Nearly every merchant has the same end goal: to increase revenue. So, when it comes to checkout flows, business objectives tend to fall into two categories:
1. Increase conversion rates
2. Achieve and maintain PCI DSS compliance
These are important goals. However, in attempting to meet these two business objectives, merchants often make the mistake of stripping down their checkout to the bare essentials -- without taking into consideration the many factors that can also impact revenue, such as fraud, interchange fees, acceptance rates, customer data, and business credibility.
Of course, all you typically need to gather in order to process a credit card transaction is the card number, its expiration date, and the transaction amount. At first glance, it might seem like the best way to increase conversion rates -- and subsequently revenue -- would be to stick with the basics and not ask for more. However, this way of thinking can be detrimental to merchant’s business. Even in the best case scenario, a merchant who sacrifices security in favor of an apparently quick checkout could lose out on a significant chunk of potential revenue.
That’s where Braintree comes in. We consider ourselves payments nerds, so we know the ins and outs of balancing simplicity and security to create a seamless checkout experience, helping lead to more conversions, customer loyalty, and sales. Read on to learn how revenue can be lost and how to help prevent that loss through your checkout.
How Can Revenue Be Lost?
1. Fraud
One primary way in which a minimalist checkout flow can cause revenue loss is through fraudsters. As a consumer, if you have ever had the misfortune of having your credit card stolen, you know the drill. As soon as you report the card as stolen, your credit card company can immediately credit your account for the amount that was spent by the thief. What you may not know is that the funds credited to your bank account come from the business that accepted payments from that thief.
This came about in the early days of online credit card processing when very few people felt comfortable inputting their payment information into a web checkout. In order to create an environment of trust around ecommerce, credit card brands like Visa and Mastercard created a system wherein the customer has the right to call their card-issuing bank and demand their money be returned under certain circumstances, including instances of fraud, false advertising, delivery requirements that weren’t met, etc. This is called a chargeback.
Note: Chargebacks are mandated by the card brands and are not created or controlled by Braintree.
In the current chargeback system, fraudulent purchase reimbursement is still the responsibility of the merchant. Even if you have already shipped the goods or provided the service, the cardholder still has the right to submit a chargeback to reclaim their funds in the case of a fraudulent transaction.
However, Braintree offers tools you can use to help protect your checkout from fraudulent transactions, as well as a world-class disputes team to help you dispute chargebacks when they arise. Because your risk threshold (the quantified limit of risk beyond which your organization does not want to go) is an individual business decision, you are not required to use any of our fraud tools. That said, we recommend that every merchant enables Basic Fraud Tools, subject to your risk threshold, which can be done through your Braintree Control Panel.
Fraud rules are ultimately a business decision. The less stringent your protections, generally, the greater you are at risk for chargebacks. However, if your protection settings are too high, good transactions may be rejected unnecessarily. No business is ever completely immune to fraud, so nobody can ensure that your transactions will be 100% fraud-free. However, our tools (implemented properly) can help diminish instances of fraud.
AVS best practices
AVS rules only check the numeric values of an address. Depending on how a customer enters their address information, it could confuse the system and cause false rejections.
Not all issuing banks support AVS. However, that does not inherently indicate fraud. Therefore, you should consider carefully whether to reject a transaction based on the issuing bank not supporting AVS.
Typically, we recommend that you consider setting your rules to reject a transaction if:
- Postal Code does not match information on file with the issuing bank
- Postal Code is not provided
By default, AVS rules will only apply to transactions and verifications that have a billing address in the United States or don’t specify a country of origin. For more information on setting AVS rules for international transactions, refer to our support articles.
CVV best practices
It's generally considered best practice for most merchants to collect CVV information -- it can help lower the risk of fraudulent transactions and can be used as supporting evidence in your favor if the customer issues a dispute. Regardless of whether you choose to verify the CVV, selecting to reject transactions if CVV is not provided will ensure that your customer supplies this information.
2. Increased interchange costs
One of the most common and preventable interchange downgrade reasons we see is not providing billing address information for transactions created by US customers. If your company works with US customers, then you should strongly consider providing AVS information for every transaction. When the billing address information is not provided, card brands will often increase the associated interchange costs; depending on your credit card mix, your transactions could be downgraded by the card brands (meaning an increase in interchange costs would ensue) for being too risky. Note that this is particularly important if you have interchange plus pricing as opposed to blended rate pricing.
3. Declines
There are two types of declines: hard declines and soft declines. Hard declines occur when there is an irreparable issue with the customer’s payment method; for instance, the card has expired. No matter how many attempts the customer makes, their provided payment method will not be accepted.
Soft declines come from the card-issuing banks. These cards are connected to a valid account; however, there is something preventing the bank from completing the transaction, likely:
1. Insufficient funds
2. The declining bank’s own fraud rules
Braintree’s role, as a payment platform, is to facilitate a transfer of funds between the customer’s bank, the card brand, and the merchant’s bank. The goals of the customer’s bank and card brand are to maintain their relationship with the customer by protecting the customer’s privacy. When we receive a generic soft decline code from the customer’s bank the customer’s bank is telling us that they will not honor this transaction right now.
However, there are some changes to your checkout flow that could potentially decrease these declined transactions.
Are your customers based in the US?
If so, you should consider collecting as much data about the card as possible -- particularly for first-time transactions. Collecting AVS information on all transactions and collecting CVV information on a customer’s first transaction or verification can help reduce declines considerably. Card-issuing banks in the US are less likely to return a soft decline if valid CVV and AVS information is passed through.
Are you doing business outside of the US?
If you are doing business in Europe or in the Asia Pacific region, you should consider enabling 3D Secure. 3D Secure allows the cardholder to set up a password (or other verification process) with their card-issuing bank. When the customer checks out on your website, they simply enter their password to verify the transaction.
3D Secure is important for 2 reasons:
1. 3D Secure has the potential to shift chargeback liability from your organization to the card-issuing bank. The details of the chargeback liability shift are outlined in our support articles. (Not all cards are eligible for 3D Secure. If a card is not 3D Secure-eligible, chargeback liability will remain with your company.)
2. Many card-issuing banks outside of the US require 3D Secure to be enabled in order to process debit cards. For example, almost all Malaysian banks require 3D Secure to be enabled before a debit card transaction will be approved.
The Braintree Difference
While a minimalist checkout flow may seem ideal, you don’t need to compromise security to create a seamless customer experience. By taking steps to help limit declines and fraud, you can decrease revenue loss without creating unnecessary friction for your customers. Partnering with a payments expert like Braintree can help your business craft that frictionless experience while maintaining a more secure checkout and helping to preventing fraud. As a PayPal service, Braintree uniquely offers the ability to accept PayPal, credit and debit cards, and more in one single integration. Research shows that PayPal is one of the most trusted payment methods that many consumers look for when completing a purchase – in a Forrester survey of consumers, 43 percent said they trust PayPal to provide a secure digital wallet1, and PayPal One Touch for mobile and desktop makes it possible for even first-time customers to check out quickly.
Among many security features, Braintree offers merchants post-transaction fraud management tools to help merchants respond to chargebacks filed fraudulently or mistakenly. We also recommend using a rules-based approach to guard against common types of fraud while reducing costly false positives. For businesses that may need additional fraud protection touchpoints and rules, we partner with Kount to offer Advanced Fraud Tools. These tools, which are subject to additional fees, allow merchants to customize their own fraud detection tests using Kount's back office tools. Choosing to customize your fraud detections means that you can tailor the rules to suit your unique business needs and make the rules as aggressive or as lenient as you need.
Overall, a secure and seamless customer experience can mean more revenue for your business, and Braintree offers the expertise, tools, and white-glove support to make sure your checkout meets the needs of your customers and your business. Reach out to accounts@braintreepayments.com to learn more about making the most of your Braintree integration.
Additional Reading
Looking for more in-depth info on how you can help prevent revenue loss through your payments setup? We recommend the following support articles:
Fraud Tools Overview
PCI Compliance
Chargebacks and Retrievals Overview
Gateway Rejections
The information in this blog post has been prepared by PayPal and is for informational and marketing purposes only. It does not constitute legal, financial or business advice of any kind and is not a substitute for qualified professional advice. You should not act or refrain from acting on the basis of any content included in this blog post without seeking the appropriate professional advice. This blog post contains general information and may not reflect current developments or address your specific situation.
From “Disrupting Finance: Digital Wallets,” published on April 7, 2016 by Forrester, available at https://www.forrester.com/report/Disrupting+Finance+Digital+Wallets/-/E-RES116772 ↩