GS Logo
The Green Sheet, Inc

Please Log in

A Thing A Bigger Thing

Thursday, June 21, 2018

SCOTUS says yes to expanded online sales tax collection

A fter 26 years, the Supreme Court overruled its decision in Quill Corporation v. North Dakota. At the time, the justices decided the U.S. Constitution prohibits states from forcing businesses to collect sales taxes unless those businesses have a substantial connection to the state, such as a physical location. In a 5 to 4 ruling handed down June 21, 2018, the court ruled in favor of the plaintiff in South Dakota v. Wayfair Inc., et al., which means Internet retailers can now be required to collect sales taxes in states where they have no physical presence.

Writing for the majority, Justice Anthony M. Kennedy stated, "Quill puts both local businesses and many interstate businesses with physical presence at a competitive disadvantage relative to remote sellers. Remote sellers can avoid the regulatory burdens of tax collection and can offer de facto lower prices caused by the widespread failure of consumers to pay the tax on their own." The other justices joining him were Samuel A. Alito Jr., Ruth Bader Ginsburg, Neil M. Gorsuch and Clarece Thomas.

Far from unanimous

Chief Justice John Roberts, while not in favor of the 1992 Quill decision, felt the matter would be better addressed by Congress. "E-commerce has grown into a significant and vibrant part of our national economy against the backdrop of established rules, including the physical-presence rule," he wrote. "Any alteration to those rules with the potential to disrupt the development of such a critical segment of the economy should be undertaken by Congress." Justices Stephen G. Breyer, Elena Kagan and Sonia Sotomayor also dissented.

Roberts also said, "The burden will fall disproportionately on small businesses. The court's decision today will surely have the effect of dampening opportunities for commerce in a broad range of new markets."

The 1992 decision came at a time when the Internet was not the force it is today. Justice Kennedy stated that back then, mail order sales totaled only $180 million; in 2017, he added, "e-commerce retail sales alone were estimated at $453.5 billion."

Amazon has already been collecting sales tax in states that charge it, whether Amazon has a physical presence there or not. The behemoth has not, however, been collecting sales tax for merchants participating in Amazon Marketplace.

In the suit decided today, South Dakota sought to collect taxes from online retailers with more than $100,000 in annual sales or 200 transactions in the state. While the South Dakota law provides exemptions to the smallest retailers, today's ruling may open the door for states seeking to collect sales taxes from a larger group of sellers, including small businesses.

NRF weighs in

National Retail Federation President and CEO Matthew Shay responded to the ruling, stating, "Retailers have been waiting for this day for more than two decades. The retail industry is changing, and the Supreme Court has acted correctly in recognizing that it's time for outdated sales tax policies to change as well. This ruling clears the way for a fair and level playing field where all retailers compete under the same sales tax rules whether they sell merchandise online, in-store or both."

The NRF had argued in a 2017 friend of the court brief that the Quill Corp. decision was outdated and that sales tax collection is no longer a burden for online sellers due to changes in technology. In particular, the NRF mentioned a variety of free or low-cost software now available to automatically collect sales tax owed.

The full impact of the ruling is unknown. Shay shared his views on next steps. "While today's decision is a major victory, there's still work to be done," he said. "Congress must now follow the court's lead and pass legislation implementing uniform national rules that provide consistency and clarity for retailers across the country."

Collaborations reduce chargebacks, study finds
Tuesday, June 19, 2018

A Javelin Strategy & Research study, underwritten by Verifi and published in May 2018, cites communication gaps as a leading cause of disputes and chargebacks. The 36-page report, titled The Chargeback Triangle, examines chargeback costs and impacts while demonstrating how to prevent chargebacks by resolving open issues.

In 2017, chargeback volumes reached $31 billion, including $19 billion in merchant losses and $12 billion in issuer losses, researchers found. Matthew Katz, CEO at Verifi, said improved collaboration among industry stakeholders would dramatically reduce these numbers.

"The report clearly indicates that collaboration between issuers, merchants and consumers is critical to resolve disputes effectively and avoid the direct and extended costs that chargebacks and consumer-initiated 'friendly fraud' cause for merchants and issuers alike," he stated. "In the end, the consumer pays the price in the form of higher purchase prices, as well."

In an interview with The Green Sheet, Katz called for industrywide changes in risk mitigation and chargeback management. "When you consider the sheer size of the card brands and major card issuers like Capital One and Wells Fargo, it's hard for enterprises that are so large with so much investment in technology to keep up with the times," he said. "We rely on each other to make changes across the board ‒ from cardholders all the way through to the merchant."

Sunk costs, attrition

Researchers found the costs of managing the chargeback process frequently exceed the value of a disputed product or service. "For every dollar in disputed transactions, an additional $1.50 is spent [by merchants and issuers] on fees, management expenses ‒ including technology and outsourcing ‒ and personnel," they wrote.

Following are additional report highlights:

Card brand mandates

The report references the Visa Claim Resolution (VCR) process, a newly launched initiative by Visa designed to simplify disputes. Katz expects banks to make additional investments in the program. "The benefit of being a card brand is having the ability to mandate a change," he said. "Visa set an effective date of April 14, 2018, for VCR, and Mastercard will be introducing a similar program in the near term. There has been a learning curve in the two months following VCR's effective date in terms of what works, what doesn't and how to improve."

Katz said at first glance, VCR may appear to oversimplify chargebacks, but it hasn't done away with former reason codes. Instead, it aggregates 22 original reason codes into 20 categories, which are then organized into four distinct themes, he noted. This is meant to bring clarity to the chargeback system, while maintaining a consistent experience across all channels.

"In retail, the buying experience is consistent across all channels, whether you are buying a shirt in a store, online or by using a mobile app," Katz said. "What is different are the risks involved in each channel and how merchants, acquirers and issuers monitor and view these risks. These channels are predicated on the same concept of buying a shirt."

Differentiate CNP merchants

Noting that most card not present (CNP) merchants are held accountable to the same risk thresholds, Katz said he would like to see more differentiation across CNP channels. "Internet, mobile, retail and IoT [Internet of Things] commerce need to be viewed differently by the card brands and monitored differently than they are now," he said. "The card brands need to set lower risk tolerances in channels that have a higher propensity for risk."

The IoT is a uniquely different CNP channel, Katz said, because unlike retail, online and mobile transactions, where consumers can make additional impulse purchases, the IoT facilitates targeted micro transactions. "The proliferation of commerce-enabled appliances raises the potential for curious children and inattentive consumers to inadvertently place orders," he said. "We may have to monitor our phones, appliances and wearables with the same vigilance as we currently monitor our networks and primary connected devices and networks."

Srii Srinivasan, CEO at Dallas-based Chargeback Gurus Inc., said CNP merchants that offer stellar customer service and lenient refund policies generally have reduced chargeback volumes. She recommended the following additional CNP best practices:

Pan-European digital bank to launch
Monday, June 18, 2018

A lior Bank developed a new digital platform with the intent to establish a bank that bundles best-in-class financial services from different fintechs and financial institutions. Four distinct enterprises have now joined forces to create such a bank. Set to launch in the fourth quarter of 2018, the pan-European digital bank is a collaboration between Alior Bank, solarisBank, Mastercard and Raisin.

Alior Bank stated it will deliver multicurrency accounts with international transfers and deposits; solarisBank will add the banking infrastructure with its technological, compliance and regulatory framework; Raisin, through its network of partner banks and more than 100,000 customers, is adding various savings and investment possibilities to the offering; and Mastercard’s Benefit Optimization program will be used to offer additional value-added services to customers.

Leveraging open banking

The open API platform will leverage the opportunities of EU directive PSD2 and open banking, Alior Bank added.

"Thanks to this platform, customers will be able to access the best of each collaborator's offer in a fast and efficient way," said Daniel Daszkiewicz, Head of FinTech at Alior Bank. "For example, a customer in Germany, while opening an account with solarisBank, will instantaneously gain access to a multicurrency account with Alior Bank and to Raisin's savings products. Thanks to the cooperation with Mastercard on the other hand, customers will be able to buy additional value-added services that will facilitate clients' global lifestyles. This is our first cross-border collaboration to this extent, and it is a very challenging project at the same time, because it puts a bank in a totally new position."

“The new platform – for which solarisBank will provide the infrastructure for accounts and transactions – is an exciting step to build a digital, financial ecosystem for Europe," said Marko Wenthin, co-founder and CCO at solarisBank. "Moreover, this partnership with such an innovative financial institution proves to us the success of our banking-as-a-platform approach.”

The product will be available for all EU residents with a focus on the German market during the first phase of the project, the partners stated. For further details as they develop, visit

Dixons Carphone under fire for slow reporting of data breach
Friday, June 15, 2018

B BC News confirmed reports of a second major data breach at Dixons Carphone PLC, a publicly held British electronics retailer that operates as Currys PC World and Dixons Travel. The company reportedly found anomalies in its POS network in July 2017 but took nearly a year to disclose the malicious activity. In a June 13, 2018, statement, Dixons Carphone revealed the attack may have compromised 5.9 million credit and debit cards and more than 1 million consumer accounts. Security analysts criticized the delayed disclosure and failure to protect critical infrastructure after suffering an earlier attack in 2015. Lee Munson, security researcher at Comparitech Ltd., said the Dixon Carphone breach highlights how commonplace massive data breaches have become. "What is worrying here is the delay between the breach occurring last year and the disclosure today," he said. "Thankfully, under GDPR, non-disclosure for business reasons is no longer possible as the ICO [the Information Commissioner's Office] must be informed within 72 hours whenever possible."

Munson said he expects the incident to impact Dixon Carphone share prices throughout the remediation process and suggested even a short-term dip could be fatal to the retailer. "Of more concern is the affect this could have on the chain's customers, millions of whom have had their personal or payment card information leaked," he added.

Admit culpability

Munson and other security analysts have criticized Dixons Carphone for underplaying the incident's severity by saying it found "no evidence of fraudulent payments being made with the stolen cards." Tom Miller, senior vice president at Virsec called the statement a "disturbing refrain we hear over and over." If they were blind to the breach, not seeing evidence is hardly reassuring, he noted.

"Also disturbing is the comment that 'There is no connection to the previous incident' [the 2015 breach of Carphone Warehouse]," Miller said. "Of course there's a connection – the same organization got breached, fined, didn't take adequate steps to change security, and got breached again."

Michael Magrath, director of global regulations and standards at OneSpan Inc., noted the European Union's data protection legislation, such as the GDPR, will impose heavy fines on organizations with lax data security protocols. "Organizations relying on a single shared secret to protect sensitive personal identifiable information has been very lucrative ‒ for hackers," he said. "While no security solution is 100 percent secure, in 2018 organizations not deploying risked-based authentication solutions are hoping they can dance between the raindrops when it comes to security."

Miller expressed hope the newly enforced GDPR will raise the bar for accountability but said it will take more than harsh penalties to stop data breaches. Businesses need to start "seriously rethinking how they secure sensitive customer data," he said.

Improve protections

Magrath stressed the need for organizations to adopt "multiple, layered authentication technologies," by combining PINs and passwords with biometrics and "analyzing context based on location and device characteristics."

Robert Capps, vice president of business development, NuData Security, a Mastercard company, said bad actors exploit the smallest security gaps to steal customer data. "As we all know, credit card information, combined with other user data from other breaches and social media, can build a complete profile," he said. "In the hands of fraudsters and criminals, these valuable identity sets are usually sold to other cybercriminals and used for myriad criminal activities, both on the internet and in the physical world."

Capps said advanced techniques and technologies can protect consumers. "Multilayered technology that thwarts fraud exists right now," he stated. "Passive biometrics and behavioral analytics technology are making stolen data valueless by verifying users based on their inherent behavior instead of relying on their data, such as credit card information. This makes it impossible for bad actors to use stolen data, as they can't replicate the customer's inherent behavior attached to that data."

Apple Pay, Google Pay lose ground at stores
Thursday, June 14, 2018

A ccording to an annual survey of merchants, two major mobile wallet providers lost traction over the past year. Merchants accepting Apple Pay slipped from 48 percent to 35 percent in 2018, while Google Pay dropped from 38 percent 25 percent year-over-year. Support for PayPal, however, surged from 48 percent to 64 percent. Looking at the overall picture, mobile wallet support grew from 22 percent to 29 percent.

Pain points cited by merchants in the 2018 Mobile Payments & Fraud Survey, conducted by Kount Inc. and The Fraud Practice, included maintaining ease of use for consumers for 60 percent of those surveyed. The ability to detect fraudulent order attempts was a challenge for 52 percent. Even with these challenges, nearly one-third of merchants were optimistic that the mobile channel will represent at least half their total revenue by 2020.

Support across the board was up for near field communication at the POS, which grew from 29 percent to 37 percent year-over-year. Twenty-six percent of merchants surveyed indicated they plan to increase or add support for social commerce through social media channels.

The survey also found that while merchant awareness of mobile fraud risks continues to improve, the percentage of merchants that track mobile fraud to understand fraud attempt patterns remains relatively low, representing 35 percent of merchants surveyed.

"For the third consecutive year, merchants are showing signs of complacency and even regression in terms of managing mobile fraud risk," said Don Bush, Vice President of Marketing at Kount.

Merchant perceptions may be driving mobile risk tolerance to some degree. About half of those surveyed viewed traditional ecommerce via desktop browsers as their highest risk channel, compared with mobile web browser transactions (21 percent) and mobile app payments (18 percent). Overall, 38 percent viewed the mobile channel as high risk.

Mobile fraud cannot be ignored

Merchant pullback in mobile fraud monitoring comes at an inauspicious time, since more than 75 percent of financial institution, lender, and food and beverage businesses surveyed have noted increases in mobile channel fraud attempts over the last year.

"Despite the increase in mobile fraud and the evolution of tactics carried out by criminals to commit fraud in this channel, the number of merchants implementing specialized tools has decreased, demonstrating that merchants struggle to properly address fraud in the mobile channel including both apps and mobile browsers," Bush said.

Less than 20 percent of those surveyed have adopted artificial intelligence/machine learning, considered one of the most effective fraud detection tools available. The risk management tools most often used for detecting mobile channel fraud were card verification value check (62 percent), fraud scoring (43 percent), and address verification services (39 percent). Over 83 percent use two or more fraud prevention tools or techniques.

Both companies involved in the survey recommend a dedicated fraud strategy for the mobile channel to coincide with other channels. "Although mobile fraud attempts increased for 60 percent of merchants last year, just 17 percent employ a separate risk management strategy for the mobile channel," said Justin McDonald, Senior Risk Management Consultant at The Fraud Practice.

An area where progress is being made is the ability to detect transactions from mobile devices separately from other channels, which over the past five years, has grown from 16 percent to 46 percent among the merchants surveyed. The survey also found that 52 percent of merchants can tell which mobile operating system is in use.

As to which merchant categories are expected to lead in mobile payment acceptance, merchants selling jewelry (71 percent), electronics and computers (63 percent), health/beauty products (63 percent), and apparel or accessories (56 percent) were the categories most likely to consider the mobile channel very important to their overall strategies in the coming years.

View prior breaking news

Spotlight Innovators:

North American Bancard | USAePay | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems