By David Goodale of Merchant-Accounts.ca
Don’t Lose Your Customers on the Goal Line
A declined transaction is quite possibly the worst reason to lose a sale. All that’s left is to take the money. This should be the easiest part, and it’s important to do, because the cost of acquisition of for new customers is a consideration for every online business. In short, customers don’t usually fall out of the sky. Getting them to your website is hard, educating them about your product or service is harder still, and helping them through the sales funnel will determine whether your business succeeds or fails.
Considering the amount of work going into the sales process, it’s extremely painful to lose it on the goal line because of a hiccup while collecting a payment. It’s a terrible reason to lose a sale. That same potential customer can easily bounce away, and unless they are particularly keen on your product, they might not come back.
It’s important to:
- Be aware of why declines occur
- Work to prevent them from happening
- Attempt to recapture them when they do
Why Do Declines Occur?
Merchants may not realize that they have a significant degree of control over whether a transaction is approved or declined. In fairness, it is obvious that the issuer has ultimate control over the transaction response, but merchants can control the quality of the request that is being made, and to a significant degree this can affect whether a transaction is approved or declined.
In order to understand this, you must first consider the situation from the perspective of the card issuer, who will have controls in place to prevent fraud and protect the cardholder. These controls are there not to frustrate legitimate purchases, but to stop illegitimate transaction attempts. With this in mind, we can consider the criteria that the issuer may be evaluating to determine if the transaction is legitimate or not.
It’s important to point out that no issuer will release the details of their anti-fraud algorithm, because this would empower hackers and nefarious users to attempt to circumvent the safeguards. However, we can make reasonable assumptions which we’ll explore in further detail below:
- Purchasing history: user behavior and purchasing history are an obvious starting point for the discussion. If you have been with your issuing bank for 40 years, never used your card online, never travelled outside of the country, and suddenly they see a transaction attempt for $40,000 in a far flung-corner of the earth, it will be easy to spot. My grandmother, bless her heart, is unlikely to suddenly develop an addition to online casinos, especially since she doesn’t really know how to use a web browser. So, in her case, for a card to be used online for any reason it would be suspect, and for an online casino (which is higher risk due to the nature of the business) it’s an even more obvious departure of what would be considered normal for her cardholder activity. So the first broad point is to understand that the issuer is probably looking at things over time, in order to determine what is normal for a particular person.
- MCC Codes: Some merchants don’t realize this, but when you get a merchant account for your business there is a MCC code attached to your merchant account. It stands for “Merchant Classification Category” and has to do with the types of products or services your business provides. A business that sells flowers will have a different MCC code than a business that provides accounting services. Sitting here, I can’t say whether selling flowers or providing accounting services is a higher risk service. But, I can confidently say that running an online casino is higher risk than both. If a credit card is used to purchase something from, for example, a merchant offering digital downloads of software it could be looked at as higher risk than the accounting service. This is because a fraudster is more likely to want to use a card to quickly download a movie, than use a stolen credit card with the person who is going to prepare their tax return. While we can’t dig into this too much further because it’s situationally specific, we can say that the MCC codes can be looked at by the issuer. If you operate a business in a high-risk space (such as an online casino, as an example) it’s very likely you’ll get more declines than a merchant with a low risk product or service. If so, it’s very important to provide the best data possible to your credit card processor in an attempt to maximize approved transactions (more on this below).
- Transaction Limit: The larger the amount of money that is processed, the larger a potential dispute if something goes wrong. A card issuer should always take a harder look at a transaction as the amounts increase. If a cardholder does not normally put large purchases on their credit card this could potentially cause a declined transaction.
- Time of Day: Not all of the criteria are obvious, and this could be a surprising one. As an example, if a cardholder has an established pattern of behavior and their card is used in the middle of the night (when they would normally be sleeping and have never otherwise completed a purchase), this could, at least conceivably, be detected as unusual behavior and blocked.
- Cross Border Declines: Generally speaking, card issuers consider international transactions to be higher risk than domestic transactions. Each time a payment is processed Visa and Mastercard will look at two things: (1) where is the merchant domiciled? (Where is your business and merchant account registered?) (2) Where is the cardholder domiciled? If they are from separate countries the transaction will ****cross a border **** (link to cross border article) and can cause declined transactions
- Frequency of Attempts: This is an obvious and easy to spot reason for declined transactions. If the credit card is used, or attempted to be used, multiple times in a short window of time it is likely fraud and will often be blocked by the card issuer. In this case you might actually be glad to have received a decline, because if it is a fraudster it will eventually have led to a chargeback.
- AVS (Address Verification): When a credit card transaction is processed you can include extra information with the order. For example, you can choose to include the billing address (street, city and postal code) with the order. This ties back to the quality of data that you are submitting, and is something we’ll discuss in more detail below. If the AVS address does not match, or is absent, it can increase the likelihood of a declined transaction.
- CVV: The CVV code is the 3-digit security code on the back of the credit card. If it is mis-matched or absent this can be a reason for a decline. Since 2019 it’s now even more likely to be a reason for a decline because Visa and Mastercard have mandated that CVV is to be submitted with every e-commerce transaction. Outside of certain exemptions (for example recurring billing transactions) it is suspect if CVV is missing from an online transaction.
- Cardholder Insufficient Funds: Sometimes it’s not an error. There are going to be a number of declined transactions that are legitimate and you cannot prevent or control.
- Network Outage: There are several potential failure points along the way that could cause a transaction timeout or similar decline. Your payment processor could be experiencing an outage, a particular card issuer could be experiencing an outage, or the card brands themselves could be experiencing an outage. In these cases you could try failing back to an alternative processor (if you have one in place), but if the cause of the problem is the issuer or the card brands you can’t do much about it.
Preventing declines from occurring.
Merchants do have a degree of control over whether transactions are approved or declined. In general, the advice is equally simple and effective: make sure you are sending the best data possible along with each transaction request.
This means insuring that you are passing the maximum amount of data about the transaction. You should be including the cardholder name, a full billing address (street, city, postal code, country), and also CVV information, which is the 3-digit security code on the back of the card.
We recently had a Canadian merchant that sold contact lenses, primarily to US customers. They had updated their website and the developer made a small mistake that caused the postal code (only the postal code) to be omitted when transactions were being submitted. This immediately caused a 9% increase in declined transactions. At first, they couldn’t understand what was causing it. This goes to show how one missing field can make a big difference in how the issuer banks feel about the quality, or integrity, of the transaction request. In short, put your best foot forward!
There is also a second consideration to be made if you are selling across borders. If you sell to customers located in another country, you may wish to establish a domestic merchant account in another region. It’s beyond the intended scope of this article to dig too much into acquiring regions, but in summary when transactions cross a border you will see a higher incidence of declined transactions.
What to do when a transaction is declined.
Most payment processors will provide a return code each time a transaction is processed. Those return codes are not always helpful. If an issuing bank is declining a transaction because they suspect that it may be fraudulent, they will sometimes not include a verbose or descriptive reason for the decline. (Otherwise the fraudster could modify their request in an effort to trick the system).
Other times you will have a clear reason for why the transaction was declined. However, in general, if the decline was not on the processor side of the fence (for example, exceeding a maximum transaction limit cap from your card issuer), then you know the problem is not being caused on your side of the fence.
In any situation where the decline is not specifically caused by the credit card processor, you should contact the customer in an attempt to recapture the sale. It goes beyond the intended scope of this discussion to dig too far into this topic, but it’s an excellent idea to have a business process in place to reach out and contact customers whose transactions were declined.
This can be done via email, or by phone. To a degree this will depend on the type of products and services that your business offers. Ultimately though, you need to encourage them to contact their card issuer and ask these questions:
- Can you see a transaction attempt at <insert when it happened>?
- Did you block this transaction?
- Will you release the block for this transaction?
Once the cardholder makes that request, if they re-attempt the transaction it should go through and you will have recaptured the sale. This is very important, but especially so for high-ticket type businesses where your cost of customer acquisition is high. You worked too hard to bring that customer to your website – don’t let them escape!
Merchants often fail to understand why credit card transactions get declined, and particularly don’t understand that they play a significant role in whether a transaction is approved or not. You should always send the best data possible (even if it’s a little more work) for each transaction request. If you have a call center, get the agent to ask for the billing address on file. It’s worth it, because it should ultimately lead to more sales.
Where a transaction is declined you should attempt to recapture it. Finally, if your business processes across borders and you are having a significant problem with declines, consider getting a local merchant account in the foreign country, which will improve your authorization count, and prevent customer complaints from occurring from cross border transaction fees.
About the Author
David Goodale is CEO at www.Merchant-Accounts.ca, and has been working in the e-commerce payments space for almost 20 years. His expertise is in the area of merchant accounts, payment processing, with a particular focus on international and multi-currency credit card payments.
One piece of information that should NOT be sent to the card issuer is the shopper’s email address. A savvy shopper will take the security precaution of using retailer specific email aliases which are deliberately different from the address the bank has on file. If you send the email address as part of the info you may get a decline because the email address does not match.
It may also be a risk to include the shopper’s phone number in the info, because, again, that may be legitimately different from the number the bank has on file (for example giving the delivery address phone number, or a voicemail number).
For the above reasons I would not go beyond the name, billing address and CVV.