The history of online payment processing and chargebacks is fascinating. How did we end up with such a complex system? And what can we learn to reduce risk?
Table of Contents:
- Fraud and Money: A History As old As Time
- Money, Currency, and Credit: Basic Definitions
- Credit, Trust and Risk
- So Why Credit Cards, Anyway?
- The Long and Winding History of Card Payment and Fraud
- How Does Online Payment Processing Work?
- Credit Card Fraud: a Quick Primer
- A Note on Cryptocurrencies
- Every Company Must be a Fintech Company
The history of online payment processing and chargebacks is complicated. It’s a legacy system that, while modern, took many twists and turns throughout the years.
But whether you run an online store, work for a payment gateway, financial institution or part of a Risk Operations team, it helps to understand how we got there.
A timeline of the history of credit cards
Challenges faced by financial institutions
Introduction to credit card fraud
A primer on chargebacks and associated challenges
Fraud and Money: An History As Old as Time
Back in 300BC, a Greek merchant named Hegestratos decided to insure his ship and cargo.
The policy, known as a bottomry, worked on simple terms: Hegestratos could borrow the equivalent of the value of his ship and cargo. If he made it safely to his destination, the loan would be paid back with interest. If not, the boat and cargo would be repossessed.
But Hegestratos had another idea: what if he disappeared? He could sink his empty ship, covertly sell the cargo, and keep the loan for himself.
Who knows what would have happened had he succeeded. His plan backfired when he was caught red-handed by the crew. They chased him off the ship, and Hegestratos drowned in the Aegean sea.
This is the first known example in the history of fraud.
It will by no means be the last. As long as money and credit exist, unscrupulous individuals will attempt to game the system.
In this ebook, we’ll look at the history of payments, chargebacks and online fraud, all in an effort to help us see where we might be headed.
Money, Currency and Credit: Basic Definitions
Money is defined as a portable form of property that is used and accepted as a means of exchange. Currency, like US dollars, Euros or British pounds is one of those standardised properties.
Credit is borrowed money. It generates debt, which must be repaid, usually with an interest, at a later date.
Note: you can read more useful definitions in our fraud dictionary.
Credit, Trust and Risk
In Latin, the term “credit” can be translated as “he/she believes”. It implies trust between the borrowing and lending parties.
Unfortunately, it also implies risk. The lender may never recover their loan. The borrower may default on it. Or simply attempt to defraud the lender, as seen in our opening example.
In the era of credit cards, there must also be trust between the cardholder and the merchant where a purchase is made.
So Why Credit Cards, Anyway?
In early Babylon, seeds were sold to farmers so that they could pay back after the harvest, with a small interest. The same principles apply today with credit cards. They exist so banks can make a profit, and so that consumers may increase their purchasing power immediately. It’s also a boon for businesses, who can process more payments.
The Long and Winding History of Card Payment and Fraud
For every innovation linked to credit, there have been fraudulent attempts. For every fraud attack, there’s been a solution. It’s a never-ending cycle that continues well into the modern age. Let’s see how we got there.
The first credit cards may be traced back to the 1940s when air travel companies allowed customers to purchase tickets on credit. By 1950, the Diner’s Club card made its way in American households, allowing people to pay on credit at several retailers. The sum had to be paid back each month in full.
American Express (or BankAmericard at the time), innovated on the same concept in 1958 by offering customers the option to carry the balance on their cards. The modern credit card as we know it was finally born.
It was not without its challenges. The earliest credit cards were built of metal, so merchants could create an imprint. They filed the information using a non-electronic imprinter, which copied details on a paper receipt. It included the cardholder name, expiration date, and of course, the card number. (Fun fact: if the letters and digits on your card are embossed, it’s precisely for that purpose. it is increasingly rare these days).
The cardholder was also required to sign the receipt, which needed to match the signature on the back of their card, for authentication purposes.
Unfortunately, stealing a card and pretending to be the cardholder was child’s play for early card fraudsters. The payment verification took days. Forging signatures was easy.
This created a complete lack of trust from the general public. How could they ensure that the credit card was only legitimately used by them, and not a thief? How could they trust that merchants wouldn’t add extra fees after the checkout process? It was time for innovation.
In the late 60s, IBM introduced a new technology that allowed information to be encoded on a magnetic strip. It could be read with specialised computer equipment, and banks loved them, for a good reason: the time to confirm a transaction dropped from multiple days to a matter of seconds.
There were, however, still security issues. The information on these strips was not encrypted. Unscrupulous merchants could steal it after the customer had left. Worse: it didn’t help with the sneaky suspicion that banks were giving you money with a catch.
This is why, in 1968, the US Federal Reserve Board passed the Truth in Lending Act, which required the lender to provide clear loan cost information, including the annual percentage rate (APR), terms of the loan, and total costs to the borrower.
A few years later, in 1974, the Fair Credit Billing Act introduced another reassuring idea: if consumers noticed a suspicious transaction on their credit card bill, they could contest it.
Under the act, the consumer had 60 days to dispute a charge with the card issuer. Charges on lost or stolen cards could also be contested. Disputes with merchants could also be settled by requesting their money back.
The chargeback was born.
It clearly created two incentives: customers would feel more confident paying with a card. And merchants would have good reasons not to try to scam anyone.
And while there was an updated Electronic Fund Transfer Act in 1978, the process would remain largely unchanged for nearly forty years.
What is Chargeback Law?
In 1974, the Fair Credit Billing Act decreed that consumers who noticed a suspicious credit card transaction could contest it with their bank. The goal was to boost trust in the credit card system and to de-incentivise merchants to commit fraud.
Fraudsters were quick to adapt to magnetic stripe technology in the 80s. Credit card cloners became widely available, allowing them to swipe a card at a point of sale, and to copy the information to a blank card.
This stemmed from one key problem: the lack of data encryption between the card, point of sale, and the card network.
This is why, in 1993, Europay, MasterCard and Visa, the three biggest card network operators of the era, launched a new technological innovation: EMV chips.
(And yes, EMV stands for Europay, Mastercard and Visa. While Europay was later assimilated by MasterCard, the term remains in use to this day.)
The key benefit of adding EMV chips to cards? Information encryption, and two-way authentication between the card terminal and the payment processing network. The goal was to reduce transaction fraud risk.
For European merchants, it eliminated the need for expensive phone authorisations. And of course, adding a PIN number to the card also boosted its security. The chips encrypt the data every time the card is used, and signature verification becomes obsolete.
And it seemed to work. While the rollout was slow (especially in the US), EMV technology is said to have helped reduce card-present rate fraud by 87% in the US.
And for merchants who failed to upgrade to the latest EMV-reading technology, credit card networks had another surprise in store. They decided to shift liability for counterfeit card fraud losses onto them.
In short, if a card payment is fraudulent, the merchant is now considered the weakest point of the transaction. They are the ones who have to cover the admin fees associated with a chargeback request.
This will have drastic consequences for all companies that accept payments online.
Online stores really took off during the mid-90s, leading to the famous dot com bubble. The companies that survived or grew after it are now household names: Amazon, eBay, Etsy, Shopify…
Part of the success of these online stores is their ability to support multiple options. Since 2001, PayPal promised to change how online payment processing worked and became the default payment method for millions of eBay users. Yahoo’s PayDirect and GoogleCheckout proved less successful, but nevertheless paved the way for modern online payment channels.
In 2010, eBay’s co-founders Elon Musk and Peter Thiel also invested in the payment processing software company Stripe, which is now valued at $95B. In spite of their popularity, all these online payment companies still face the same problems as card networks: how to improve security and reduce fraud.
Other noteworthy developments during that period include the founding of the 2004 Payment Card Industry Security Standards Council (PCI), designed to standardise security requirements for online payments.
A few years later, Visa also developed 3D Secure, which helps authenticate users before payments. Unfortunately, these security measures tend to add friction to the user checkout experience – something mobile payments are now attempting to bypass today.
In fact, user authentication for payments will become the next battleground for fraudsters and financial institutions.
While credit card usage is steadily increasing worldwide, it pales in comparison with the unstoppable rise of mobile and eWallet payments. This is what online payment processing looks like in chart form today, according to data from WorldPay’s global payments report of 2021.
eWallets have officially been available since 2008, their usage has shattered all expectations, especially in regions like China and the APAC region. Rapid digitisation following the COVID-19 pandemic has also accelerated adoption.
Well, there have still been a few interesting developments since the mid-2010s. The most noteworthy is undoubtedly the VCR, or Visa Claims Resolution, launched in 2017. (MasterCard implemented its own dispute resolution initiative the same year).
To explain it succinctly, fraudsters had now moved from a card-present scenario to card-not-present (CNP) fraud. While EMV technology had helped curb in-person card fraud, it did little to stop fraud online or over the phone.
This created yet another huge headache for card networks and merchants. Chargeback rates, to this day, are still way too high in CNP scenarios.
And resolving them is expensive, time-consuming, and frustrating partly due to the complexity of the modern online payment ecosystem.
How Does Online Payment Processing Work?
One of the reasons chargebacks are so complex? They can involve several parties. This is what modern online payment processing looks like today:
Now when a chargeback is initiated by the cardholder, the process also has to be acknowledged by multiple parties.
- The cardholder: initiates the chargeback request.
- The issuing bank: sends the request to the acquiring bank.
- The acquiring bank: sends the request to the merchant.
- The merchant: can accept the charge, or dispute it.
Then, there are three potential scenarios:
- The merchant accepts the charge and loses the funds, plus a fee.
- They dispute it and lose their appeal (same as 1).
- They dispute the chargeback and win.
The dispute process, it should be noted, is in no way straightforward. It is time-consuming. It may take weeks, requires extensive knowledge of chargeback codes (for specific reasons), and there can be a second chargeback or pre/arbitration stage.
Risk teams can lose hours with one single dispute, which is why many merchants opt for simply dealing with the loss rather than wasting energy fighting the chargeback.
Sign up to download
In order to download and read the full e-book please sign up to our newsletter.
Thanks for submitting the form, click the button below to download our eBook.