What fintechs need to know about cardholder disputes
In an ideal world, transactions would never be fraudulent or inaccurate. No one would have their card stolen, then find some stranger had used it to make purchases. No one would pay for something, then claim they had not bought it. Merchants would never make errors, and would always be quick to release a refund when necessary.
The reality is that transactions don’t always go right. When this happens with cards – an extremely prevalent payment rail – fintechs must be ready to tackle cardholder disputes. The ability to address problems promptly has a big impact on your overall brand identity in the marketplace. If not handled properly and fairly, it can lead to complaints in a public forum and harm your reputation.
The fintech must own the disputes process: adhering to appropriate disclosures and notifications, gathering information from customers, and communicating with them about progress. While the bank is ultimately responsible for regulatory compliance – in some cases the fintech may be on the hook financially. Working with an experienced and responsive banking as a service (BaaS) provider to help set up this process is key to protecting your business.
The bottom line: Be ready for cardholder disputes. Have a clear process for dealing with them, understand the card network landscape and take measures to prevent them. Here’s how.
Watch our on-demand seminar, "The 5 Critical Elements of Compliance for Fintechs."
The Electronic Fund Transfer Act (EFTA) and Regulation E
Cardholder services disputes occur when a cardholder claims a transaction in their name is inaccurate or fraudulent. Fewer than one percent of card transactions result in a dispute, according to McKinsey.
To understand how to deal with cardholder disputes, you first need to understand the legal and regulatory landscape that governs those disputes. These are outlined under Regulation E (or “Reg E”), which implements the Electronic Fund Transfer Act (EFTA). The EFTA allows consumers to challenge electronic transaction errors and be compensated when an investigation reveals a legitimate error or wrongdoing. Reg E outlines specific steps customers and banks must follow when a customer identifies a potentially unauthorized transaction on a debit card, or during an ATM, automated clearing house (ACH), and point-of-sale transfer. Credit cards fall under the purview of a different law, Reg Z, and are subject to different rules.
What types of claims are covered under Reg E?
Reg E only applies to claims submitted by consumers and not commercial entities.
- How long does a cardholder have to dispute a transaction? Customers must report unauthorized usage of a lost or stolen card within two days of realizing what has happened if they want to receive reimbursement.
- How long does cardholder services dispute resolution take? Banks must investigate claims within 10 days but can have time extended if needed to complete an investigation. Generally, banks leverage card networks like Mastercard or Visa to investigate on behalf of the financial institution.
- Who reimburses the customer? To the extent the chargeback satisfies a permissible chargeback code, the card issuer must provide provisional credit to reimburse the disputed transaction(s) when reported. If the chargeback was deemed valid, the merchant is assessed the amount of chargeback and the provisional credit becomes final. This chargeback can be reversed if the merchant can prove that the transaction was authorized.
- What recourse does the merchant have? The merchant can seek to fight the dispute by “representing” the transaction to the issuer with proof of authorization. This is effectuated when the merchant contacts its acquiring bank, which then contacts the issuing bank.
- Is there any further recourse beyond representment? A merchant and cardholder can further pursue a claim by engaging in the pre-arbitration phase. There is generally a fee involved and the party pursuing has to present new evidence. The losing party can be assessed the entirety of the fee which could exceed $500.
How are different types of merchants impacted by the chargeback or representment?
Whether you are a merchant that sells physical goods versus a merchant that sells services or online services can impact the level of proof you are able to provide in the case of a representment.
What other requirements are there under Reg E?
In addition to requirements around investigating claims and reimbursing customers, Reg E requires banks to include information about how to report unauthorized transactions in the cardholder agreement. The bank or its designee communicating with the customer about the card must also notify the customer of investigation progress.
When the card is issued by an issuing bank in collaboration with a fintech, the fintech may be responsible for the provisional credit and ultimate reimbursement of a valid claim. In some cases, the cost of investigating may be greater than the value of the transaction, in which case the reimbursing party may just want to provide a chargeback without looking into the customer’s claims further as a cost of doing business.
Cardholder dispute services process
A customer says a transaction using their debit card was not authorized. Now what?
Handling cardholder disputes is a process that involves multiple parties, each with their specific role to play. If you’re a fintech, here’s what the process could look like. Please note: The exact process can vary depending on who your banking as a service (BaaS) and bank partners are, among other variables.
Step 1: Customer reports unauthorized transaction
Once a customer reports an unauthorized transaction, the fintech will need to collect information from the customer to then share with additional parties including the bank. This information includes details of the disputed transaction, such as transaction value and which merchant accepted the money; whether the card was lost or stolen; whether the card was presented during the transaction or whether the transaction was online; and may include additional details provided by the customer.
If the chargeback was submitted with the proper categorization code, the fintech may be responsible for providing the customer with provisional credit for the transaction depending on its agreement with the issuing bank. In these instances, you may have to pay the customer back initially even before the investigation into the claim begins. Depending on the value of the claim and the cost of investigating it, the fintech or relevant party may decide to just let the provisional credit become permanent and forego escalating to the card network and bank for investigation.
Step 2: Report gets escalated to the card network
Unless you decide to just reimburse the customer, you will likely need to send the claim along to the card network for investigation. As a fintech, you likely will not be submitting it to the card network directly. Instead, you may be sending it first to your BaaS provider or card program manager, either manually or automatically via API. The BaaS provider then might send it to the card servicer or card program manager who then pushes it to the card network (usually Visa or Mastercard.)
Step 3: Card network and bank investigate claim
The bank through the card network has 10 days to investigate the claim, which generally extends to 45 days upon issuing provisional credit. While investigating, the bank or card network may reach out to the merchant for more information about what happened.
Step 4: Resolution
Once the investigation is complete, the investigating party will notify other parties of the outcome. Ultimately, the bank or BaaS provider will notify the fintech of the outcome, and the fintech will notify the customer.
How to set your fintech up for success with cardholder disputes
Cardholder disputes cost money to investigate and reimburse. These costs may fall on the fintech. While cardholder disputes are bound to occasionally happen, you want to make sure you have precautions in place to prevent abuse.
- Limits: Banks customarily set limits on the number of transactions a card can execute in a day and the value of transactions. For example, in a 24-hour period, a customer may not be able to spend more than $2,500 in one purchase transaction, or may not be able to withdraw more than $1,000 from an ATM. As a fintech, you and your partner bank should have similar limits in place.
- Know your customer (KYC) -- also sometimes called “know your client” -- refers to processes banking and financial institutions use to verify a customer’s legal identity. Put simply, KYC ensures that the customer opening an account with a financial institution is who he or she purports to be. It also refers to the process of verifying that the person utilizing an account is an authorized user. Things like two-factor authentication and requisiting a user’s zip code can help prevent fraudulent use of a card or account.
- Know your partners: The quality of your customers’ experiences will largely boil down to the quality of your partners. When someone files a dispute, does your network of partners respond quickly? Are they transparent with you about their claims process? Who gets involved with cardholder disputes will often be determined by just one partner. In many cases, your choice of BaaS provider will determine what card network you use and what bank partners you can work with. So you want to make sure that the BaaS provider is transparent and works with high-quality organizations.
- General fraud prevention: You also want to have a generally robust set of fraud prevention programs or practices. To prevent cardholder services disputes, fraud alerts that notify customers of potentially suspicious transactions can help catch problems before they get out of hand.
- Have a clear process: If your process is not clear to your users, that will be detrimental to their experience and could pose a regulatory issue for your bank (and by association, you.) Make sure you have a clear, consistent process that makes sense to both you and your customers.
What to look for in a BaaS provider and other partners
So much depends upon who you select as your BaaS provider. This partner determines what banks you can connect with, who your card program manager is, which card network you end up using – all of it. This is why you should never accept wishy-washiness or lack of transparency from an API banking platform. When it comes to handling cardholder disputes, as well as all other parts of your business, you need clear and direct answers.
Ask these 10 questions when you are interviewing potential BaaS providers to get a broad sense of what it will be like to work with them:
- “What’s your approach to banking as a service?”
- “Do you facilitate a direct relationship between fintechs and banks?”
- “How many bank partners are you integrated with?”
- “What is the full list of services you offer?”
- “How fast can my fintech get to market with your BaaS services?”
- “What can I expect in terms of implementation support?”
- “How many fintechs have you brought to market -- and who are they?”
- “Why are your clients happy with your service? And can I speak to some of them?”
- “What is your pricing structure?”
- “What makes your offering different from your competitors?”
When it comes to all things cards, potential BaaS partners should be upfront about every party that will be involved in issuing and servicing cards for your customers. Treasury Prime works with card processors Marqeta and FIS. We generally act as the card program manager ourselves, but larger fintech clients may work with Marqeta directly as both program manager and processor. Our bank partners include Piermont Bank and LendingClub Bank.
To learn more about the fundamentals of compliance, watch our webinar, “The 5 Critical Elements of Compliance for Fintechs,” on demand.
Interested in learning more about Treasury Prime? Developers can familiarize themselves with our offerings by visiting our Sandbox. To learn more about how we can help your bank or fintech grow through collaboration, contact us.