What is a TC40 or SAFE report?
TC40 and SAFE reports are data generated by credit card issuers regarding cases where the cardholder claimed that they did not authorize the charges. These reports are sent to a merchant’s acquirer, other issuing banks, and the relevant credit card network. In the case of the TC40, the reports are sent to Visa. SAFE is the name of reports that are sent to MasterCard.
When a cardholder claims fraud, the issuer collects the fraud data and submits the notification to the card network. The card network consolidates the information from all issuers and then distributes the transactions by merchant to the corresponding acquiring bank.
TC40 and SAFE reports provide data on the merchant involved in the alleged fraudulent transaction, the banking information of the merchant, the cardholder claiming fraud, and the transaction details. As you can imagine, these files are typically very large, making it difficult for acquirers to share them with merchants. While merchants can request this information, acquiring banks rarely automatically pass TC40 or SAFE data along to them and are under no obligation to share the information.
Using TC40s to calculate fraud rate
The TC40 and SAFE reports are used by their respective card brands to calculate if merchants have a level of fraud that would necessitate placement in the card scheme’s fraud monitoring program. Card networks monitor the monthly value of fraudulent transactions involving a specific merchant as well as the ratio of fraudulent transactions to total sales.
Issuing banks also use TC40 data to determine the risk a merchant poses in terms of fraud and whether to process cardholder payments that come through specific merchants.
TC40s aren’t for chargeback monitoring
One thing that TC40 and SAFE reports cannot be used for is keeping tabs on chargebacks. A major reason is that TC40 reports do not account for delivery failures or product quality disputes. TC40 and SAFE data also isn’t always reported before a chargeback is filed. Issuers can sometimes wait months after the chargeback to submit their report.
Another issue preventing merchants from using TC40 reports as a proxy for chargebacks is that although all fraud-related chargebacks should be found with a TC40 or SAFE report, not all TC40 data has corresponding chargebacks. An example of a situation where a TC40 report is filed but a chargeback is not would be with small amount transactions. This is because in these cases the cost of filing the chargeback for the issuer is often greater than directly refunding the cardholder.
Another example, would be a fraudulent transaction that went through 3-D Secure. The merchant will not get hit by a chargeback because it is the issuing bank’s responsibility, but the TC40 or SAFE still applies to them.
If merchants don’t have access to all their fraud data and don’t receive chargebacks for a lot of unauthorized purchases, a fraud problem could grow significantly before it is detected.
How merchants can use TC40s
The fraud reports can, however, be used as training data for pre-sale fraud tools with machine learning. The more past transaction data these solutions have, the more accurate their screening of future threats becomes. Yet even in this case, TC40s are not perfect since they will include cases of friendly fraud where the cardholder claims the transaction was not authorized but in reality true fraud did not occur.
Using TC40s for pre-sale fraud prevention tools can make sense when other, better data is lacking, but you should be aware of the limitations.
To discover more about TC40 and SAFE reports and how to use them, contact us at Justt.
TC40 or SAFE report FAQs
TC40 data is a Visa record that contains information on a cardholder’s fraud claims and is part of the Risk Identification Service. The information captured includes merchant details, cardholder’s bank details, and transaction details.
System to Avoid Fraud Effectively (SAFE) is a Mastercard version of Visa’s TC40 that records cardholder fraud claims and data points relevant to the fraudulent transaction.
Although a merchant can request TC40 data, acquiring banks aren’t obligated to share the report. Acquiring banks typically don’t alert merchants when they generate TC40 reports.
No. TC40 reports indicate a cardholder filed a fraudulent claim. For small transactions, issuing banks or merchants find it cost-effective to issue a refund than go into the chargeback process.
TC40 data doesn’t prevent chargebacks or fraud directly. However, it offers merchants valuable insights they can use to detect and prevent future fraudulent transactions.
No. TC40 reports are generated from data recorded when a cardholder files a fraud claim. This is a separate action from filing a chargeback where the cardholder wants the transaction amount returned.
Yes. Too many TC40 reports filed can harm a merchant’s ability to accept CNP payments due to high fraud levels even if a handful or none result in chargebacks.