1 PURPOSE
The Procedure defines an order how Credit Risk related to business activities and customers is measured and mitigated in HIRETT to minimize the possible losses.
Terms and abbreviations used
1. Administrator – a HIRETT IT administrator whose job duties include Transaction processing in the accounting system;
2. FD – Payment cards data processing centre the HIRETT LIMITED has concluded an agreement with on Processing of Payment Cards Data, and which sends the Transaction data to HIRETT to process Transactions, solve customer complaints on the Transactions and solve other issues in cooperation with HIRETT regarding the Transactions;
3. Credit risk – the risk of loss that could be incurred in the event of default by the customer.
4. Chargeback – a transaction that is returned by the card issuer and / or the cardholder to the acquiring bank to the Customer, as a financial liability;
5. Country Risk – For the definition if a country is considered as low, medium or high risk, HIRETT is utilizing the HIRETT Country Risk list;
6. Responsible employee – a HIRETT employee who is authorised to serve Internet merchants;
7. Compliance laws, rules and standards – HIRETT operations governing laws and other legal acts, HIRETT operations related standards defined by self-regulating institutions, professional conduct standards and codes of ethics and other standards of best practice related with HIRETT activities;
8. Authorisations – an electronic verification process of payment card data, resulting in receipt of an approval or denial for Transaction performance from the Payment card issuing bank;
9. HIRETT – HIRETT LIMITED;
10. HIRETT rates – the HIRETT approved services price list that is valid at the day the respective operation is carried out;
11. HIRETT IS – a set of HIRETT or outsourced to the trusted and certified processing centre data processing equipment and software;
12. Registration system – an electronic registration system used by HIRETT and which ensures acceptance of Payment cards and serving the Customers;
13. Employee – a private person who is employed by HIRETT based on an employment contract or other legal transaction;
14. Transaction approval code – a response code from the issuing bank of a Payment card received at the moment of authorisation;
15. Dispute manager – HIRETT Backoffice employee;
16. Transaction – a settlement for goods or services made with a Payment card;
17. E-shop – a customer’s – on-line merchant’s site on the Internet, where the Customer offers its goods or services.
18. CRM – Card Risk Manager – AML and Risk department employee, who is authorised by HIRETT to carry out activities defined in the Procedure;
19. AML manager – AML and Risk department employee, who is authorised by HIRETT to carry out activities defined in the Procedure.
20. Account Manager – Sales department employee, who is authorised by HIRETT to carry out activities defined in the Procedure.
21. AML/RD– HIRETT AML and Risk Department.
22. Customer – merchant, with whom HIRETT concludes or is willing to conclude an agreement on servicing Payment cards on the Internet.
23. Agreement – an agreement that is concluded (or to be concluded) between HIRETT and Internet merchant on servicing of Payment cards on the Internet.
24. Payment card – payment instrument allowing to pay for goods, services and withdraw cash using special machines (ATM), POS terminals or to make payments on the Internet.
25. Payment card user – a private person on whose name the Payment card is issued to.
26. Monitoring software – a monitoring software, for example, G2 Web Services, Web Shield etc.
27. Account – a settlement account opened for a Customer in HIRETT in line with the HIRETT Customer registration, current account opening and customer file preparation procedure.
28. PIN – Personal Identification Number assigned to a Payment card. PIN serves for identification of Payment cards at the moment of transaction in ATM or POS terminals. The PIN replaces signature of a Payment card user when making transactions with the Payment card. Correct entry of PIN is proved by information that is saved in HIRETT Payment cards system.
29. Procedure – HIRETT Credit risk mitigation and management procedure .
30. International Card organizations (ICO) – international payment cards organizations VISA International, MasterCard International and others, each or any of these.
2 CREDIT RISK DEFINITION
1. Within the Procedure the Credit Risk is the risk to be exposed by chargebacks for undelivered goods and services, which incurred as a result of extending a line of credit to a customer e-merchant’s business if the merchant offers prepayment, ongoing services or it goes out of business as well as fraudulent;
- Mis-mitigation of credit risks could damage the company brand and reputation as well as could have possible legal risks;
- The company Customers’ activity monitoring principles are based on ICO requirements defined in their monitoring programs.
3 CREDIT RISK MITIGATION MECHANISMS
For effective Credit risk mitigation company will ensure the pre and on-going customers monitoring also will apply other methods of customer’s’ activity control in accordance with related company policies and procedures.
1. Calculation of upfront deposits and rolling reserves before concluding the Agreement:
1.1. The volume of security deposits and rolling reserves Residence and IP- address of the online merchant:
1.2. For customers with residence and IP addresses in low risk countries at least one of the following security deposits and rolling reserves:
1.2.1. upfront deposits and rolling reserves 0-5% of the planned monthly turnover (which is invested by the Customer when the Agreement is concluded);
1.2.2. rolling reserves of 0-5% reservation from monetary funds of transactions processed at the respective day for 180 days (which is automatically reserved by company system in the Customer’s account);
1.2.3. rolling reserves need to cover the calculated merchant credit risk exposure with 100 % after 180 days. If an upfront deposit is imposed, it also needs to cover the calculated merchant risk exposure by 100 %. If the imposed rolling reserves or upfront deposits are below the calculated merchant risk exposure, e. g. due to the nature of the business (such as travel, long term subscriptions, etc.), additional risk mitigation controls are also imposed such as a payment delay and the issued credit scoring limit of the chosen credit scoring provider.
1.3. For customers with residence IP addresses in moderate or high risk countries at least one of the following upfront deposits and rolling reserves:
1.3.1. upfront deposits of 5-25% of the planned monthly turnover (which is paid by the Customer when the Agreement is concluded);
1.3.2. rolling reserves of 5-10% reservation from monetary funds of transactions processed at the respective day for 180 days (which is automatically reserved by HIRETT system in the Customer’s account);
1.3.3. rolling reserves need to cover the calculated merchant credit risk exposure with 100 % after 180 days. If an upfront deposit is imposed, it also needs to cover the calculated merchant risk exposure by 100 %. If the imposed rolling reserves or upfront deposits are below the calculated merchant risk exposure, e. g. due to the nature of the business (such as travel, long term subscriptions, etc.), additional risk mitigation controls are also imposed such as a payment delay and the issued credit scoring limit of the chosen credit scoring provider.
1.4. For customers with high risk regardless the residence and IP addresses at least one of the following upfront deposits and rolling reserves:
1.4.1. a guarantee upfront deposits of 25-50% of the planned monthly turnover (which is paid by the Customer when the Agreement is concluded);
1.4.2. rolling reserve of 10% reservation from monetary funds of transactions processed at the respective day for 180 days (which is automatically reserved by company system in the Customer’s account);
1.4.3. rolling reserves need to cover the calculated merchant credit risk exposure with 100 % after 180 days. If an upfront deposit is imposed, it also needs to cover the calculated merchant risk exposure by 100 %. If the imposed rolling reserves or upfront deposits are below the calculated merchant risk exposure, e. g. due to the nature of the business (such as travel, long term subscriptions, etc.), additional risk mitigation controls are also imposed such as a payment delay and the issued credit scoring limit of the chosen credit scoring provider.
1.5. For the remaining Customers regardless the residence and IP addresses at least one of the following upfront deposits and rolling reserves:
1.5.1. a guarantee upfront deposits of 5-10% of the planned monthly turnover (which is paid by the Customer when the Agreement is concluded);
1.5.2. rolling reserves of 5-10% reservation from monetary funds of transactions processed at the respective day for 180 days (which is automatically reserved by company system in the Customer’s account);
1.5.3. rolling reserves need to cover the calculated merchant credit risk exposure with 100 % after 180 days. If an upfront deposit is imposed, it also needs to cover the calculated merchant risk exposure by 100 %. If the imposed rolling reserves or upfront deposits are below the calculated merchant risk exposure, e. g. due to the nature of the business (such as travel, long term subscriptions, etc.), additional risk mitigation controls are also imposed such as a payment delay and the issued credit scoring limit of the chosen credit scoring provide
1.5.4. The upfront deposits and rolling reserves indicated under Item 3.1.1 can be excluded for Customers with a good reputation and/or history in company and/or recommendations from companies partners and trusted customers. A good reputation and/or history in company is referring to a positive processing history where chargebacks and fraud are not exceeding the minimum thresholds set by the card associations AND has not been reported within the last two years for any kind of content violation or illegal aggregation AND is NOT listed on industry specific blacklists such as VMAS or MATCH, G2 and other services that are used by the company and banks;
1.5.5. The rolling reserves are calculated on the basis of all daily transactions of the merchant where the imposed holdback percentage is deducted from the final pay-out amount and held for 180 days.
1.6. In case of significant changes regarding the Customer (the Customer’s risk level increases or decreases by at least 20 % on a monthly basis, for example, it starts selling of new products or terminates sales of a particular product, transactions that are suspicious or uncharacteristic to the Customer are found), the CRM or AML manager informs the AML and Risk department Head in writing about the changes. The AML and Risk department Head will then, based on the newly calculated merchant credit risk exposure, evaluate if the collaterals, such as rolling reserves and upfront deposits still cover 100 % of the calculated merchant credit risk exposure. If not, further decisions must be taken, whether the collaterals need to be increased (e. g. with a payment delay) or if the credit limit for the merchant is still covering the open gap. The AML and Risk department Head will then communicate the decision in writing (minutes) to the respective risk and sales officer.
1.7. When entering into an Agreement with the Customer initial payment delays are imposed to protect HIRETT in regard of bust-out merchant:
1.7.1. During first two months of cooperation, the imposed payment delay by default of the monetary funds will be up to two weeks;
1.7.2. From fourth to fifth month of cooperation ,the imposed payment delay by default of the monetary funds will be up to one week;
1.7.3. Starting from fifth month of cooperation the imposed payment delay by default of the monetary funds can be removed after the written approval of the AML and Risk department Head. Minutes of this decision will be provided to the respective risk and sales manager.
2. Fraud transaction monitoring and reporting:
2.1. Every day reports are generated in the IT system for monitoring of authorisations and Customer transactions;
2.2. The reports are prepared and analysed according to the regulations and requirements of the ICO:
2.2.1. For control of HIRETT Payment cards operations every day is prepared a report, where the following data are given:
2.2.1.1. Number of volume of fraud Transactions;
2.2.1.2. Number and volume of chargeback transactions;
2.2.1.3. Number and volume of Payment card Transactions;
2.2.1.4. Number and volume or reversals;
2.2.1.5. Number and volume of purchase cancellations (unsuccessful authorisations);
2.2.1.6. The report results are assessed and in case suspicious transactions or inconsistencies to information available to HIRETT about a Customer are found, the information is given to AML and Risk department head who then makes a decision on further actions and on termination or continuing of cooperation with the Customer. The AML and Risk department Head will then communicate the decision in writing (minutes) to the respective risk and sales manager.
2.2.1.7. For control of Transactions the AML manager carries out operative analysis in the registration system every HIRETT business day. If necessary the AML manager makes an information request to the Account manager who gives a request to the Customer immediately.
2.2.2. In case during analysis of the recording system messages it is found that regulations of ICO or HIRETT agreement terms are breached, AML manager is authorized to cancel the process of the Customer servicing, informing the Account manager responsible for the respective Customer, as well as AML and Risk department and Sales department heads;
2.2.3. In the other cases the Customer servicing process is not cancelled. In case it is found that fraudulent operations take place with the Customer, AML manager or CRM block the parameter that seems suspicious (for example, a particular Payment card number or user, IP address, BIN number, etc.).
Control of fraudulent operations with payment cards is ensured according to the following indicators:
Customer risk level | Fraud transaction per month | Volume of fraud transaction per month | Proportion of fraud transaction within the whole number of purchases per month |
1. Informative level | Up to 2 | At least 1800 GBP | 3 – 4.99% |
2. Suggestive level | 2 | At least 2000 GBP | 5 – 7.99% |
3. High risk level | 3 and more | At least 3000 GBP | From 8% |
1. In case the Customer corresponds to at least two indications from one risk level, then it is assigned with the respective risk level. In case the Customer corresponds to indications from different levels, then it is assigned with the highest risk level of these. If the Customer has several e-shops, then each e-shop is analysed separately;
2. In case during verification of the respective business day it is found that the Customer’s operational indicators close to the 1st risk level, then the Customer is informed about it and it is asked to provide an explanation for each fraud Transaction, as well as the Customer is informed about a necessity to carry out respective activities to avoid such situations in the future. A respective entry is made in the Customer’s case, as well as all the gathered materials (customer’s explanations, etc.) are attached to the case;
3. In case during inspection of the respective day it is found that the Customers operational indicators comply with the 2nd risk level, then in addition to activities indicated above HIRETT (the decision is made by the AML Risk department head), after assessing the Customer’s explanations, can suggest to carry out additional training of the Customer:
3.1. In case during inspection of the respective day it is found that the Customers operational indicators comply with the 3rd risk level, then the Account manager, after receiving these data from CRM, informs the Sales department, AML and Risk department heads and the Customer about the situation, and requests explanations from the Customer on each fraud Transaction. Sales department, AML Risk department heads assess the Customer’s explanations and make a decision on termination or continuing of cooperation with the Customer. The AML and Risk department Head will then communicate the decision in writing (minutes) to the respective risk, account and sales manager. In case a report is already received from ICOs about initiation of the Customer’s audit, then HIRETT has to act along with instructions given by these organizations;
3.2. In case HIRETT would receive the information that funds used in the current transaction could be related to money laundering or financing of terrorism, the acceptance of such type of transaction/card used in this transaction will not be processed until the additional information and guidelines will not be received from HIRETT MLRO and ICO;
3.3. In case there were detected violations/breach of ICO rules and/or the Agreements by Customer, the transactions/card used in transaction will not be processed until the all the circumstances are clarified.
4. Control of disputed transactions:
4.1. For control of number and volume of complaints/chargebacks, the CRM employee each month prepares a complaint report on each Customer, by calculating proportion of Dispute complaint forms of the total number or operations each month for each e-shop of a Customer and each Customer. The reports are prepared according to the regulations and requirements of the ICO;
4.2. Along with a quantitative analysis of the disputed Transactions, with increase of the indicators, CRM carries out the qualitative analysis: respective documentation is inspected which was the basis for the dispute. CRM indicates a reason, explanation, essence of the problem and inspects action of the respective Customer through placement of a request or giving requirements for improvement of a web-page.
Specific actions which need to be taken under the process of Dispute management is ensured in accordance with the requirements of ICO, HIRETT Dispute management procedure and other related documents.
Additional monitoring:
1. High volumes of low-value transactions compared with the customer’s average transaction value;
2. Large numbers of low-value transactions coming from cards with sequential account numbers;
3. Significant increases in a customer’s e-merchant prepaid card transactions as a percentage of overall card transactions, and benchmarked against other merchants in your portfolio using the same merchant category code (MCC).
By calculating possible chargeback volume by using the formula:
Planned customer’s’ monthly turnover divided by 30 (days in one month) multiplied by the average delivery/payment recurrence time:
example: (10000EUR/30 days)*14 days = 46 600 EUR, or 46% risk exposure
If there are monthly variations in turnover, the assumed risk will be normally based on worst case scenario.
Main limitations and indicators of customers’ chargebacks and fraud transactions.
Main limitations and indicators of customers’ chargebacks and fraud transactions amounts and ratio for MasterCard and Visa cards per one customer-e-merchant per one month.
MasterCard/VISA cards transactions:
1. The total number of Chargebacks received per Customer shall not exceed 100;
2. The Chargeback-to-transaction ratio per Customer shall not exceed 1.50%;
3. The total number of Fraud received per Customer shall not exceed 25;
4. Fraud transactions shall not exceed the total amount 10 000 USD;
5. Fraud transactions shall not exceed 2,50% of the total amount of transaction.
In case of breach the limitations mentioned above HIRETT will immediately revise the Agreement conditions of the continuing the cooperation with the Customer by informing the Customer in written form seven (7) days before
Directors are responsible for taking a decision on termination of cooperation with the current Customer. To prevent mentioned sanctions, CRM and AML managers will initiate the revision of Customer’s activity and web, in case the Customer’s chargeback and/or fraud operational parameters, reach 70% from the maximal allowed level.
After the resulting the revision to initiate the proposals of the development if needed.
4 POSSIBLE LOSSES WITH FEES AND FINES
1. The Customer shall cover all the losses, which arise:
1.1. Satisfaction of the chargeback, fees and arbitration are dealing consideration and processing of chargebacks;
1.2. Fines imposed on HIRETT by ICO due to Customer’s violation of the rules of ICO;
1.3. Failure to fulfil obligations by the Customer to HIRETT;
1.4. Material losses, caused to HIRETT due to Customers’ noncompliant activity;
1.5. Inflicted fines by the ICO(s) and / or HIRETT to the conditions of the Agreement.
1.6. Deductions to the ICO(s) are shown by separate groups – chargebacks, chargeback fees, 2nd presentments, pre-arbitration cases, fines, etc. and are made periodically. The periods of repayments are declared in HIRETT Bookkeeping organisation documentation.
2. The funding sources to cover the possible deductions from International Card Organizations the HIRETT will be ensured by:
2.1. Unpaid turnover of the current Customer;
2.2. Accumulated holdbacks of the HIRETT Customers;
2.3. By own funds.