COVID-19's chargeback wave heightens calls for independent standards body
The Secure Payments Partnership feels it has stepped up enough pressure in the past year to get busy lawmakers hearing their plea for an independent payments standards body — especially as the coronavirus pandemic has shifted more payments to digital formats and invited more fraud and chargebacks at the same time.
Many consumers are faced with payment commitments that the pandemic upended, such as expensive vacations, and have used chargebacks to recoup their losses. In June, chargebacks that were not a result of fraud were 23% higher than during the same period a year earlier, according to ACI Worldwide. Mastercard reports even higher chargeback levels, in the range of 35% to 40% higher than last year.
This issue has renewed a push for an independent standards body by the SPP, formed in 2018 to represent merchant groups such as the National Retail Federation, Food Marketing Institute, National Association of Convenience Stores and the National Grocers Association. In the past year, the SPP has picked up its activity through social media channels and letters to Congress requesting the formation of a standards body that reflects the needs of all parties.
"Our people are telling us they are most concerned about security and chargebacks, especially with mobile on the rise" during the pandemic, said Leon Buck, SPP member and vice president of banking and financial services for government relations at the National Retail Federation.
In a recent survey of retailers about how they were faring during the pandemic, the NRF found that 62% cited combating fraud as a top priority, Buck said.
"With an independent body in place, it would keep the fees low and at a stable place, but mostly we have millions of dollars that we are being charged for with chargebacks, so we are mostly interested in security," he added. "A lot is going on now with payments during COVID-19, and we want to make sure that when somebody presents a payment card, that it is that person."
Standards today are developed by bodies like the Payment Card Industry Security Standards Council or the EMVCo specifications body, both created and overseen through the major card brands.
Merchants remain wary of EMVCo creating the EMV technology and guidelines for use, while not actually deploying it. Deployment is left to the card brands, which attach their standards and rules for specification use — a process that makes merchants feel even more left out.
For its part, EMVCo developers say they have advanced technology far beyond the chip card, especially with Secure Remote Commerce, also called Click to Pay, for e-commerce websites.
The SPP viewed that technology development as a power move by the card brands to have more control over the growing e-commerce payments ecosystem.
In citing its recent research with the RPGC Group, the SPP found merchants view EMVCo’s closed standards-setting process as one that cuts out merchants and consumers from decision making, puts profits ahead of security, drives up costs for businesses and consumers alike, and leaves the U.S. with a fraud-prone payments card system — all while restricting competition and thwarting payment innovation.
"EMVCo is very similar to PCI in its structure; it's the global brands that have come together in a collaborative manner to create something they want to hold the industry to," said John Drechny, CEO of the Merchant Advisory Group, which recently became an advisory voice for EMVCo.
"The only people who don't have any contribution into the final decision making are the merchants," Drechny said on a PaymentsSource podcast. "You have an entity that creates specifications for merchants, but merchants don't have any say in what those specifications are."
Drechny acknowledges that having the MAG involved with the EMVCo process has helped the organization understand more about it, resulting in better specifications for the industry.
Drechny points to the Secure Remote Commerce specification as an example, saying merchants questioned why they would put the technology on their website checkout pages under the SRC name, as it would imply the other payment button options on the site were somehow not secure.
"To be honest, we weren't entirely convinced it was any more secure than what some merchants were already doing today with very robust algorithms," Drechny said. "But it was determined that using the word 'secure' doesn't really work within the name of a payment option."
Since SRC/Click to Pay relies on issuers for authentication, once shoppers commit to using that system for checkout they may not be able to switch to another payment option such as a private-label card. "The way the specification is set up, the customer just picks one card and that one card gets presented for the transaction, and there is no ability to switch the card," Drechny said.
The SPP's message about getting a voice in final decisions about standards doesn't take away a fact that has held up most discussions about creating an independent body to develop and deploy specifications.
"EMVCo is owned by the card companies and that makes sense, since it’s their intent to provide security and protection to their card issuers, processors and merchants," said Thad Peterson, senior analyst with Aite Group. "I’m not clear on who else should be responsible for managing the security of their offerings, if not the payment networks."
The challenge going forward, Peterson noted, is the emergence of "non-card payments and the ability for the providers of those services to ensure the security of the transactions on their platforms. … I think the industry would expect that those providers will protect their merchants and end users, as EMVCo protects their stakeholders."
It doesn't deter the SPP from its core belief that an independent body would strengthen security, mostly because it would take into account the nuts and bolts of what a merchant has to deal with when complying with new specifications and standards. They also feel they can add supporters to their list that go beyond Sen. Dick Durbin, whose previous efforts resulted in the Durbin Amendment to cap debit card fees and expand transaction routing for merchants.
"We currently have a group at the Federal Trade Commission looking into what is being talked about, regarding loosening it up and making an impartial organization, but right now, we're just not there yet," Buck at the National Retail Federation said.
"We are not looking for federal government regulation, because we have enough of those in payments, insurance and financial services," Buck added. "But we definitely want some independent body to set payments standards."
Buck said the SPP envisions an independent body as one that would include retailers, independent merchants, grocers, food processors, small and large banks and credit card company representatives.
The SPP has no fear of an independent body with retailers involved suffering the same fate as the Merchant Customer Exchange mobile wallet efforts of the past. The MCX initiative folded in 2016 after two years of work in developing a common ACH-payments mobile wallet that never passed testing phases. It failed, at least in part, because retailers had a difficult time with the thought of potentially weakening their own brands in presenting a common wallet for customers that could bypass card payments.
But what the SPP and its core retailer members want this time goes beyond fees and stifling rules. They want a say on any topic that could put an end to a chargeback avalanche.
"We don't want control, we just want an equal say," Buck said. "Right now, EMVCo is like the source of stifled payments innovation, and we as retailers are concerned about a lot of things right now with COVID here and contactless payments on the rise."