Saving Your Reputation With Visa’s Account Name Inquiry
If there are two things at the top of any merchant’s list of critical goals, they are certainly managing processing costs, and protecting their customers (and their own reputations) by avoiding fraudulent charges.
A way to meet both targets is to avoid processing payments for stolen or misappropriated credit cards. Successfully processing payments even though they were requested by individuals who are not the legal owners of a credit card account can add cost, risk, and reputational damage for merchants and customers alike.
This is why Visa offers the Account Name Inquiry (ANI) service, an extra step in the payment process that can minimize fraudulent purchases.
What is the Visa Account Name Inquiry (ANI) service?
The Visa Account Name Inquiry (ANI) service checks that the name associated with a credit card is correct. Although it incurs a fee ($0.10 at the time of writing), it can avoid downstream processing fees by stopping the transaction process before a purchase is presented for settlement. This additional step simply:
- Allows the merchant to present the card data and name to the ANI service.
- Validates the card data and name.
- Returns a ‘match,’ ‘partial match,’ or ‘mismatch’ rating, enabling the merchant to programmatically choose not to continue in the absence of a match.
Visa’s ANI service is optional for merchants working with processors that allow its use in their interactions. Depending on how the merchant payment system is configured, the $0.10 fee may be considered an extra expense or a wise investment.
Why would a merchant choose to use the ANI service?
When a credit card is used fraudulently, it creates a range of negative outcomes—for customers and merchants alike. These include:
- Financial stress for the customer, who may find their card limit reached, their bank account opened, or their credit rating negatively impacted.
- Time drain for the customer, who must now reach out to a variety of merchants, banks, and other financial institutions to reclaim their money.
- Chargebacks for merchants who accept fraudulent charges, as customers are more likely to ask their issuing bank to reverse all the transactions than to call each affected merchant individually.
- Unnecessary processing fees, revenue loss, and potential penalties for merchants, as the charges are reversed, and their chargeback ratio creeps up.
- Reputational damage for merchants who have inadvertently allowed fraudulent payments to flow through their systems.
With so many potential drawbacks to letting fraudulent transactions pass through their systems, merchants often look for ways to limit their exposure. The ANI service helps reduce the number of fraudulent charges that can be made at a reasonable cost.
Why would a merchant choose not to use the ANI service?
Merchants with strong security systems, which can reliably identify and prevent fraudulent transactions, may feel that the additional cost of Visa’s ANI service is an unnecessary expense. Those in particular who maintain extremely low chargeback rates may feel that the reward available by having an additional check on the name is not worth the cost.
That said, many merchants have neither a choice to use it, nor necessarily a clear indication of whether ANI is being utilized. These are merchants who have contracted with full-service PSPs, which charge a flat fee for their services, and make their own decisions on which security measures to put in place.
In the same way that using the ANI service can prevent unnecessary processing costs, and reduce chargeback risk, for merchants, it is similarly used by the full-service PSPs to protect their own business. While this can result in positive outcomes for merchants, it also presents something of a danger. Because full-service PSPs make their own decisions on which merchants are too risky to continue to serve, a series of ANI failures could represent a red flag and threaten a merchant’s account. There are plenty of stories of merchants being dropped by their PSP partners, and another data point that could hurt them in the event of a targeted attack by fraudsters is not ideal.
The challenge with ANI, as it is with any other data-matching process, is that it compares strings of letters provided by a consumer against the strings of letters stored by the issuing bank. A simple misspelling can cause trouble - and in a world where consumers are increasingly buying from their smartphones, misspellings caused by ‘fat fingers’ are not at all uncommon. Similarly, people who change their names, perhaps after getting married, run the risk that the issuing bank does not yet record their new name—or that it is, but the consumer forgets and uses their old surname.
And for consumers with hyphens in their name, the matching process can be fraught with risk, especially if the payment processing system they’re trying to buy from does not properly handle special characters. It is not in the slightest unusual for systems to programmatically remove any character that is neither a letter nor a space.
For this reason, it is vital for payment systems to distinguish between mismatches and partial matches, and to make calculated decisions on which to accept. For instance, if a consumer provides a first, middle and last name, and only one of the three is flagged by ANI (say, because the consumer missed one of the t’s in Matthew), the system may decide to plow ahead with the transaction, presuming all other security checks have successfully cleared.
Ensuring ANI is an Option
Merchants considering the use of ANI as an additional security check in their payment processes should generally plan to contract with more than one PSP, and to retain ownership of their customers’ details. This allows a merchant to craft their processes direct transactions to their preferred PSP, and to request ANI prior to processing the transaction.
The merchant then has the option to redirect approved details to the best provider for their purposes, whether geographically to avoid cross-border fees, to a provider for particular items being ordered, or simply to balance the volume between PSPs.
In order to minimize PCI-DSS scope and expense for their payment systems, merchants should consider contracting with a programmable payments vault, which will securely collect and store the information at arm’s length for the merchant—then accept requests to redirect the information to the preferred PSP.
In doing so, merchants provide their customers with excellent security, and themselves with the option to contract with multiple downstream PSPs.
