possibly can, hopefully within 24 hours, and that allows them to fulfill that order. Again, there is a huge customer insult rate at stake here as well. Anytime you have to turn down a good customer, that’s a real problem. It’s not just the cost of that sale, but the cost potentially of the lifelong customer relationship and also replacing the revenues associated with that.
George: How do you get the timeframe, that window, shorter than 24 hours?
Keith: Well, it’s all about how fast you can contract the cardholder. You can imagine, sometimes the cardholder is not going to be available necessarily and it’s about automating that process. Everything in collaboration has to deliver reciprocal value on both sides of the network, that’s what makes it sometimes tricky to deliver the services of the market, but when it does work, as with alerts and with us proving ‘order rescue’, the value exchange there is exceptional and both sides benefit in a significant way. And with ‘order rescue’ the incentive for the bank is really that, as we described at the top of the call, in some cases the merchants are going to find fraud the card issuers are not aware of in the transactions they are sending through for verification, a number of those are going to be fraud. In many of those cases, what we’ve proven out is that in 19% of those cases, the card issuer was not yet aware that that transaction was fraud or the account had gone bad. With that information, they can then improve their fraud rules and their losses associated with that cardholder.
George: You know, it’s nice to hear the story of successful collaboration across so many players. We don’t exactly live in a world where collaboration is the first instinct of market participants.
Keith: Oh absolutely, I would agree with that. I think many cardholders would naturally think there are many more collaborations happening than there is, in many respects. I think I would certainly assume that. I probably did before I ever came to Ethoca. In fact, they do operate in two solitudes and that’s a problem we’re trying to change for sure.
George: So you add value proposition to each side for the sharing of data. Everyone’s got the opportunity to lower their own, their direct costs as well as increase revenues. On the issuer side you got more good transaction flow theoretically, obviously the same would be the case with the merchant. What’s Ethoca’s business model?
Keith: In terms of pricing on either side?
George: Yeah. What’s that look like?
Keith: Generally, what we do is we charge a variable based / value based pricing. For merchants, for example, we would take a percentage of the goods recovered, so our standard rate would be 40% of recovered value. So let’s say a merchant was shipping a laptop worth about $1,000, we would typically charge $400 for that recovered order, for that fraud loss avoided actually. On the card issuer side, you know, again a lot of loss associated with charge-back processing, in addition, I mentioned the low-value items, but there are also secure write-offs as well, and similarly for the card issuers it’s a percentage of fraud losses recovered.
George: Nice business it sounds like.
Keith: Yeah. It’s a great business. It has it’s challenges trying to prove out some of these innovations, because some of them are quite disruptive to the way things are done today, but we’re rapidly demonstrating that there are a number of use cases that both parties are wanting to solve and we’re definitely making some strides in doing that globally.
George: Cool! So, one last question for you, Keith. We’re obviously looking at October 2015 here in the US for our EMV shift. You’re sitting in the middle of, your up in Canada, so you know what that looks like, I know Ethoca has been approached by constituents on both sides about what’s going to happen with EMV. Since you see a lot of transaction flow, what ‘s the Ethoca position on what we should expect here in the US.
Keith: I’d say our position adheres probably pretty closely to some of the things we are both in the market, but because US is one of the later regions to migrate to EMV, many are expecting that it’s not necessary going to be a hockey stick type of increase of the migration of that product to this EMV channel. It’ll be interesting to see what that actually looks like, but there is certainly going to be an increase, many are anticipating that the analysts are estimating that in their forecasts. Ican recently put out a report that certainly suggested it, I don’t have number on the top of my head. On the backside it’s interesting too, because as merchants potentially face more fraud loss there’s likely going to be, as we’ve seen this happen in other regions, there’s going to be greater adoption of 3D Secure and with the liability shift ultimately that will mean the card issuers will bear an increase in ‘card not present’ losses after liability shifts. There’s certainly, potentially, a great deal of interest on the card issuers side as that happens because collaboration is really one of the only mechanisms that banks can use to recover 3D Secure fraud losses. Typically, because the liability is at that point with the bank, recovering that fraud loss is very difficult.
George: Keith, thanks so much . This has been really useful to us, an interesting conversation, and a great overview of what Ethoca is really about. So, thanks for your time.
Keith: Thanks a lot for the opportunity, George. I really appreciate it.