Online Payment Fraud: What Is It and How Razorpay Prevents It

FeaturedFraud Prevention for Online Businesses

This is the second blog in our series on online security and fraud prevention. To understand more about online safety (how to distinguish between a secure and non-secure website, how to ensure you are making a secure payment) read the first part here. To understand how online payment fraud occurs and the steps to prevent it, read on!


There is a reason why banks put up disclaimers announcing that their employees do not ask you for sensitive data, or that you should never reveal details like your OTP to an unknown person.

Online payment fraud is a reality of the internet age we live in and the numbers are only set to increase with the increasing digital adoption in India. According to a study by the credit information company

Experian and the International Data Corp (IDC), the fraud risk in India is currently pegged at 8.1 points; second only to Indonesia (8.7 points) and significantly higher than the average 5.5 points in the Asia Pacific region.

A 2016 consumer study conducted by ACI Worldwide places India at the fifth position in terms of total card fraud rates; behind Mexico, Brazil, United States, and Australia.

As they say, the best weapon against any problem is education; so let’s begin by understanding the different types of payment frauds that occur in India and how online sites and payment gateways like Razorpay prevent it.

Online Payment Fraud: The Different Types

The most common types of online fraud occur via phishing or spoofing, data theft, and chargeback or friendly fraud. We have explained these in detail below.

Online Phishing or Spoofing

Phishing is the process of accessing one’s personal information through fraudulent e-mails or websites that claim to be legitimate.  The information gathered this way can include usernames, passwords, credit card numbers, or bank account numbers.

The most widely used method for phishing is to redirect an online user (from an email or SMS) to an “official” website where they are asked to update their personal information.  You are thereby tricked into revealing personal information that you would ideally not reveal to anyone else.

Phishing can also occur via other electronic means such as SMS, instant messaging, and on email. You can be redirected to make a payment on a website that looks legitimate, but which is created to capture your card details so they can be used later.

According to reports, India is the third-most targeted country for phishing attacks, after the US and Russia.

Data Theft

Sometimes, dishonest employees or partners can steal credit card data from businesses and use this for committing fraud. Most online sites take stringent measures to ensure that such privacy breaches do not occur.

Instead of storing credit card details as is, for instance, websites and payment gateways use methods like tokenization and encryption to keep the data secure.

Razorpay takes data security very seriously. We are a certified ISO-27001 compliant organization, which means we undergo stringent audits on our data privacy processes.

Chargeback Fraud or Friendly Fraud

Let’s say a customer makes an online purchase. Later, they claim that the purchase was made fraudulently and ask for a chargeback – even though they made the purchase themselves! (A chargeback – in the simplest of terms – is an order from a bank to business, asking it to return the amount paid for a possibly fraudulent purchase.)

This is known as chargeback fraud or friendly fraud, where business processes a transaction since it seems legitimate; only to be issued with a chargeback later on.

Chargeback frauds cause GMV losses and are a hassle for any business. We have a Razorpay Chargeback Guide that will help you understand why chargebacks happen and take steps against fraudulent charges.

The Effect of Payment Fraud on Businesses

As per the current terms and conditions, a credit card issuer (i.e., the bank) does not consider the cardholder liable for any fraudulent activity; for both card-present and card-not-present frauds.

Therefore, payment frauds involving credit cards have a significant effect on the business community and a significant impact on a merchant’s bottom line. Every time a customer issues a chargeback, it leads to loss of both inventory and GMV. This is especially true for retail establishments, where the profit margins are usually small.

Regarding industry, the subscriptions industry continues to have the highest rate of fraud for two main reasons:

  • Subscriptions are essentially a card-dependent service; wherein the USP of the service is that the customer does not have to make manual payments. It is easy to claim that one’s card was used without knowledge in such a scenario.
  • Fraudsters and hackers use subscription services to ‘test’ cards. Online subscription services usually provide a one-month free trial, but one needs a credit card to initiate the trial period. Since the value is negligible, such payments usually go unnoticed by a card owner. If the card details are incorrect, the subscription business shares a detailed authorization error; thus making it easy for the hacker to modify their strategy and continue using the cards.

Razorpay: How We Help Businesses Reduce Fraud and Mitigate Risk

Apart from the mandatory protocols, Razorpay has its processes (developed in-house by our tech whizkids) to detect and prevent fraud and mitigate risk. As a payment gateway and a converged payments solution company, we take data security very seriously.

By delving into our data and analyzing patterns, we have been able to institute processes that ably discern between a ‘normal’ and a ‘suspicious’ transaction with credible accuracy. These systems are divided into two types:

a) Systems for detecting ‘Merchant Fraud’

Merchant fraud occurs when someone creates a fake or bogus company with no intention of selling any product to the customer. The business appears legitimate; but since it offers no actual goods or services, all users who make an online purchase only end up losing their money.

As a payment gateway, Razorpay has strict processes in place to vet every company which uses our gateway for processing payments. Some of the ways how we check for merchant fraud include:

KYC checks: Adhering to strict KYC norms even before we onboard a business is an integral part of fraud mitigation. We have an in-house ‘Risk and Activation’ team that runs background checks on new businesses and vets them before they are ‘live’ on our payment gateway.

At Razorpay, we take this check one level higher by monitoring all suspicious and potentially fraudulent businesses, and the transactions that originate from them.

Transaction monitoring: Razorpay Payment Gateway has an inbuilt ‘Risk’ logic which can sniff out a possible fraud faster than a K9 squad. Let’s say a merchant who gets 3-4 online orders in a day suddenly starts to get 300 daily orders.

A sudden spike in transaction velocity (number of transactions per minute/hour/day), volume (amount transacted for), or pattern (international orders for a local brand) is an indicator of fraud and our systems immediately flag such transactions for further investigations.

Our ‘Risk’ logic also has 72 odd rules for monitoring the thousands of transactions on our payment gateway on a daily basis. This logic is designed according to the merchant, and our logic pathway can easily differentiate between standard day-to-day transactions and those that carry a high probability of risk.

b) Systems for detecting ‘Customer Fraud’

Customer fraud occurs when a stolen or lost card is used for suspicious activities. It can also occur for other payment modes. Not only does this affect the user, but it is also detrimental to e-commerce websites as it increases cases of refunds and chargebacks, and leads to loss of GMV.

At Razorpay, we strive to protect both our merchants and our customers. Which is why we conduct extensive transaction monitoring as well to protect both their interests. How do we do it? Here’s a peek:

Checking for hotlisted cards: Every time a card is used for payment, our gateway connects with the card provider to check if the card has been hotlisted. (Hotlisting means that the card has been blocked temporarily or permanently for use). This is done in real-time so that a verified transaction is still completed within seconds, while the suspicious ones get flagged.

Pattern-based transaction monitoring: We also use geographical and pattern-based transaction monitoring (as for detecting merchant frauds) to identify suspect transactions. This helps us in preempting and preventing chargeback frauds and other types of customer frauds. We have a hit ratio of being able to identify 85% of fraudulent cases in advance.

Online Fraud Prevention: The Future

Online fraud will remain a contentious issue even in the days to come. The more we connect and transact online, the bigger the threat. Moreover, since we cannot eliminate it, the solution must be to remain on guard every single second. The only way to prevent online fraud is through vigilance and regulation.

A good example here is the 3D Secure (3DS) protocol that VISA had developed to keep its customers safe, and which has since been adopted by other card companies like American Express, MasterCard, and JCB International.

A similar process is the 2FA used in India, which is mandatory for all cardholders and card-issuing banks. The RBI has also mandated online alerts for all card transactions – even those where the cardholder physically swipes their card at a PoS system.

For all transactions considered suspicious, cardholders have the option to issue a ‘de-activation request’ immediately and hotlist their cards.

The Indian government’s decision to appoint a nodal agency for dealing with phone frauds – called the FCORD initiative – is another praiseworthy step. We at Razorpay are also in touch with the MHA, which has designated the FCORD as the Nodal Agency for reporting and preventing Cyber Crime frauds in India, regarding the same.

While a zero-fraud system will take some days to achieve, we are constantly building new processes to minimize fraud risk for all consumers.

The bottom line though remains this: If you are building an e-commerce website, remember to follow all the protocols mentioned above and minimize the risk of fraud. Alternatively, find a payment gateway (hello there!) that has stringent security protocols already in place. We’re just a click of a button away!

Razorpay 2.0 – A Year In Numbers

A little over a year ago, we launched our suite of converged payment solutions – which we called ‘Razorpay 2.0‘.

The products came into being because of a single insight – that businesses in India needed a complete payment solution to handle all aspects related to the flow of money, right from the moment when a payment is initiated to the point it is fully reconciled and disbursed to the final destination.

One year later, the five new products we launched in our 2.0 suite have all seen huge growth and increased adoption.

And we’re just getting started. The future of payments has only just begun!

Razorpay - 2.0 - growth numbers

Razorpay 2.0 - Infographic - Statistics

How Secure Are Your Online Payments?

Featured

At Razorpay we strive to make every transaction done via our payment gateway a secure payment. We’re a technology-first online payments company and online payment security is in our DNA. We employ a ‘no stones unturned’ approach to safeguarding the interest of both the online businesses who use our products, as well as their consumers.

We also understand the assurance of secure payments is one of the primary drivers behind the choice of a payment gateway.

With the growing number of e-commerce users and transactions in India,, it is important that we are all aware of the mandatory security protocols for e-commerce websites; so that we can avoid fraudulent situations. As the saying goes, prevention is better than cure.

In this article, let me walk you through the security protocols and processes followed at Razorpay, and which you should look for, too, every time you transact online.

online payment security architecture and information flow

1. TLS Encryption

Data security on e-commerce websites or an online payment system begins the moment a user lands on the site. The TLS Certificate tells users that the data transmitted between the web server and their browser is safe.

As a payment provider, Razorpay uses the highest assurance SSL certificate on its website which is the EV SSL (Extended Validity SSL) certificate.

Without TLS Encryption in place, all data sent over the Internet is unencrypted and is visible to anyone with the means and intent to intercept it. An easy way to check if the e-commerce websites you frequent are SSL certified is to look at the URL and see if it uses ‘http://’ or ‘https://’ protocol.

The additional ‘s’ signifies a secure e-payment system. You can also look for the padlock icon at the beginning of the URL. Modern web browsers in their race to make the Web secure by default are now following the opposite paradigm – mark HTTP sites as “insecure”.

2. PCI-DSS Compliance

The PCI Security Standards Council is a global organization that maintains and promotes compliance rules for managing cardholder data for all e-commerce websites and online payment systems.

The Payment Card Industry Data Security Standards (PCI-DSS) is in effect a set of policies that govern how sensitive cardholder information should be handled.

Fact: The PCI Security Standards Council was created as a joint initiative by the four major credit-card providers: American Express, Visa, MasterCard, and Discover, in the year 2004. Over the years, the PCI-DSS standard has become the guiding principle for online security across the globe.

For an e-commerce website or an online payment system to be PCI-DSS compliant they have to follow certain directives:

Maintain a secure network to process payments: This involves using robust firewalls which can protect against malicious security threats. Further, the website or payment gateway should not use default credentials like manufacturer provided PINs and passwords, and must allow customers to change this data as needed.

Ensure all data is encrypted during transmission: When cardholder data is transmitted online, it is imperative that it be encrypted. Razorpay encrypts all information you share using checkout via TLS (Transport Layer Security). This prevents data interception during transmission from your system to Razorpay.

Fact: On the Razorpay Payment Gateway, all the details entered by a user like their name, address, and credit/debit card information are used only to process and complete the order. Razorpay never stores sensitive information like CVV numbers, PINs etc.

Keep infrastructure secure: This directive involves keeping abreast of new PCI-DSS mandates and using updated software and spyware to protect against known software vulnerabilities, running regular system and software scans to ensure maximum data protection.

Restrict information access: An important part of securing online payments on e-commerce websites is restricting access to confidential information so that only authorized personnel will have access to cardholder data. Cardholder data must be protected at all times – both electronically and physically.

3. Tokenization

Tokenization is a process by which a 16-digit card number gets replaced by a digital identifier known as a ‘token’. This is done to ensure the safety of the original data while allowing payment gateways to securely access the cardholder data and initiate a secure payment.

Fact: Even if a website gets breached and the tokens stored are hacked, it is immensely difficult to reverse-engineer the actual card number from the token itself. To do this, one needs access to the logic used for tokenization, which is not publicly available.

Credit card tokenization helps e-commerce websites improve security, as it eliminates the need for storing credit card data, and reduces security breaches. For more on how tokenization works and impacts online payments, you can read our in-depth blog.

4. Two-Factor Authentication

Two Factor Authentication, aka 2FA, or two-step verification is an extra layer of security added by e-commerce websites to ensure a secure payment for a customer.

This is a customer-facing authentication process, mandated by regulatory bodies like RBI, in that the transaction is processed only after the user enters a detail that only they could know, or have at hand (like a physical token or a security key). Many banks and other e-payment gateways also use the 2FA for their own payment modes.

Fact: 2FA is not a newly-minted technology, but it has recently become the de-facto method of authentication in the digital age. In 2011, Google announced 2FA for heightening online security for its service. MSN and Yahoo followed suit.

When you use Net Banking for a transaction, you are first asked to enter your username and password. As a final confirmation, the bank sends you an OTP on your registered mobile number. This process has been mandated by the RBI, is divided into two levels of authentication:

What the user knows: In this step, users fill in their card/Net Banking details such as username and password. This helps the payment gateway recognize which bank the card belongs to.

What the user (and only the user) has: This step is known as ‘Authorization‘ and is done through the OTP/PIN/CVV. The bank (and the payment gateway) can then confirm that the request for payment is initiated by the rightful user.

5. Fraud Prevention

Apart from these mandatory protocols, most e-commerce websites and payment gateways have their own fraud and risk prevention systems. Big data analytics and machine learning play a huge role in devising these risk prevention and mitigation systems.

By delving into our customer’s data and analysing patterns, we at Razopray can discern between a ‘normal’ and a ‘suspicious’ transaction with credible accuracy. Apart from this, there is a lot that you as a customer can do to reduce the risk of fraud. 

Always remember that:  

– Anyone of importance will never ask for your card data/passwords up front. Banks and financial service providers have a safe protocol to gain admin access to an account if the need ever arises.

– Passwords are safer when you don’t write them down. Keep strong passwords that you can remember, change them frequently, and refrain from writing them down somewhere.

– You have the right to dispute suspicious charges on your card or accounts. Raise a chargeback request for any unidentified transaction on your card. You have a legal right to a resolution.

If you are building an e-commerce website, remember that fraud prevention requires that you follow all the above-mentioned protocols. Or find a payment gateway (hello there!) that has stringent security protocols already in place. We’re just a click of a button away!

Lessons from the Frontline: How Razorpay Customers Drive Business Change Through Online Payments

One of the measures of innovation – whether technology or process-driven –  and its impact is the way it changes the way an organization does business. Some time back, we wrote to tell you about Razorpay 2.0; a suite of products that make Razorpay more than your average payment gateway.

Then we decided to do a case study to see how our products have helped our users affect significant changes in their day-to-day operations and how they accept online payments.

We bet on Razorpay 2.0 because we believed that online payments can not just transform e-commerce but also help businesses in how they operate and help optimize their customer experience.

While we always understood payments as a service; we now also have intimate knowledge of added B2B/B2C verticals and how a seemingly simple digital transaction can affect intangible things like the inherent trust between a client and a business.

So, as we gear up for the remaining half of 2018, let me share with you the learnings we have gleaned from our customers, and how it has helped us become even better at what we do.

#1: Ease-of-transaction and word-of-mouth go hand-in-hand

In the digital world, all is not five-star ratings and online reviews. Reports suggest that as much as 13% of all online sales come via word-of-mouth channels; like influencer marketing. But, for a B2C company which operates in both the online and offline space, the number could be much higher.

This insight comes from a case study with FreshToHome – a food-delivery startup which uses Razorpay Payment Gateway for online transactions. We know that 2014-15 was the year of food startups in India; with investment dipping low in 2016 due to global events. In 2017-18, this sector has seen a huge jump again with investment worth $370 million.

Currently, there are over 900 food startups in India, and word-of-mouth and the water-cooler chat are fast becoming important sources of revenue.

What role do payments play in this scenario? Well, if your payments game is not up to the mark and you cannot capture orders as soon as they come in, all you have left is a hungry customer with a bad review. And foodies, mind you, take such process gaps seriously. In the services industry – of which food startups are a part – WOM (word of mouth) is a key driver.

This is because services are experiential in nature, and cannot be assessed before purchase. And an undercooked payments process is sure to leave a bad taste in your customer’s mouth!

razorpay-case-study-freshtohome

#2: Customised payment solutions can help businesses save up to 20% in cost and time

This report by Fujitsu dives deep into the causes for time and money loss in the B2B sector, and the findings are very interesting. According to the study which took place in the UK, 65% of SMEs lose time and money because of low adoption of new technology.

Another key factor for time loss is the administration tasks (up to 10 hours a week) which take time away from growth and revenue-increasing activities. The report then goes on to suggest that by utilising just two hours of each week properly, SMEs could help boost the UK economy by almost £9bn annually. This holds true in the Indian context, too.

In the B2B sector, slow adoption of technology – especially tech that is related to payments – can lead to slow revenue growth. A customised solution then, like the Razorpay Route, is the best way to effectively manage payments and increase productivity.

Let me give you a case study here. Bangalore-based Goalwise is an intelligent, online mutual fund investing platform that helps over 14000+ users across 42 countries to achieve their short and long-term financial goals.

They faced the challenge of ensuring real-time settlement to the AMCs (Asset Management Companies) to ensure that investors get the fund for the price at the time of the purchase and not for the price at the time of settlement.

Since units are allotted only when the money is settled to the AMC, the need for real-time settlements is a real bottleneck that legacy payment service providers do not solve.

However, with the Razorpay Route software, Goalwise can offer a settlement time of T+2 hours to its AMC partners, which is a big boon! Other features like ‘Settlement on Hold’ and API-driven reconciliation have helped the company reduce costs by 20%.

razorpay-case-study-goalwise

#3: Tailor-made payment solutions are the key to more subscription services

In just two years since its launch, Amazon Prime has over 10 million customers in India, making it the biggest subscription service in the country. Yes, we do not have a Dollar Shave Club yet but those, too, are not far off. And a robust online payments solution is going to be very important in boosting the growth of this sector.

A good example here comes from a case study we did with Rentomojo, the online furniture rental service. The company has been offering rental subscriptions for a while now, and over 40% of its user base has an ongoing subscription of 2 years or more.

Asking these customers to log in to their dashboard every month and pay the subscription amount makes for bad user experience and affects retention. Our case study shows that when customers forget to make payments, the late fees added to the amount also raises concerns.

Accepting recurring online payments from their customers without much friction has become a way of retaining customers for Rentomojo, thereby reducing the hassle of month-on-month payment.

An automated subscription tool like the Razorpay Subscriptions, which works with both the e-NACH mandate and credit/debit cards, is the solution that subscription providers need. Razorpay Subscriptions not only helps users with a better, automated payment plan, but it also allows businesses to predict revenue growth and proactively handle issues like card failures etc.

razorpay-case-study-rentomojo

#4: Customised payment solutions are the future of the online payments business

There is a lot that online payments solution providers and the B2B industry can do to make digital payments easier for all customers.

Seeing the traction for the Razopray 2.0 product suite reinforces my view that digital transactions are here to stay; provided businesses can make the process seamless and create trust. Faulty captures, transaction failures, refunds – these are all bottlenecks that technology can solve.

Talking to our customers to understand their online payments-related issues and creating a case study has been an integral part of our journey, and we have put all this data up on our Customer Stories page.

Because it’s too good not to share! If your business is looking for a payments solution, or if you are a start-up waiting to accept online payments, these case studies will definitely come in handy.

For everything else, we at Razorpay are just a call away!

TDR, MDR and Other Payment Terms Simplified

Featured

So, there I am. A newbie in the world of geeks, trying my best to understand terminology I wouldn’t have been caught dead using just a few days back.

Yes, it’s KT (knowledge transfer) time at Razorpay and as the new kid on the content block, I need my grey cells to absorb as much of the payment-related terms as they can.

And that’s when it hits me. If understanding these bywords is hard for someone who’s been in the fintech industry for a while, I wonder what others go through.

So, whether you are a startup enthusiast, SME owner, or just a curious Lannister who likes to know things, here’s a simplified introduction to payments and some of the oft-used terms in the industry. I hope you find them useful!

For the purpose of this blog, let’s take a look at a simple payment flow and the terms associated with this:

[Blog] First Image

1. Aggregator/Gateway

A payment gateway is a technology that allows merchants to accept online payments from their customers. PayPal, WorldPay, MIGS are some well-known examples of payment gateways.

Now, customers have their own preferred method of making a payment. If I was buying my favorite beverage on ChaiPoint, I might pay for it via NetBanking, while somebody else might prefer a wallet or UPI.

A payment aggregator brings together all these various modes of payment in a single interface, thus allowing the user the flexibility of choice.

2. Authentication

When you are dealing with high volumes of money on a daily basis, fraud and risk must be minimized. The authentication process is what helps payment gateways verify that you are who you say you are and prevent fraudulent transactions.

As mandated by the RBI, every online transaction in India undergoes two levels of authentication:

  • Verification of payment details: This helps the payment gateway recognize which bank your card belongs to so that they can process your payment faster.
  • Verification of user or Authorization: This is done through the OTP/PIN/CVV. When you enter these correctly, you essentially tell the bank (and the payment gateway) that you are the person using the payment mode, and have initiated the request for payment.

3. Acquiring/Issuing Bank

Now, these are two very similar-sounding terms which can get a bit confusing at first. So, listen closely! Simply put, an acquiring bank is a bank which facilitates the transaction through its gateway. And the issuing bank is the one used by the customer when making a transaction.

Let’s say that I used my HDFC credit card for a purchase at ChaiPoint. The transaction was processed via Razorpay. The issuing bank – which gave me my card – is, therefore, HDFC.

Now, Razorpay has to channel my money to ChaiPoint, and it does so via the gateway provided by SBI. Thus, the acquiring bank, in this case, will be SBI. In a sense, the acquiring bank is the partner bank for the payment gateway.

**These terms become even more important when we talk of issues like refunds, or card holder’s verification. The onus is on the issuing bank to verify the details entered by the cardholder and validate the transaction.

4. Merchant/Nodal Account

As defined by the RBI, a nodal account is an account created by an e-commerce, payment gateway, wallets, and aggregators specifically in order to accept digital payments. A merchant account is a temporary virtual account that a business creates with a payment gateway.

For instance, Razorpay has a nodal account for accepting and processing payments. When a merchant signs up with Razorpay to use our services, we create dedicated merchant accounts for them, which act as temporary vaults for payments.

Every payment made by a user is first directed to the Razorpay nodal account and managed through the specific merchant account.

Once the funds are deposited into the merchant account, the merchant is free to do as they please with it. So, they can effectively choose to send the whole amount to any of their business’ current accounts, or use it to make payments to their vendors and other associates using a feature like the Razorpay Route.

Most Indian banks offer the facility to open a current account. You can also create one through a private service provider.

Now, I know what you are wondering about and here’s the answer to your query – a merchant account and a business’ current account are indeed two separate entities.

Provided by your payment processor, you can use the merchant account only to accept digital payments from your customers, and disburse it to your vendors. Your current account, on the other hand, is where funds from both cash and card transactions are added, and which you use to pay salaries and bills.

5. Capture

To help you understand this term better, let’s analyze the anatomy of the transaction I made at ChaiPoint earlier.

The process began with me choosing to make a purchase online. I picked my favored mode of payment, entered the details, and confirmed the payment.

Voila! I see that the money has been debited from my HDFC account and credited to Razorpay’s nodal account. It now needs to reach ChaiPoint’s account and for this to happen, ChaiPoint has to ‘capture’ the payment so that Razorpay knows where to forward it to – almost like sending out a virtual Thank You, and a confirmation that the money indeed belongs to them.

And if ChaiPoint does not raise this ‘capture’ request within a stipulated time (5 days from the date of payment) then the amount is automatically refunded to my account.

6. Settlement

Once the transaction has been ‘captured’, the payment gateway i.e. Razorpay has to ‘settle’ the amount with ChaiPoint. Note that the money has still not been transferred to ChaiPoint’s merchant account. This is because even though the authorization, authentication, and capture (in most cases) happen in real time, the fund transfer follows a separate cycle.

Banks transfer the amount to Razorpay’s nodal account first, and this usually takes 1-2 days. Razorpay then sends it to ChaiPoint’s merchant account, and this happens 2-3 days after the transaction was first made. This is known as a settlement

[Blog]Second Image

So far, we have looked at the flow of money from the user to the merchant and understood the terminologies involved. Now, let us understand the process of reversing a transaction (as in the image above) and the terms used in this flow.

7. Refunds

Refund is as refund does. Come on, we have all done this at least once in our lives!

A refund is, in essence, a reversal of a transaction made by a user. In cases where the user is not happy with the goods or services purchased, or if they have paid for said purchase without actually receiving anything, they can ask for their money to be refunded.

The process is complicated and if you have ever wondered about it, here’s a wonderful blog that should clear all your doubts.

**Refunds and chargebacks may seem similar, but there is a difference in their machinations. A refund is initiated by the merchant (with or without a request from the user) because they failed to provide the goods/services agreed upon. A chargeback is a customer asking the issuing bank to forcefully remove money from the merchant account because the charges levied by the merchant are not valid.

8. Chargeback

The world of online payments is not just APIs and code. Every once a while, it can read like an interesting whodunit. Imagine a scenario where a customer has been charged for transactions on his credit card, which he claims he did not make. Is this a case of amnesia? Sour grapes, or a shopping affair gone wrong? Or, an intent to defraud? Whoa!

When a customer contests a charge made on their card, the issuing bank immediately issues a ‘chargeback’.

Again, in the example that we have used till now, let’s assume I ask my issuing bank to initiate a chargeback against ChaiPoint for transactions billed to my credit card. ChaiPoint will now get its best Sherlocks on the case to prove the validity of these charges within 15 days, failing which I am entitled to get my money back. End of story.

While as a payment gateway Razorpay is not directly involved in initiating chargebacks and refunds, we are a part of this digital infrastructure and do our best to resolve such issues quickly. Ideally, a business would like to stay away from chargebacks because it causes both loss of inventory (if you did make a sale), as well as money.

All the charges levied on a digital transaction are also levied in case of a chargeback.

**The Fair Credit Billing Act of 1974 (USA) is widely considered as the genesis of chargebacks. In India, this would fall under the ambit of the Consumer Protection Act, 1986.

9. TDR/MDR/Bank Charges

As we have seen till now, there are a lot of steps and entities involved in a successful online transaction. Since all of these entities offer a service to the user, they are entitled to a small fee which we have detailed below:

Bank Charges: This is the amount that the acquiring bank charges for providing card payment services. This rate is in guidance with specifications provided by the RBI (Reserve Bank of India). One of the components included is the ‘Interchange’ which is a fee given by the acquiring bank to the issuing bank for their card transactions.

Processing Charges: Your payment aggregator might also have to pay certain fees to other players in the loop like online wallets or banks for processing payments of a specific type. They would include this in the amount they charge you for every successful transaction.

TDR – Transaction Discount Rate: This is the amount that the payment gateway charges the merchant while transferring the money to their merchant account. This is specified by the gateway itself and includes the above charges. In India, this is interchangeably used in common speech with MDR (Merchant Discount Rate).

In conclusion, TDR = Bank Charges + Processing Charges + Taxes

**Payment Aggregators also provide additional services and products for managing your payments and hence on a case-to-case basis, may charge an additional service component.

And there’s more, but that’s for another time!

This obviously is not the end of the terminologies, but this is where we will stop for now. The Indian payments industry has been evolving rapidly and payment gateways have become essential for all businesses; whether online or operating out of a brick-and-mortar space. Hopefully, these jargons have helped you understand our world better!