Planned ‘fixes’ for credit-card interchange fees will actually make fraud easier

The US Federal Reserve and the US Senate are both looking to lessen restrictions on retailers — ostensibly to rein in card fees. What they actually are doing is inviting more fraud.

Currency symbols move within an abstract spiral framework.
Metamorworks / Getty Images

I love it when organizations try and do something good, but don’t think things through and end up delivering unintended negative consequences.

Today’s case in point: the US Senate and the Federal Reserve, both of whom are looking to reduce high interchange costs, but are unintentionally increasing costs for merchants and sharply boosting the undiscovered fraud rate. Not bad for government work.

Let’s start with the Senate, where Sens. Dick Durbin (D-IL) and Roger Marshall (R-KS) have crafted The Credit Card Competition Act of 2022. Its stated goal: reduce the interchange fee that financial institutions and card brands (Visa, MasterCard, Amex, etc.) charge retailers. 

“This legislation, which builds upon pro-competition reforms Congress enacted in 2010, would give small businesses a meaningful choice when it comes to card networks, and it would enable innovators to gain a foothold in credit cards," Durbin said in a statement.  "Bringing real competition to credit card networks will help reduce swipe fees and hold down costs for Main Street merchants and their customers.”

Those are noble sentiments. But instead of imposing a ceiling on the interchange rates and forbidding those banks/brands from increasing other rates to compensate — which theoretically would achieve the stated goal of protecting SMB merchants — they instead want to allow merchants to be able to use multiple networks.

The rationale behind that move is that by allowing retailers to use cheaper networks, costs would drop. Alas, it doesn’t work that way. When financial institutions and the card brands lose dollars via interchange, they’ll simply impose other card fees to make up the difference and perhaps even bring in more money than before. Unless legislation prohibits that move — it doesn’t at this point — those small businesses will end up paying more. 

This gets worse. Those cheaper networks – surprise! — come with weaker cybersecurity protection and undermine the ability of machine learning (ML) analytics to ferret out fraud attempts. In short, banks have fine-tuned those ML analytics to the point where unusual spending patterns are caught quickly. This would slash that effectiveness.

“By splitting transactions over two or more networks, the cardholder’s payment patterns will be obfuscated, making it more difficult for machine-learning algorithms to detect unusual spending patterns and, thus, flag potential fraud,” according to a new report from the International Center for Law & Economics (ICLE). “Second, to the extent that cardholder benefits are tied to a particular network —including, but not limited to, fraud-prevention tools such as card blocks — these may not be available to consumers if the merchant chooses not to route over that network.”

Consider the many ways this will degrade cybersecurity, increase how much fraud is successful and, indirectly, boost the volume of fraud attempts. The change would:

  • Undermine security analytics because of the fraud obfuscation ICLE referenced.
  • Lower cybersecurity protections by encouraging smaller merchants to use cheaper networks.
  • Make it more economically difficult for credit card benefits to be delivered, and thus push more transactions from credit cards to debit cards. From the consumer perspective, debit cards have far fewer protections. If a consumer is breached via a credit card, a temporary credit will be issued and the consumer can continue to use their credit card. (If it’s bad enough, the card may be replaced within a few days.) But if the breach comes from a debit card, the attackers could empty  the victim’s bank account. Most banks can take as long as two months before the funds are returned, assuming they are returned at all. During that time, the victim likely has no access to funds at all to pay bills, rent, etc. 
  • Make fraud harder to detect. Though that doesn't necessarily mean more fraud, it will mean more successful fraud. Once fraud detection rates drop, cyberthieves will start doing more fraud attempts.

(As I noted recently, banks are already pushing back on covering businesses and consumers for true fraud.)

Those results all involve the Senate bill, which is focused on credit card charges. The Fed changes proposed in 2021 do something similar, but on the debit side: “The (Federal Reserve) Board is proposing changes to Regulation II to clarify that debit card issuers should enable, and merchants should be able to choose from, at least two unaffiliated networks for card-not-present transactions. Specifically, the Board is proposing revisions ... that clarify the ... the prohibition on network exclusivity to card-not-present transactions. These proposed revisions ... clarify that card-not-present transactions are a particular type of transaction for which two unaffiliated payment card networks must be available. The Board is further proposing revisions ... that clarify the responsibility of the debit card issuer in ensuring that at least two unaffiliated networks have been enabled to comply with the regulation's prohibition on network exclusivity.”

That reference to card-not-present is yet another complication. Before e-commerce took hold starting in the mid-to-late 1990s, card-present (CP) and card-not-present (CNP) were fairly simple concepts. CNP transactions were mainly over the telephone, while CP payments occurred in-store. 

But mobile payments complicate things. Consider the pandemic-encouraged curbside pickup. If someone walked into a grocery store and purchased something while standing in the checkout lane and made that transaction through a payment terminal (using NFC, for example, or Google or Apple payments), it would be considered a CP transaction, which costs less.

That identical transaction (same groceries, same retailer, same phone, same shopper) made at curbside pickup four feet outside the door is charged as the more expensive CNP rate. As you can see, logic is not a factor here.

What about those SMB merchants these changes are designed to protect?  Issuing banks "would then respond by raising fees and reducing rewards on credit cards, just as they did in Australia and elsewhere when credit-card interchange fees were forcibly reduced," the ICLE report said. "The only unambiguous beneficiaries of the proposed routing changes will be the shareholders of very large retailers and service providers that have their own machine-learning-based profiling and fraud-prevention tools, enabling them to use cheaper, less secure routing without a significant increase in fraud and other losses.”

In summary, the card brands will impose new fees; they will be fine. The banks and payment processors would do the same. Large retailers — the Walmarts, Targets, Home Depots and Walgreens — will be fine, too, because their scale justified their own cybersecurity anti-fraud systems.

But the SMB retailers will likely end up paying even more bank/processor charges — on top of higher costs related to increased fraud.

For the consumers, things look worse. When Australia tried this kind of interchange reduction approach, card rewards were reduced and the number of cards with no annual fee “declined significantly,” ICLE Senior Scholar Julian Morris, one of the authors of the report, said in an interview.

The Senate bill, while introduced, hasn't yet moved forward. And the Fed rules have not been rolled out. But if these changes do get implemented, small retailers (and consumers) will suffer the unintended consequences.

Copyright © 2022 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon