There’s no cookie-cutter solution to managing payment fraud in your theater, museum, or arts center.
At the same time you want to limit fraudulent transactions and chargebacks, which are expensive and time consuming for your team to handle.
Unfortunately, the measures you put in place to mitigate against fraud will often add friction to the purchase pathway. There are many tools available to reduce the risk of problem transactions - but with every layer of protection, you may also prevent some genuine sales from going through.
That’s why we recommend that arts and live events organizations design a strategy centered on payment fraud risk management, rather than aiming for complete fraud elimination. As you build up your fraud protections, you’re continuously navigating the push and pull between risk and friction.
Here, we’ll unpack what that looks like for your organization. Learn more about the payment fraud mitigation options available to you, the trade offs, and the data you can use to inform your decision.
There are rules you can put in place within your payment process to help verify the legitimacy of each transaction. The rules you can put in place will vary based on the payment methods you accept.
However, it’s not as simple as applying every measure available to you. Each of these measures may help to reduce problem transactions. But each adds friction to the payment process.
The measures you choose will be based on an evaluation of your payment fraud risk, and your own understanding of your audience demographics and expectations.
Risk 🔽 Friction 🔽
If your payment processor allows you to accept Apple Pay, it can be an easy win - adding a layer of security with fingerprint or Face ID, shifting liability for any fraudulent transactions that do slip through away from your organization, and reducing friction for many customers. One theater saw 49% of customers choosing Apple Pay within weeks of its introduction! However, it’s unlikely that every patron will use Apple Pay, especially if your audience demographic is older, and you may need to combine this with additional security steps for traditional card payments.
Risk 🔽 Friction 🔼
Your payment processor will check that the billing address in your system matches the cardholder details held by the bank. This is fairly common in the US, UK, and Canada, but doesn’t work so reliably for cards issued in another country or for cards other than Visa, MasterCard, Discover, and American Express.
For most patrons this adds little friction, but is less reliable for certain address types, like apartments, than for standard street addresses. If you’re a city center venue, or welcome a high proportion of student audiences, this may not be the right choice for you.
Risk 🔽 Friction 🔼
This is a 3 or 4 digit security code, often found on the back of a debit or credit card. While long card numbers can be stored by merchants, the CVV must be entered for every transaction. This adds an extra layer of security with minimal effort on the part of consumers.
Risk 🔽 Friction 🔼
3D Secure is a more complex security check which involves the merchant, card issuer, and cardholder. After entering their card details, patrons see a secure page where they’re asked to enter a code, password, or use fingerprints or Face ID, to verify their identity. It’s only when that step’s been completed that the transaction’s approved.
This is mandated in the UK and EU for everything other than the lowest value transactions, but adds a significant additional step that’s less common in the US and Canada.
Risk 🔽 Friction ⏫
If you identify fraudulent activity originating in a specific country, most payment providers give you the option to block cards issued in that location. That can be a useful option for venues with a mostly local audience, but it’s a crude tool for identifying risk. If you welcome even a small number of international visitors then it can prevent genuine purchases.
You may also have the option to block all cards issued internationally, but that’s a big step - almost certainly blocking purchases by genuine tourists and foreign residents.
It’s up to you to make a decision here about risk tolerance, based on your knowledge of your patrons and your payment fraud data. Is it worth risking a decrease in transactions and a reduction in customer experience in a quest to eliminate chargebacks?
The good news is that you have the flexibility to choose which measures to implement and how to combine them to meet the exact needs of your organization. Some solutions can even adapt in real time for each individual transaction, offering additional or varying security measures depending on the situation.
Sometimes, in discussions around fraud, we’ve observed frustrations between different teams in an organization, so we wanted to take a moment to address this.
Every role naturally has a different perspective on the challenge before them.
A finance director or box office manager might have to deal directly with the time, effort, and revenue lost to combatting chargebacks, and thus feel like fraud protection is urgently needed.
Meanwhile, a marketing or development director might look at the potential for friction in the sales process and worry about deterring legitimate customers.
But, is it as simple an equation as ticketing v marketing? Not at all. These concerns are all legitimate and often complex. Your team may have different priorities, but ultimately, you’re united around the goal to protect your revenue and make sales smoothly.
Start by understanding your event ticketing fraud prevention strategy as a shared quest for balance, and seek tools that are sophisticated enough to thread the needle for you.
Your data has a lot to tell you. In addition to ticketing fraud detection metrics that can alert you if you have a payment fraud problem, you can monitor your own numbers to understand the impact of fraud on your business.
Indicators that your fraud prevention rules are too permissive:
A high or increasing chargeback rate
Revenue lost to chargebacks
Time lost to handling chargebacks
Indicators that your fraud prevention rules are too strict:
A low or reducing authorization rate
Revenue lost due to failed transactions
Time lost to fixing failed online transactions
Customer complaints about your processes
Keep in mind that conditions are always changing. Check your metrics at least once a month, and make a plan to assess your strategy at least every six months - or more often if you notice a significant change.
If you use Spektrix with our in-house payment solution, all that work happens for you - we’re continuously monitoring metrics for hundreds of organizations, and we’ll reach out with suggestions if we spot something that’s cause for concern.
Get in touch to learn more about our dynamic solutions to payment fraud risk management.