Objective
The purpose of this document is to provide an introduction to the use of Auto-Approve Decisions in your Risk Scorecards (ScanX).
Table of Contents
Intended Audience
Intended Audience: Underwriting Managers / Head of Risk, Compliance, Key Stakeholders
Important Considerations Before Implementing Auto-Decisions
It is highly recommended that your organization has a documented Risk Underwriting Policy. Your company risk policy should describe your approvals process (including any auto-decisions), along with your escalation process. Further, it is important that you perform periodic reviews of your risk policy, to ensure that it is in compliance with Card Brand (Visa & Mastercard) Rules and other regulatory & compliance requirements.
Successfully implementing Auto-Approval into your Risk Underwriting operations & risk framework requires a united front between your Risk Leadership/Managers, Underwriting Team, and Fraud + Monitoring Activities.
Auto-Approve
How Auto-Approve Works
In order for a Merchant to be Auto-Approved in ScanX, two conditions must be met:
-
The Overall Score is ABOVE the Auto-Approval Threshold set on your Scorecard
-
No Risk Flags are ON (Review, Decline, and Prohibited Flags)
Auto-Approval Risk Policy & Strategy
Auto-Approval should be reserved primarily for lower-risk merchants. Over time, as you gather more data and confidence in your risk model.
It is important that your Risk, Fraud, & Compliance leadership groups are aligned on your Auto-Decision policies, specifically in regards to Auto-Approvals.
No Merchants should ever be Auto-Approved for processing without performing Identity Verification, MATCH, OFAC, and Banking Verification. Additional checks may be required and are recommended. We are happy to provide you with advice based on our experience, or we can refer you to a third-party expert to assist - it’s important that you own your own risk model in a way that aligns with your business needs & risk tolerance.
After a merchant is Auto-Approved, It is recommended that you perform periodic manual reviews as part of your risk policy. The timing of this review may depend on the risk level of the merchants, and their processing volumes. Ensure that your risk policy includes specific considerations for merchants who were auto-approved.
Identifying Lower-Risk Merchants
There are a number of ways to identify lower-risk merchants. It is important to consider a multitude of factors when determining if a merchant is lower-risk, or not. Considering a single factor (eg. MCC Code/Industry) is not a sufficient way of identifying a merchant’s potential risk level. Every organization will have their own stance on what constitutes a lower-risk merchant for its own business model.
Here are some common indicators that are used to determine a merchant’s risk level:
-
MCC Code / Industry - MCC Codes can also be categorized by risk level - consider the Chargeback %, Returns %, and Card Not Present % factors that you see historically for each MCC Code.
-
Processing Profile (Actual or Expected)
-
MOTO & Card Not Present Sales
-
Sales & Marketing Methods
-
Future Days Product Delivery/Fulfillment
-
Subscription & Membership-based Services
-
Fulfilment Houses & Distribution Centers
Your Risk Policy should consider many of these factors when determining which merchants should be eligible for auto-decisions. ScanX makes it simple to disqualify merchants through the use of risk flags.
Using Risk Flags to Disqualify Merchants from Auto-Approval
Before enabling Auto-Approval, it’s important to protect yourself. With ScanX, we primarily do this by utilizing the Review Flag to force manual Underwriting review of a Scorecard.
Here are a few rules we recommend you review closely and configure to your risk policy preferences:
-
MCC Risk Rules
-
MCC Monthly Volume Risk - Set the Review Flag to trigger on lower monthly volume amounts for all MCC Codes that you do not want to be eligible for Auto-Approval except in very low-volume situations.
-
MCC Code Check - Set the Review Flag to trigger for all MCCs that you do not want to be eligible at all for auto-approval.
-
-
Processing Profile Rules
-
Average Ticket Amount - Use the review flag to prevent merchants with significantly high average tickets from being auto-approved.
-
Highest Ticket Amount - Same as above, but for the highest ticket
-
Average Monthly Volume - Same as above, but for the average monthly volume
-
-
E-commerce Indicator - Prevent merchants who process significant amounts of E-commerce by enabling this risk rule (% or $).
-
MOTO Card Not Present Risk - Prevent merchants with significant amounts of MOTO + Card Not Present processing (% or $).
-
Bank Account Verification & Name on Bank Account Verification
-
Consumer Credit Rules - Determine what credit scores represent enough risk that they should not be eligible for auto-approval. Ensure that review flags are enabled for these score ranges You should also leverage the Bankruptcy & Public Records credit rules to ensure that manual review is taking place for potential bad actors.
Understanding Your Data: Overall Score & Auto-Approve Thresholds
Optimizing and understanding your Overall Score is an important step before enabling Auto-Approval. Further, this data will help you confidently understand what types of merchants may be eligible for auto-approval once it’s enabled.
First, you can use Workspace to Export Scorecard data to excel, or you can filter in AEX directly! Some important questions to consider early on in your review are:
-
How many of your Scorecards have an overall score > 95? > 90? > 80?
-
Out of your highest overall scores, were any of them declined?
-
If yes, further analysis is required here. Were these older scorecards from before your risk model was optimized? Or, we need to look closer at why these merchants were declined. Were there Flags triggered on these scorecards that would have prevented them from Auto-Approving?
-
-
Identify your highest scoring Declined Scorecards - are there any lessons learned from the rules that flagged (or didn’t flag)? Can we optimize our scoring rule settings based on our findings?
We recommend that when you enable the Auto-Approve Threshold, you start with small increments (95 > 90 > 85) in order to mitigate risk and to allow your team ample time to review your first set of Auto-Approvals as quickly as possible.
Understanding Your Data: Optimizing Risk Rules & Flags
Optimizing your risk rules & flags is very important if you want to confidently enable Auto-Approvals. Understanding which rules are triggering the most frequently, and on your highest scoring applications will help you better understand how to adjust your model in a way that aligns with your risk policy.
Once you identify which flags are triggered most frequently, focus on two things to start: quick wins, and highest frequency flags. Once we have the AEX IDs of some of these scorecards, we can begin our analysis.
-
Were flags triggered that weren’t necessary?
-
Does it make sense why certain flags were triggered on this scorecard? If not, don’t hesitate to contact us! support@agreementexpress.com
Tip: If you don’t already have it, reach out to your AEX Customer Success Manager and ask for reporting data on your Risk Flag and Scorecard data.
Tips on Adjusting Rules to Enable Auto-Approvals
Here are some of the rules that we often see customers adjusting in order to enable Auto-Approvals:
-
Business & Individual Data Verification (Giact - gIdentify Business & Individual)
-
For customers using these rules, it is common (~25-35%) to see flags triggered because a secondary data element (Phone or Address did not match Giact records). Giact provides a description of AcceptWithRisk for these specific codes, and ScanX flags them by default.
-
Look at codes CI23 and CI24 in your Giact Scoring Rules.
-
-
Prohibited Phrase Count
-
KYC Sitescan offers a very powerful scraping tool that crawls a merchant’s website and identifies thousands of prohibited words across up to 100 different pages.
-
The default prohibited words list is very exhaustive, but some of the terms may not make sense for your business. This is very important to consider if you have partner-specific scorecards or scorecards that are targeted to specific business types.
-
This list can be customized in your KYC Sitescan account. If you need help, contact support@agreementexpress.com or your Customer Success Manager.