9 Tips to Minimize CCPA’s Impact on Chargeback Management
- November 7, 2019
- 6 minutes
The California Consumer Privacy Act (CCPA) could impact a lot of different areas of your business. But the more you know and the better prepared you are, the less eventful the policy update will be.
Here’s how to manage chargebacks after CCPA takes effect.
CCPA is a very detailed policy that regulates several different business processes. A complete explanation can be found here. The following is a high-level overview:
CCPA stands for California Consumer Privacy Act. The legislation grants Californians new rights, and it regulates how businesses handle personal information.
Personal information is information that identifies, relates to, describes, is associated with, or is linked to a particular consumer or household. A list of examples can be found here.
Some of the law’s features that will most likely impact chargebacks include the following:
- The business has to tell its consumers what personal information will be collected and how that information will be used.
- When asked, a business has to be able to tell the consumer what information it has on file.
- If the customer asks the business to delete the information that’s been collected and stored, the business must comply.
CCPA is expected to take effect on January 1, 2020.
Businesses that sell to Californians and have at least one of the following characteristics will need to follow new CCPA rules:
- Gross annual revenue is $25 million or higher
- Personal information is collected from 50,000 or more consumers, households, or devices
- The sale of personal information accounts for 50% or more of the business’s annual revenue
How to Manage Chargebacks After CCPA Takes Effect
Here’s how to manage disputes easily and effective while still complying with CCPA.
1. Don't panic.
The first thing you need to do is remain calm.
Because of how CCPA is structured, the legislation could potentially have an impact on your business. But even though consumers have been granted new rights, data suggests few will actually use them.
In 2014, Europe passed its first “right to be forgotten” law — a regulation that is similar to CCPA’s “request to delete” requirement. It governed search engines and enabled Europeans to remove certain URLs related to their name from search results. Google published data that explains how Europeans used this right.
- Over three and a half years, Google was asked to delist 2,367,380 URLs. At the time, Google had approximately 30 trillion unique webpages. The “right to be forgotten” law had impacted less than 0.000008% of all URLs.
- Of the 2.4 million requests that were made, 399,799 — or 17% — were from unique requesters.
- Only 43% of all requests were valid.
- Requests were most common within the first year of enforcement, and then popularity dropped drastically over time.
If CCPA trends follow Europe’s “right to be forgotten” activity, we can assume the following:
A very small portion of your customers will exercise their CCPA rights. Of those requests that are made, less than half will be valid. You will receive the majority of your requests in 2020, but over the following years, activity will decrease. In total, a barely-noticeable portion of sales will be impacted.
2. Inventory your current data points.
When it comes to chargeback management, data is extremely valuable. You want to do all you can to keep your customers’ information for as long as possible. Each request to delete information will damage the integrity of your management strategy.
One thing you can do to increase the odds of data retention is to ask for less information.
CCPA requires you to tell your customers what information you collect and how you intend to use it. If you ask for a very long list of information, consumers could easily become fearful of its safety and ask for it to be deleted. But if you scale back and only ask for the things you really need, you have a better chance of keeping it.
So, take a look at what you are currently collecting. Which pieces are most valuable? Are there any that you could do without?
3. Create user accounts.
Another way to increase the likelihood of data retention is to make the “request to know” process easier than the “request to delete.”
Consumers might assume that you have tons of information and are using it in ways they wouldn’t approve. In these cases, consumers might ask you to delete their information just to be on the safe side.
But if consumers can easily check what information you have and make updates to what you can access, they might let you keep more data for longer periods of time.
You can comply with CCPA’s request to know requirements through a self-service portal. Encourage users to create a secure account for a portal where they can access and view the personal information you have on file.
4. Mention chargeback responses as one of the uses for the information.
One of the conditions of CCPA states: “a business shall not use a consumer’s personal information for any purpose other than those disclosed.”
If you include personal information in your chargeback responses, be sure to mention it to your customers. Otherwise, if you do use personal information as compelling evidence but don’t disclose it, you would technically be non-compliant with CCPA.
5. Create rules for verifying the identity of requesters.
Fraudsters are going to try to trick you into giving away someone else’s personal information. Don’t do it!
Create stringent rules for verifying the identity of anyone who asks for information, and make sure you always follow protocol. This will help prevent account takeover fraud and the resulting chargebacks.
CCPA guidelines state you should match at least three pieces of personal information and ask for a signed declaration under penalty of perjury that the requestor is the actual consumer.
6. Don’t immediately honor requests to delete.
Friendly fraudster might try to take advantage of CCPA loopholes. They could ask to have information deleted before filing a chargeback so you won’t be able to respond.
To minimize the damage caused by these requests, make it a policy to delay any action as long as possible.
CCPA guidelines state you merely have to acknowledge the request to delete within 10 days of it being made. Then, you have 45 days to act. You can even postpone the deletion another 45 days if you can justify the delay.
Taking immediate action guarantees you won’t have the information when you need it. But waiting buys you time.
Maybe the customer will go straight to the bank and dispute the purchase while you still have compelling evidence. Maybe the customer will change his mind. Or maybe the chargeback time limit will expire.
7. Don’t delete it all.
Even if a customer asks you to delete personal information, you might not have to get rid of everything.
CCPA states you can give customers the option to delete all their information or just certain portions.
Try to keep as much as you can!
8. Offer customers a financial incentive to keep their information.
CCPA defines a financial incentive as “a price or service difference offered in exchanged for the retention of consumers’ personal information.”
You are allowed to offer financial incentives as long as you don’t discriminate against consumers if they choose to enforce their CCPA rights and if the financial incentive is equal to the value of the information you retain.
There are several different ways you could reward consumers for sharing information and letting you keep it. For example, you could send coupons to consumers who sign up for your newsletter or loyalty program.
Then, if chargebacks do happen, you might have the information you need to fight back.
9. Be sure to keep the non-personal information.
When a consumer asks you to delete personal information, you have three response options:
- Permanently and completely delete all personal information
- Aggregate the personal information
- De-identify the personal information
Do all you can to keep as much non-personal information as possible. The more insights you have about your customers, the better equipped you’ll be to understand why shoppers dispute purchases and what you can do to prevent chargebacks from happening.
Want Help Managing Chargebacks?
If you are interested in optimizing profitability while also complying with CCPA, you’ll need to make a few adjustments to your chargeback management strategy.
However, this is an administrative task that you really shouldn’t have to worry about.
At Midigator®, we believe the challenges of running a business should be delivering great products or services, not managing payment risk. Let Midigator worry about CCPA and chargeback management. You focus on growing your business.
Sign up for a demo today, and see how Midigator can remove the complexities of payment disputes.