How the CCPA Affects Chargeback Management Strategies
The California Consumer Privacy Act (CCPA) occupies an unusual space in consumer regulations in that it is both well known and somewhat mysterious. That is to say, from its passage into law by the California state legislature in June of 2018 through the date it took effect on January 1, 2020, up until the present, it has loomed large as a significant piece of legislation. But what remains mostly unknown to many are the details of how it works, what businesses need to do to stay in compliance, and what the potential consequences are for each of the many industries that fall under its regulations.
This article will try to answer some of the questions that inevitably arise with regards to the CCPA and how it relates to chargeback management. It will also offer recommendations for how merchants can comply with this new law and enhance their chargeback management strategies.
What is the CCPA?
The CCPA is a significant, new data privacy law in California. The law is similar to the General Data Protection Regulation (GDPR) instituted in the European Union in 2018. It proceeds from the maxim that, as the text of the bill itself states, “The California Constitution grants a right of privacy.”
The law grants consumers the right to request disclosures about several aspects of the consumer data that businesses collect. It also gives consumers the right to request the deletion of personal information from businesses’ data and requires businesses to allow consumers to opt-out of the sale of their personal information.
“Merchants should beware. The data covered by the CCPA includes anything that could be used to identify a consumer or household, including data linked to credit card transactions and data merchants need to fight chargebacks.”
Does the CCPA Apply to My Business?
The bill sets forth the conditions that make a business subject to the CCPA’s regulations:
Having a gross revenue of $25 million or more
Buying, selling or trading information for more than 50,000 consumers annually
Deriving at least half of the business’s revenue each year from selling consumer information
I’m Not Located in California. Do I Still Need to Comply With the CCPA?
Like the GDPR, the law is written in such a way that its jurisdiction is not determined by the business’s location but rather by the location of the consumer. Therefore, any company that does business with California residents (and meets the specifications mentioned above) is required to comply with the CCPA even if it is located outside the state.
Even if your company is not located in California and does not do any business with California-based consumers, there is still value in familiarizing yourself with the CCPA. Between the GDPR and the CCPA, there is a trend toward these sorts of regulations. And California, due to its population size and relative wealth compared to other states, is something of a regulatory bellwether for the United States as a whole.
What Are the Risks of Friendly Fraud?
Friendly fraud is a term for a consumer making an online purchase using a credit card with the intention of contacting the card provider to request a chargeback, bypassing the retailer entirely. Mitigating friendly fraud is one of the most essential and challenging aspects of chargeback management.
The CCPA has the potential to make combatting friendly fraud significantly more complicated than it already is. Any successful strategy for fighting fraudulent chargebacks requires the business to have access to relevant consumer data. A particularly cunning and devious fraudster could use the CCPA’s regulations to request that a merchant delete their personal information in anticipation of committing friendly fraud. Accordingly, any friendly fraud mitigation strategy must account for navigating the CCPA.
What Can I Do to Mitigate My Risk?
While some of the potential CCPA pitfalls that merchants face are inevitable, there are things that you can do to mitigate the risk of CCPA-abetted friendly fraud. Here are some tips for managing existing and potential chargeback disputes while maintaining compliance with the CCPA:
Ask for less information: Reduce the likelihood of consumers requesting data removal by not asking them for inessential data in the first place. For example, do you really need to know physiological or genetic information? If not, don’t ask for it. Only compile data that is relevant to your business.
Allow users to have an online account: By giving them the option to create an online account with you, you can easily share the data you collect on your consumers. This sort of transparency builds trust. When consumers trust you, they’re less likely to ask for data removal. It could also be advantageous to offer a self-service portal where they can manage their own data and privacy.
Include “chargeback responses” in your terms and conditions: Make sure consumers are aware of the data that you need to collect to protect your business when they make a purchase. This inclusion may protect you during representment cases.
Get at least three pieces of identifying information: This is important for verifying a consumer’s identity if you find yourself disputing a chargeback. You need a minimum of three data to correctly identify a consumer in a friendly fraud case.
Wait before you delete: When a consumer asks you to delete their info, you have to notify them within ten days. But you can wait up to 45 days until you have to honor their request. In some situations, you may even be able to delay the deletion for an additional 45 days. Deleting information immediately puts you at a disadvantage.
Only Delete what you have to: If you have to delete a consumer’s information, try to retain as much non-personal information as you can. Giving your consumers options on what they want to delete increases the likelihood that they won’t want all of their information deleted
Does the CCPA Affect My Fraud Management Strategies?
Another way you can manage friendly fraud better while addressing the compliance issues of the CCPA is to adopt the right chargeback management software. Rules are always changing, and software that can keep up with changes is crucial if you want to fight friendly fraud and other financial threats effectively. With chargeback management software like MidMetrics, you can gather all the data about your consumers into a single platform that helps you prevent, fight, and analyze chargebacks.
Data organization and timely responses are the most crucial success factors when it comes to friendly fraud cases. MidMetrics can help with both. To see how our software can help you with ramifications from the CCPA and more, book a demo with us.