Got a question? Get your answer.
This is Signifyd's central hub where merchants can always go with their most common questions
GOT A QUESTION? GET YOUR ANSWER
This is Signifyd's central hub where merchants can always go to with their most common questions
Frequently asked questions
In the U.S., a cardholder has the right to request a refund from their issuing bank for any transaction or purchase made with their credit card. Usually, the cardholder recovers their money from the merchant directly, in the form of a return or refund. (Note that while a merchant may hold a “no refund” policy, ultimately, if a consumer receives a product that is broken, different than described or generally displeased with the purchase these regulations mandate that a merchant must honor the consumer’s right to a refund.) In the case that the cardholder is unable to receive a refund from the merchant, or the merchant refuses to do so, a cardholder has the ability to contact the bank that issued them their credit or debit card (called the issuing bank) and file a chargeback request to recover the debt.
When the cardholder initiates a chargeback, they are prompted to give a reason for doing so. The most common reasons are:
- Billing dispute
- Broken item
- Item not received
- Item significantly not as described
- Transaction not recognized
- Fraud, card not present
Most of these chargebacks are fairly self-explanatory, but they generally fall into three categories:
- Actual fraud
- Merchant error or negligence
- Friendly fraud
Chargeback fees average around $15–$25 dollars per payment gateway. This doesn’t seem too bad if you have one or two chargebacks a year, but it can be crushing for merchants with a rising chargeback problem. And, of course, the merchant also frequently is out the cost of the item that was originally purchased.
When a customer disputes an order and files a chargeback, the merchant has an opportunity to contest that dispute. In order to dispute a chargeback and ultimately win, a merchant needs to participate in a series of defined steps created by the card associations with the issuing and acquiring banks, who act as mediators between the customer and the merchant. As consumer protections favor the customer, merchants often find themselves in an uphill battle to win a chargeback dispute. In order to simply participate in challenging the chargeback, merchants must complete every stage of the process of pre-arbitration under increasingly tighter timeframes. Depending on the card issuer, a second round of pre-arbitration before arbitration is also possible.
- The cardholder has a maximum of 45-180 days to dispute a charge, depending on the card.*
- The issuing bank has a maximum of 2-6 weeks; Visa allows 3 days.
- The merchant has a maximum of 7-10 days to respond.
- The issuing bank has 4-6 weeks to review; Visa allows 30 days, with only one round of pre‑arbitration.
- Chargebacks refunded in one round of pre-arbitration succeed at a maximum of between 94 and 274 days, depending on the card.
- A second round of pre-arbitration (where allowed) and arbitration can add more time.
*Up to a year under special circumstances
As consumer protections favor the customer, merchants often find themselves in an uphill battle to win a chargeback dispute. In order to simply participate in challenging the chargeback, merchants must complete every stage of the process under increasingly tighter timeframes.
- First chargeback: The merchant has an opportunity to dispute and explain its side, providing detailed evidence to prove it did fulfill the order to the customer as described; the merchant can win here and see the charge re-posted to the consumer’s account; if not...
- Second chargeback (pre-arbitration): There is a second opportunity to dispute the chargeback, but usually requires new and compelling evidence from the merchant.
- Arbitration: Either side can call for arbitration by the card association for a final
decision; fees to the losing side can be considerable, so merchants typically avoid arbitration for transactions below a certain amount.
Chargeback management is a managed service that investigates and resolves all chargebacks on the merchant’s behalf, typically covering issues like “friendly fraud,” consumer abuse, chargeback fraud, and product/consumer disputes.
The acronym AVS stands for Address Verification Service.
An AVS check compares the billing address used in the transaction with the issuing bank’s address information on file for that cardholder. Depending on whether they match fully, partially, or not at all, the merchant can use that information in their decision on whether or not to accept or cancel the order.
When an order arrives with a billing address different from the shipping address, the obvious questions are:
- Is the package being shipped to the cardholder? (Does the real cardholder actually
live at the address that the package is being shipped to?) - Is the package being shipped to anyone other than the cardholder? (Why?) So, can the
billing and shipping address be different?
What happens next depends on the answers.
- After the buy button is clicked, the merchant’s payment gateway collects the transaction and order information and passes it to the merchant’s payment processor.
- The merchant’s payment processor is then routed to the customer’s issuing bank via the card association network, who informs the payment processor which issuing bank the customer belongs to.
- The merchant’s payment processor will then check with the customer’s issuing bank to see if the card passed to it:
- is valid,
- has the funds available for purchase,
- and if the transaction passed the AVV/CVS check.
- The issuing bank will then indicate to the payment processor if the card information passed to it was accurate or not and if the payment is possible.
- If the issuing bank confirms that the card used in the transaction is available, the payment processor will either put:
- an authorization hold on the funds, or,
- will do a capture on the funds and immediately transfer the money to the merchant’s acquiring bank, where the funds will settle in the merchant account."
The acronym BIN stands for Bank Identification Number, and it exists for merchants to help validate the card that a consumer is presenting for payment with the bank that issued that card.
The Bank Identification Number (BIN) exists for merchants to help validate the card that a consumer is presenting for payment with the bank that issued that card. An exact BIN check can go by several other names, such as ‘Industry Identification Number’ or simply ‘credit card number’. Checking the BIN is a crucial step in stopping online fraud. The first six numbers are what a merchant would look up in a Bank Identification Number (BIN) check. The following numbers then specify the exact account that the consumer has with the card issuer and does not relate to the merchant as those numbers are for their tracking purposes only.
That depends. For “card present” transactions, generally conducted in-store, if the merchant follows the process correctly, they are not liable for fraudulent purchases. The cardholder’s issuing bank is. For “Card Not Present” (CNP) transactions that occur online (or other non-present channels, like mail), where the merchant is unable to confirm the identity and validity of the purchaser in-person, the merchant is liable for fraudulent orders and the cardholder’s issuing bank will collect the customer’s refund from the merchant should a cardholder request a chargeback. If the merchant processes a large volume of fraudulent orders, and thus receives a large number of chargebacks relative to their orders, their acquiring bank will likely take steps to raise fees to penalize the merchant.
Online fraud is the use of internet services, or software with internet access, to defraud victims or otherwise take advantage of them. The types of fraud of greatest interest to merchants include stolen credit credentials, Account Takeover (ATO) fraud, reshipping fraud and “friendly” fraud, also known as return fraud, consumer fraud or consumer abuse.
- Credit card numbers are stolen, either via large criminal syndicates or solitary hackers.
- The personal and financial information stolen is usually sold to a third party and not used by the initial thieves.
- Once in possession of stolen credit card information, a fraudster tests and then exhausts the credit card by making online purchases.
Reshipping fraud, also known as delivery address fraud, fake address fraud and mule fraud, is where a cyber criminal uses a third party to make fraudulent purchases. Person A is an online criminal and can live anywhere on the globe. Person B is an innocent individual and most likely unaware of what reshipping fraud is and its penalty. Person A has the financial and personal details of Person C, an identity theft victim of Person A. Person A intends to make purchases with Person C’s account, but this individual cannot ship to their own address out of fear of being tracked down by the authorities. So Person A needs an intermediary (Person B) to receive the online goods at their address and reship them to their (Person A’s) address.
Ultimately, finding fraud is not the end goal – it’s shipping out more orders. A fraud analyst’s goal is to approve (and thus, ship) as many orders as possible, in order to maximize revenue. Inherently, this means that a fraud analyst’s priority should be a focus on shipping out good orders, not on reviewing more orders. While counterintuitive, the reasoning is simple: by focusing on the good orders first, analysts can help their company ship out the good purchases, leaving behind the small fraction of questionable orders for review.
Ecommerce fraud protection is the practice of protecting merchants from fraudulent purchases online, whether for delivery or pick up, and chargebacks due to consumer abuse. Approaches include scoring, where the merchant decides whether to ship an order or not, based on a score indicating how likely it is that the transaction is fraudulent; liability shift, where the vendor controls whether to ship and takes liability for the transaction, if fraudulent; and chargeback recovery or management, where the merchant is provided expert assistance in recovering revenue from customer abuse.
Guaranteed fraud protection protects every approved order with a financial guarantee against fraudulent chargebacks. Signifyd automatically reviews orders for fraud and indicates which orders to ship and which to reject. If you receive a fraudulent chargeback on an order Signifyd approved, Signifyd pays you back, including chargeback fees & shipping.
Friendly fraud (also called chargeback fraud) is an industry term for authorized cardholders who dispute seemingly legitimate charges to their credit cards. The authorized cardholder may file a chargeback on a legitimate charge for a few reasons:
- They want to avoid paying for the order in question
- They may have forgotten they made the purchase
- There may be another household member who made the purchase in their name
- They don’t recognize the merchant name appearing on their credit card bill.
Consumer abuse is when an otherwise legitimate purchaser uses the refund and/or chargeback system to gain an unfair transactional advantage over the merchant. Examples include claiming delivered Items were Not Received (INR), or satisfactory items were delivered damaged, are defective or are Significantly Not As Described (SNAD). Discount abuse and returns abuse are also included.
Consumer abuse prevention is the mitigation for merchants of the effect of abuses by customers, such as return abuse, discount abuse and “friendly” fraud.
“Blacklist” is an archaic term for a list — of people by name, by email, by mailing address or region, or a list of devices by IP address or other factors — used to block purchases by that person or device. Signifyd refers to such lists as “deny lists.”
The acronym ATO in stands for Account Takeover, as in account takeover fraud.
Account Takeover fraud is when criminals obtain a consumer’s log on information, through nefarious means, such as phishing or buying the information on the Dark Web. The log on credentials open up vast possibilities for a fraudster, because unfortunately many consumers use the same usernames and passwords for multiple sites across the web.
The acronym SCA stands for Strong Customer Authentication.
Strong Customer Authentication (SCA) is a European regulatory framework that describes three types of information that should be reviewed as part of an online payment transaction, so as to increase security and reduce fraud. To accept ecommerce payments once PSD2’s obligations go into effect, merchants will need to build authentication technologies into their checkout flows that measure at least two of the following three elements:
- “Something you know”, the KNOWLEDGE Element (e.g., password or PIN)
- “Something you have”, the POSSESSION Element (e.g., phone or hardware token)
- “Something you are” the INHERENCE Element (e.g., fingerprint or face recognition)
PSD2, or the Payment Service Directive 2, is a far-reaching payment regulation covering businesses involved in online transactions in the European Economic Area. European Union authorities first passed the directive five years ago as a way to open banking to more competition and better protect consumers and merchants when it comes to online fraud.
Specific types of payments may be exempted from the requirement to conduct SCA.
- Fixed-amount subscriptions (renewal payments)
- Mail orders and telephone orders (MOTO)
- Low-risk transactions (payment provider’s and issuing bank’s overall fraud rates for card payments do not exceed certain thresholds)
- Payments below 30€
- Trusted beneficiaries (pre-approved customers)
Payment providers may be able to request these exemptions when processing the payment. The cardholder’s bank will then receive the request, assess the risk level of the transaction and ultimately decide whether to approve the exemption or whether authentication is still necessary.
Under PSD2, specific types of payments may be exempted from the requirement to conduct SCA. Payment providers may be able to request these exemptions when processing the payment. The cardholder’s bank will then receive the request, assess the risk level of the transaction and ultimately decide whether to approve the exemption or whether authentication is still necessary.
In the exceptional circumstances of the COVID crisis, The Financial Conduct Authority (FCA) in the UK again stated they would allow additional time to implement SCA for ecommerce. The new PSD2 timeline of 14 September 2021 replaces the 14 March 2021 date.
After 14 September 2021, any firm that fails to comply with the requirements for SCA will be subject to full FCA supervisory and enforcement action.
The acronym BOPIS stands for Buy-Online-Pick-up-In-Store.
The acronym BOPAC stands for Buy-Online-Pick-up-At-the-Curb.
Buy-Online-Pick-up-In-Store, or BOPIS, along with it’s cousin, Buy-Online-Pick-up-At-the-Curb, or BOPAC, is an online purchase fulfillment process where the customer takes delivery at the store, or other 3rd-party location, such as a locker. With accelerated adoption due to the 2020 pandemic, merchants have learned that these online purchases can indeed also be subject to fraud.
BOPIS (Buy-Online-Pick-up-In-Store) purchases are subject to many of the same risks as other online purchases, including stolen credit credentials, Account Takeover, reshipper and other fraud. As Card Not Present (CNP) purchases, the merchant assumes liability in the case of fraud.
Buy-Online-Pick-up-At-the-Curb, or BOPAC, along with it’s cousin, Buy-Online-Pick-up-In-Store, or BOPIS, is an online purchase fulfillment process where the customer takes delivery outside the store, in the parking lot for example. With accelerated adoption due to the 2020 pandemic, merchants have learned that these online purchases can indeed also be subject to fraud.
BOPAC (Buy-Online-Pick-up-At-the-Curb) purchases are subject to many of the same risks as other online purchases, including stolen credit credentials, Account Takeover, reshipper and other fraud. As Card Not Present (CNP) purchases, the merchant assumes liability in the case of fraud.
Omnichannel commerce is a business practice that tries to bind together disparate shopping contexts such as online shopping, mobile shopping and in-store shopping, into a seamless customer experience. The term also refers to tying together different digital shopping devices and venues — such as laptop, mobile, tablet, in-store — into a seamless experience.
Revenue optimization is the management of acquisition, retention, expansion, risk and pricing strategies in order to provide for maximum business health and value. Key aspects of revenue optimization are avoiding unnecessary loss and maximizing lifetime customer value. Effortless payment systems protected from fraud are essential to any business’ revenue optimization strategy.
* FedEx, UPS and other shippers are no longer requiring signatures on many ecommerce deliveries that have historically required signatures. The companies want to protect workers and consumers from the spread of COVID-19.
* The change could lead to an increase in INR claims, Signifyd’s head of risk operations says.
The entire holiday weekend broke shopping records, with Black Friday bringing in $7.4 billion according to Adobe Analytics. Adobe also reported that online shoppers focused their buying frenzies on early morning deals and specials, topping out at $600 million spent by 9 a.m. Friday.
According to Adobe, Black Friday 2020 online shopping was a record $9 billion.
The acronym D2C stands for Direct-To-Consumer
D2C companies tend to have higher margins because they build a direct channel to consumers rather than selling through wholesalers that absorb profit margin in return for providing a sales channel. D2C companies also collect customer data directly, which can lead to better personalization and more relevant product offerings.
Signifyd provides an end-to-end Commerce Protection Platform that leverages its Commerce Network to maximize conversion, automate customer experience and eliminate fraud and customer abuse for retailers. Signifyd counts among its customers a number of companies on the Fortune 1000 and Internet Retailer Top 500 lists.
Signifyd is headquartered in San Jose, CA., with locations in Denver, New York, Mexico City, Belfast and London.
Signifyd attracts people:
- Who believes challenges are best overcome by thinking differently.
- Who know their roles, but aren’t confined by them.
- Whose greatest satisfaction comes from helping customers succeed and achieve their dreams.
- Who aren’t afraid to disagree, convincingly, civilly and honestly.
- Who will stop and hold the door for a colleague — even if they’re running late.
We have seen people misspell our name like this: signify d, signfyd, signified, signifiyd, singifyd, signyfyd, signifyed, signyfid, signifyid, synified, sygnifyd, signafyd.
Ecommerce and commerce fraud protection are a group of services offered to merchants that may include rating or scoring purchases by fraud risk to guide the merchant’s order review, manual fraud review, automated processing based on rules and artificial intelligence, and liability shift, where the vendor covers any approved orders that turn out to be fraudulent. Services related to handling chargebacks, both fraudulent and others, may also be offered.