Why Credit Unions Should Not Decline Facebook Authorizations

Why Credit Unions Should Not Decline Facebook Authorizations
Posted: May 30, 2017
Comments: 0
Author: Lou Grilli

Declining authorizations may have unintended negative consequences on your members.

Some credit unions are declining authorization for Facebook payments due to the relatively high number of fraud cases being reported for that merchant category code. But declining these authorizations may have unintended negative consequences on your members. Here’s why.

Facebook launched in mid-2015 the ability for its users to send other Facebook users money through the Facebook Messenger app. The source of the money transfer comes from a debit card, and receipt of the money goes to the recipient’s account through his or her debit card (meaning each side of the transactions needs to enroll a debit card with Facebook). As a bonus, iPhone users can add touch ID (fingerprint scan) as an added layer of security. Facebook claims that person-to-person (P2P) payments are wrapped in secure layers and use encrypted connections. Facebook points to its history of processing over 1 million payment transactions per day for game players and advertisers since 2007.

While the actual transactions may be secure, Facebook’s P2P is still subject to fraud. Facebook scams have been featured on nightly news. Phishing attacks claiming that someone has sent money, and to click here to get your cash, have been documented by, an employee Security Awareness Training program. Account takeover is another threat, according to RSA Security, since Facebook and Messenger use the same login, leaving fraudsters who gain access to a Facebook page the ability to gain access to an enrolled debit card and drain the victim’s bank account (up to the daily limit). An even more nefarious fraud scam involves using Facebook to set up brand-new accounts, connect them to stolen debit cards, and then transfer the money.

It is due to these various threats that some credit unions have taken the step, in the name of protecting their members, to decline authorization of a debit card transaction for Facebook Messenger. Specifically, these credit unions are declining the merchant category code 4829 (MCC) used for these debit card authorization requests. The problem is this MCC, referred to as “Wire Transfers and Money Orders”, is also used by several other entities that are in the business of moving money, including MoneyGram, Square Cash, UPS, and Western Union. And while this MCC remains in the “high-risk” category, many members use these and other money movement services to send money to family members in other countries, and receive money from friends and family for completely legitimate purposes. Balancing the twin opposites of member convenience and reducing fraud is never simple; however there is a slightly more accurate way to still achieve the desired outcome. By setting more granular rules based on fields in the authorization message (varies by Visa and MasterCard), the issuer can decline the acquirers (originators) deemed riskier, while approving the acquirers that your members legitimately rely on.

Alternatively, issuers can base approval on velocity checks combined with thresholds. For example, allowing up to ten P2P transactions in a 30-day period, and an aggregate amount of transfer of $2000 over seven days, are examples combining time periods and amounts to strike that difficult balance between fraud protection and member convenience. Of course, issuers may choose to implement different controls depending on the funding source to manage relative risks. Issuers may want to take a more structured approach by establishing specific limits, and then monitoring and analyzing their portfolios for patterns of activities, and then adjusting the limits depending on the source of the funds and any observed fraud.

Editor's Note:

For a detailed look at the many P2P solutions available in the market today, please see P2P - A Comprehensive Look at Person-to-Person Payments.


Rate this article:
No rating
Lou Grilli

Lou GrilliLou Grilli

Lou is the AVP of Product Development & Thought Leadership at Trellance and is responsible for providing leadership to the organization on emerging payments and industry trends, as well as managing the product portfolio.

Other posts by Lou Grilli

Full biography , Contact author

Please login or register to post comments.


Featured Stories