MERCHANT ADVISORY

INTRODUCTION

PAY2M is a bridge between consumers, merchant and financial institutions and it is changing the way billing and payment collection works, our solution is perfect for businesses who wants to collect payments online.

PURPOSE

The purpose of this advisory is to establish the awareness in merchants to mitigate the risk of fraud & chargebacks in order to protect merchants from any electronic fraud attempts and ensure the compliance with payment service Regulations by Qatar Central Bank.

HOW TO IDENTIFY FRAUD?

Simply paying attention to the following key indicators might save your money and market reputation:

Inconsistent Address

• The information in the order is inconsistent for example, the zip code and actual house address street do not match.
• Address must be traceable and
• For example, Flat address is mentioned but flat # is not stated or the location is missing.

Multiple Shipping Address

The buyer makes multiple purchases at the same time from one account/ card but ships the items to different locations.

Sudden Transaction Spike

If there is a sudden or unusual changes in transaction frequency, such as spikes in approval attempts, sales volume, sales amounts.

Multiple Payment Instrument

Unusual number of transactions are placed using different or same credit/debit cards in a short period of time.

Unusual Location

An unusual set of orders is placed from a new country from the region you never marketed your online shop could indicate fraudulent activity.

Same Amount with Different Cards

High occurrences of transactions for same amount with different cards in a short timeframe.

Account History

Compared to the account history, the order from your regular customer deviate from regular spending.

Declined Counts

More than two or three transactions are declined in a row. In this scenario, the client is unable to insert the correct credit card number, CVV, and expiry date despite trying multiple times, which can be a red flag for criminal activity.

Low Value Transactions

There might be a situation where there are a significant number of low value transactions compared to the average transaction value.

Best Practices for preventing Fraud.

Simply pay attention to the following points.

• Consider cancelling or refunding orders if e-mail verification bounces
• Refund any payments that seems suspected/ fraudulent as soon as
• Merchant should maintain fraudulent chargeback report and keep a check on indicators like repeated area, city or any specific indicator to avoid future
• Delay the shipping of goods/ services and give time to a cardholder a chance to identify fraud on their card/ May be cardholder check their transactions history and contact issuing bank to cancel the transaction.
• In case of a doubt the customer’s details can be matched with online social profile.
• Don’t automate the process of order Personally check each order or delegate the task to an experienced professional.

Hold Goods & Services

The placed order on the website and the transaction shall be marked hold on the basis of above criteria then an invoice is required as it is marked as a suspicious transaction by the acquirer.

Moreover, settlement against the suspicious transaction will be hold till clearance. Following are the steps to hold and release merchant payments.

As soon as transaction marked hold PAY2M will communicate to merchant’s registered POC. In light of this communication, merchant has to provide invoice(s) against hold transaction(s).

Merchant shall hold good & Services against the suspicious transaction and wait till the clearance from the card issuer.

In another scenario where merchant did not provide the invoice after 1st follow-up on 2nd day, then 3rd follow-up call on 4th day.

In case of 3rd unsuccessful follow-up attempt, then on 6th day a final reminder call/ email has been sent to merchant and also contact established with respective POC for providing invoice(s).

Furthermore, if the merchant has delivered the goods against our hold transaction s, in this scenario merchant will be informed to bear liability in case of any chargeback received.

What is Chargeback?

A chargeback is a credit or debit card charge that raised upon a cardholder claims a transaction was the result of fraud or abuse.

When can cardholder raises the chargeback?

• The card holder does not recognize the charge or payee on their statement.
• The card holder did not receive the product or service.
• The card holder feels that the product or service was defective, damaged, or not as described.
• The card holder’s credit card was stolen or used without their consent.

What Are Chargeback Time Limits?

• Cardholders have 120 days to file a chargeback.
• Issuing (cardholder) bank has 5 days to submit the case.
• The acquirer/merchant has 3-5 days to submit the documents. However, the delay in submitting the documents will adversely impact the next settlement.
• The acquirer submits the document to payment schemes.

Chargeback Reasons:

• Canceled Merchandise/Services
• Canceled Recurring
• Defective/Not as described.
• Merchandise/Services Not Received
• No Cardholder Authorization
• Non receipt of merchandise
• Not as Described or Defective Merchandise/Services
• Original Credit Transaction Not Accepted
• Other Fraud-Card Absent Environment

For more details, please review below guidelines:

https://chargebacks911.com/chargeback-reason-codes/mastercard/

Charge Back Process:

• The cardholder initiates a dispute by contacting the bank and asking for a refund.
• Payment Schemes allow 120 days to card holder for filing a dispute or fraud.
• The issuer (Bank) reviews/assigns a reason code to the case.
• The issuer investigates the complaint.
• The acquirer is notified and reviews the chargeback.
• Any evidence the acquirer has to counter the chargeback will be submitted on the merchant’s behalf. If no such evidence exists, the bank will pass the chargeback along to the merchant.
• If the claim is legitimate, the merchant must accept the loss. However, merchants who believe they can disprove the claim have the right to re- present the chargeback to the issuer.
• The acquirer reviews evidence and makes a decision.
• In case of Non 3DS fraudulent transaction, customer can disprove the documents provided by the merchant/acquirer and have the right to go for pre-arbitration.

In pre-arbitration, liability shifted to merchant. Acquirers debit the merchant account and allow chargeback to issuer. For more details, please review the visa guidelines:

https://usa.visa.com/content/dam/VCOM/download/about-visa/visa-rules- public.pdf

Merchant Management

Merchant screening and monitoring is necessary for enabling ecommerce payments to ensure compliance with Know Your Customer (KYC) policies and on-boarded merchants are not a part of any fraud schemes or illegal business activities. Our merchant due diligence process is designed to handle these scenarios. This process is defined in the section of Risk Management Process.

Merchant Due Diligence

The following process will be implemented:

KNOW YOUR CUSTOMER POLICY

Merchant will be required to provide business and beneficial owner’s identification documents with respect to their category as defined in AML/CFT guidelines issued by QCB.

Merchant will also be gone through the sanction screening checks that includes but not limited to the following databases:

1. United Nation Sanction List
2. Office of Foreign Asset Control (OFAC)

In addition, we will also conduct adverse media finding and identification of PEP.

BUSINESS ANALYSIS

This is done in order to establish a check on the Merchant’s business itself. This includes but not limited to,

• Reviewing tenure of business Period
• Digital presence
• Social Media Analysis
• Business Reference
• Product & Service Category

ON-GOING REVIEW

The profile of merchants will be reviewed periodically based on risk profiling. The frequency for reviewing KYC for low, medium and high-risk customers will be determined as per best industry practice.

The activity of merchant must be monitored against a pre-determined profile, paying special attention to higher risk customers or activities.

High Risk Merchant Categories:

Visa classifies a Card-Absent Environment Merchant required to use any of the following MCCs as a High-Brand Risk Merchant:

• For all Card-Absent Transactions using the following MCCs:
• 5122 (Drugs, Drug Proprietaries, Druggist Sundries)
• 5912 (Drug Stores, Pharmacies)
• 5962 (Direct Marketing – Travel-Related Arrangement Services)
• 5966 (Direct Marketing – Outbound Telemarketing Merchants)
• 5967 (Direct Marketing – Inbound Telemarketing Merchants)
• 5993 (Cigar Stores and Stands)
• 7273 (Dating and Escort Services)
• 7995 (Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Racetracks)

For certain Card-Absent Transactions using the following MCCs

• 4816 (Computer Network/Information Services), for the sale of access to cyberlockers or remote digital file-sharing services
• 5816 (Digital Goods – Games), for Transactions involving skilled game wagering (for example: daily fantasy sports)
• 6051 (Non-Financial Institutions – Foreign Currency, Non-Fiat Currency [for example: Cryptocurrency], Money Orders [Not Money Transfer], Travelers Cheques, and Debt Repayment), for the sale of cryptocurrencies.

Fraud Management

In order to minimize the chances for occurrence of internal and external fraud, we have undertaken the following measures to keep it at minimum level:

Guardian Fraud Risk Management System

In order to reduce chargebacks and the occurrence of fraudulent transactions, PAY2M has created and integrated a Fraud & Risk Management System, called Guardian, with its payment gateway. Each transaction is checked against a set

constantly evolving screening parameters and rules in real-time. Guardian enables the following in order to safeguard against fraud:

• Real-time monitoring, and reporting
• Approval, Rejection or Manual Review of transactions as required.
• Reduction of illegitimate transactions
• Velocity checks/Transaction limits

Transaction Monitoring

The NOC Team monitors the transactions on 24/7 basis to detect any unusual patterns and investigates any suspicious transactions. When required, corrective actions are taken as required with immediacy.

Transaction Analysis

The risk team will also make an analysis of transaction on daily basis to identify any unusual or out of patterns transaction.

One Time Password Based Transaction

All financial transactions will require OTP to further mitigate fraud risks. The OTP will be sent to the mobile number registered with bank.

Customer Transaction Limits

Transaction limits defined by banks will be applicable. The transaction beyond the defined threshold will be declined.

Track Fraud Control Performance

To ensure and improve the Fraud control performance it can be measured as:

• Gross fraud amount as percentage of total transaction amount.