fraud is not a merchant problem

originally published: Apr 2012

I recently had the distinct pleasure of being hit with some chargebacks through my USD payment processor Dwolla. After talking to their head of fraud detection and prevention it became clear they they did not understand their own business.

One of the choice phrases that kept being repeated was that fraud was a risk and a part of doing business for the merchant (me). I argue that it is not a part of doing business for the merchant if they are using a service such as Dwolla and here is why: information asymmetry.

Before I get into what that means here is a quick example that was covered in the telephone conversation. Lets say my company sells widgets (something physical). A customer comes in and wishes to pay for a widget with Dwolla and since we are a Dwolla merchant we allow them to do so. Dwolla handles the transaction (debiting the customer's Dwolla account and crediting our Dwolla account). We give the customer their widget (we trust Dwolla that those funds were accounted for, more on that later). Days later, Dwolla takes the funds from our account because the customer claimed (to their bank) that the funds were not authorized to Dwolla. I, as the merchant, am now out a widget and the money I was paid for the widget because Dwolla was not able to properly detect the fraudulent user.

The reasoning Dwolla gives for the above is that fraud detection and customer identification is the responsibility of the merchant. What they don't seem to understand is that the merchant does not have the information to do such detection or identification. Dwolla is acting as the intermediary between the customer's bank accounts and personal information and the merchant. From the standpoint of the merchant, the USD transfered between the customer and merchant are "dwolla dollars" since the merchant trusts Dwolla that the transfer actually happened. The merchant has no way to query Dwolla for the customer's information or their credentials to verify that the bank account owner and customer are the same person. Dwolla hides this from the merchant (claiming to protect the customer) and by doing this prevents the merchant from having the information needed to tie accounts together and detect fraud the way Dwolla thinks we can. Even if the merchant identified the customer, they would not be able to verify anything about the linked bank accounts and where the funds come from. Fundamentally, Dwolla is trying to create "dwolla dollars" or virtual money based on the trust that they are backed by real dollars from real accounts without taking the accountability of doing so.

Since there is information that Dwolla has (and the merchant does not) and Dwolla is putting themselves between the customer and merchant, they are responsible for the funds they credit the merchant. If the merchant had to do the fraud detection and deal with customer bank accounts directly, they would not need Dwolla! Dwolla needs to be much more upfront about the "true" cost of doing business with them and that they will not worth with you to detect fraud or help you prevent it (since they can't prevent it themselves).

I understand that the USD banking system has chargebacks and that they are a reality of dealing with customer bank accounts. However, if you want to claim that fraud is the responsibility of the merchants, you must work with the merchants in linking customer accounts and verification otherwise your service is deceiving the very merchants you operate for. If you are a payment processor and are not absorbing the fraud, you don't understand your function properly and will just cost the merchant time and money. Eventually they will stop using you for a better alternative that does understand the risks and how to manage them. Maybe it won't be at $0.25 per transaction, and that might be the reality of the US banking system.

Many people don't understand why Bitcoins could be useful (beyond the realm of "pseudo anonymous" and "secretive") but the above is as clear cut example as any. Bitcoins allow merchants to not worry about fraud and create an entire payment system around the idea that once you are paid, the funds are yours! There is no period of uncertainty and thus you don't have to price in fraud into every part of the system.

- home -