Kount LogoBLog Against FraudKount Logo

TC-40: Not the Latest Food Prep Gadget, But an Invisible Monster

posted on: Mon Oct 23 2017

There are some cool food prep gadgets out there, including an electric hot knife that cuts through butter like, well…Utensils

A TC-40 is not one of those gadgets. But if you’re an online business that processes a lot of sub-$20 transactions (games or gaming site, quick-service restaurant (QSR), digital goods seller, or non-profit), TC-40s could be causing unexpected declines for your customers and revenue losses for you.

How? When a customer files a claim that someone has used their credit card fraudulently, a TC-40 claim is generated. TC-40 claims are the basis for fraud chargebacks that are eventually issued against a merchant. Thus, if a customer says that someone used their credit card to fraudulently charge $540 at an online electronics retailer, that online electronics retailer will eventually receive a chargeback for $540, plus any fees and fines.

TC-40 Chargeback

Reported in as little as an hour to issuing bank

Reported in 30-90 days to merchant by acquirer or issuing bank
Fraud only Multiple reason codes, such as customer dissatisfaction, goods not delivered, fraud, etc.
Low-value transactions may not result in reversal of funds to cardholder Reversal of funds to cardholder

However, there is a cost for issuers to process chargebacks. In some cases, it may cost them more money to process a chargeback than the amount of the fraudulent charge. For this reason, many issuers don’t generate chargebacks for low-value transactions (e.g., under $20). Instead they will simply cover the cost of the fraudulent transaction. And that’s where problems can arise.

If card testers are conducting multiple small-ticket transactions on a merchant’s e-commerce site to test credit cards, it could result in dozens or even hundreds of TC-40 claims. While the online business doesn’t see any chargebacks because the issuing bank is covering the sub- $20 fraudulent transactions, the TC-40 claims are aggregated into something called a TC-40 report. TC-40 reports are sent out to the card brands and to all issuers and acquirers in reports known as the Risk Identification Service (RIS) Report for Visa transactions and System to Avoid Fraud Effectively (SAFE) report for MasterCard transactions.

In a not uncommon scenario, a merchant being targeted by card testers would be wholly unaware that fraud is taking place. However, issuers and acquirers would see lots and lots of TC-40 claims, causing them to decline transactions for that eCommerce site. Out of seemingly nowhere, the merchant would start getting complaints from cardholders that their credit cards are being declined on the merchant’s site, even though their account is in good standing and has plenty of credit to cover the transaction. The result: unhappy customers, lost revenue, and damage to the online businesses reputation due to “invisible” TC-40 claims.

Who is at risk? Any eCommerce operation that processes a lot of small ticket transactions, where fraudsters conducting card testing would not raise suspicion:

  • Online game or gaming site. Card tester orders a $9.99 trial account using stolen credit card.
  • QSR mobile app. Fraudsters places low-dollar order using mobile account set up with a synthetic ID.
  • Restaurant curbside pickup. Card tester places fraudulent sub-$20 online order they never intend to pick up.
  • Digital goods sellers. Card tester conducts a 99-cent fraudulent transaction for video or music download.
  • Criminal gang tests stolen credit cards by making a $5-dollar donations.

How do you make an “invisible” TC-40 monster visible?TC-40 Monster

  • Review your decline log. Filter declined transactions by issuer to see if any issuers are declining most or all transactions. Some may provide reason codes that identify fraud as the cause.
  • Contact your processor. If they track TC-40 claims, they may be able to provide information to you. Or they may be willing to share information from the RIS or SAFE reports they receive (word of warning, some issuers may not).
  • Monitor customer complaints. When customers call to tell you their cards are being declined for unknown reasons, that is a sure sign TC-40 claims are causing issuing banks to block transactions on your e-commerce site.
  • Enterprise-class fraud prevention. Kount Complete integrates Ethoca Alerts into our enterprise-class fraud prevention solution. With Ethoca alerts, online businesses are notified as soon as a cardholder reports fraud (i.e., a TC-40 claim). This provides two important benefits:
    • TC-40 claims are no longer invisible. By resolving TC-40 claims quickly, you avoid problems for customers, safeguard revenues, and eliminate unnecessary fines.
    • Stop future fraud. Fraud prevention systems like Kount “remember” the data points associated with these identified fraudulent transactions, and block new fraud from the same fraudsters or stolen credit card accounts.

To learn more about fraud in the food & beverage and quick-service restaurant industries, download our eBook "The Dish On Beating Online Fraud".

New Call-to-action