UPDATE: Mastercard have now mandated transaction alerts for UK issuers – with a deadline set for 13th April 2018. Get the details
As part of their ongoing drive to reduce card fraud and increase consumer confidence, Visa and Mastercard have mandated that their issuers in the USA must offer a transaction alert service to cardholders. For Visa-only issuers (and dual-branded Visa and MasterCard issuers) this mandate came into force on October 14th 2016; Mastercard-only issuers have until April 21st next year to comply.
Visa gave banks three options for implementation: to develop their own in-house alert system, to purchase a third party’s solution or to implement Visa’s own alerts proposition. In fact banks who did not specifically choose one of the first two options were automatically signed up for Visa’s.
Currently the VISA mandate applies to credit, debit and prepaid cards. Commercial cards (and anonymous prepaid cards) are not included and there is no roadmap for their inclusion. Mastercard will provide an opt-in for small business cards.
The alert delivery channel is not prescribed by the networks. The cheapest option for banks is to offer email alerts, which is free. An SMS alert is also available on the VISA-branded solution, but VISA will charge the bank 1cent for each SMS alert sent to the cardholder.
The on-boarding process for the VISA solution is that cardholders are directed to a VISA-hosted site to enrol their cards. There they choose to receive either email or SMS alerts, or both. The issuer can opt out of offering SMS alerts, but if they fail to do so their cardholders will have the option to choose that service.
Reduce Fraud & Increase Consumer Confidence
The underlying driver for the move is to reduce fraud and increase consumer confidence in card purchases. While the networks have systems in place to identify fraudulent or suspicious transactions, the person best-placed to identify such transactions is arguably the card-holder. If they are alerted to a transaction on their card that they know they have not initiated, they can immediately inform their bank. This should, in many cases, reduce the number of fraudulent transactions on stolen or cloned cards to just one, reducing the overall cost of fraud.
On increasing consumer confidence, the view is that consumers who are more “involved” in the payment, and have greater visibility and awareness of the process will be more likely to use their cards. Also the fact that they know that they will be immediately alerted to any fraudulent transaction should increase their confidence. And of course, anything that encourages card use, and therefore interchange income, will be welcomed by banks and networks alike.
While delivering greater levels of information and transparency to consumers (and higher income to banks) seems like a no-brainer, alerts have the potential to generate annoyance and confusion. In a world of contactless and HCE payment, many people use their cards multiple times per day for small purchases, and so may be bothered by regular alerts for small amounts. Where couples have joint cards, the primary card holder will receive an alert but will be unsure as to whether this was a valid transaction by the secondary card-holder, or a fraudulent one. Many banks are encouraging couples to have separate cards, but where a couple maintain joint cards, the possibility of confusion remains (as well as spoiling the surprise of that romantic weekend away).
While banks in the USA are required to provide the alerts service, cardholders are not required to take it. So those who will feel bothered by it do not have to sign up for it. Alternatively, solutions offered by Vipera and other third-party providers deliver a more tailored approach. Cardholders can set the value above which they want to receive alerts (for all transactions above £30 for example), they can choose the location (all foreign transactions for example, or outside Europe) and they can select the channels: online transactions, ATM, in-store, contactless.
No date has been set for the expansion of the Alerts Mandate to Europe or further afield, but as the aims of the mandate apply universally, eventually so too will its implementation. Banks outside of the USA should be prepared for its roll-out and try to get ahead of the curve. They need to think about how alerts may be used as starting point for customer engagement and how they can be exploited to offer value-added services.
Image via Flickr – Steven Snodgrass