Menu

Why Credit Unions Should Not Decline Facebook Authorizations

Why Credit Unions Should Not Decline Facebook Authorizations
Posted: May 30, 2017
Comments: 0

Declining authorizations may have unintended negative consequences on your members.

Some credit unions are declining authorization for Facebook payments due to the relatively high number of fraud cases being reported for that merchant category code. But declining these authorizations may have unintended negative consequences on your members. Here’s why.

Facebook launched in mid-2015 the ability for its users to send other Facebook users money through the Facebook Messenger app. The source of the money transfer comes from a debit card, and receipt of the money goes to the recipient’s account through his or her debit card (meaning each side of the transactions needs to enroll a debit card with Facebook). As a bonus, iPhone users can add touch ID (fingerprint scan) as an added layer of security. Facebook claims that person-to-person (P2P) payments are wrapped in secure layers and use encrypted connections. Facebook points to its history of processing over 1 million payment transactions per day for game players and advertisers since 2007.

While the actual transactions may be secure, Facebook’s P2P is still subject to fraud. Facebook scams have been featured on nightly news. Phishing attacks claiming that someone has sent money, and to click here to get your cash, have been documented by KnowBe4.com, an employee Security Awareness Training program. Account takeover is another threat, according to RSA Security, since Facebook and Messenger use the same login, leaving fraudsters who gain access to a Facebook page the ability to gain access to an enrolled debit card and drain the victim’s bank account (up to the daily limit). An even more nefarious fraud scam involves using Facebook to set up brand-new accounts, connect them to stolen debit cards, and then transfer the money.

It is due to these various threats that some credit unions have taken the step, in the name of protecting their members, to decline authorization of a debit card transaction for Facebook Messenger. Specifically, these credit unions are declining the merchant category code 4829 (MCC) used for these debit card authorization requests. The problem is this MCC, referred to as “Wire Transfers and Money Orders”, is also used by several other entities that are in the business of moving money, including MoneyGram, Square Cash, UPS, and Western Union. And while this MCC remains in the “high-risk” category, many members use these and other money movement services to send money to family members in other countries, and receive money from friends and family for completely legitimate purposes. Balancing the twin opposites of member convenience and reducing fraud is never simple; however there is a slightly more accurate way to still achieve the desired outcome. By setting more granular rules based on fields in the authorization message (varies by Visa and MasterCard), the issuer can decline the acquirers (originators) deemed riskier, while approving the acquirers that your members legitimately rely on.

Alternatively, issuers can base approval on velocity checks combined with thresholds. For example, allowing up to ten P2P transactions in a 30-day period, and an aggregate amount of transfer of $2000 over seven days, are examples combining time periods and amounts to strike that difficult balance between fraud protection and member convenience. Of course, issuers may choose to implement different controls depending on the funding source to manage relative risks. Issuers may want to take a more structured approach by establishing specific limits, and then monitoring and analyzing their portfolios for patterns of activities, and then adjusting the limits depending on the source of the funds and any observed fraud.

Editor's Note:

For a detailed look at the many P2P solutions available in the market today, please see P2P - A Comprehensive Look at Person-to-Person Payments.


 

Print
Rate this article:
No rating
Dean Knudtson

Dean KnudtsonDean Knudtson

Dean has been in the financial services business for close to 30 years, after starting his career at Seattle Trust and Savings and then Western States Bankcard Association where he was regional vice president for the Pacific Northwest and Northern California.

Other posts by Dean Knudtson

Full biography , Contact author

Please login or register to post comments.

search

Featured Stories