He was a serial abuser of the first-party fraud variety who bought thousands of dollars worth of merchandise every six months or so, then claimed the packages were never received. He and his wife went after merchants only one time, and never used the same credit card. And when they were questioned, they cleverly falsified enough details to double-talk their way through the evidence and successfully game the system.
But the couple met their match: Tracking the man across its global portfolio of merchants, Signifyd found this was a recurring habit and pulled the plug.
“It’s not something one merchant can do easily,” said Tara Mitchell, senior director of chargebacks and abuse recovery at Signifyd. “But you look for that pattern – are they filing valid claims, and are they doing behaviors that don’t make sense?”
Managing first-party fraud is a balancing act
Managing first-party fraud and abuse, which includes customers claiming an item was not received (INR) or that is significantly not as described (SNAD), accounts for an ecommerce loss of $89 billion annually in the U.S. alone, according to Socure, an identity-specialist firm. A customer commits first-party fraud to scam merchants and receive products and services for free.
Handling these issues is a conundrum for online merchants, who deal with real customers – not a bot or an invasive bad actor – with the fraud occurring after the transaction process is complete.
And merchants walk a tightrope. They don’t want to offend good customers who truly may not have received the item or may have found the product unacceptable.
Forget friendly fraud, first-party fraud is serious business
First-party abuse was formerly referred to as friendly fraud, but the rapid increase in growth and merchant losses has vaulted it to a more serious level. In a survey of 1,100 online retailers by the Merchant Risk Council (MRC) for its 2024 Global Ecommerce Payments & Fraud Report, 63% noted an increase the past 12 months in first-party fraud. The survey encompassed all size businesses from 35 countries, and found that mid-size and enterprise merchants in North America had the highest rates of increase.
Signifyd data concurs, showing an overall increase in first-party fraud up 4% in the first half of 2024 compared to 2023, with significant increases in the second quarter of 15% in April, 10% in May, and 13% in June, year over year.
More than one in three Americans (35%) admit to committing first-party fraud, and two in five Americans (40%) say they know someone who has, according to research by Socure, who surveyed 1,000 U.S. consumers and reviewed hundreds of millions of financial transactions.
Mike Cook, Socure’s vice president of fraud product and investigations, says this type of fraud with customers has been ignored for too long. “Countless consumers take advantage of a system with little to no consequences, despite causing billions in losses.”
First-party fraud creates many victims
“While many may feel that first-party fraud is a victimless crime,” Cook continued, “this blossoming culture of unalloyed theft is driving higher costs for every single consumer. To combat this, it’s time for our industry to share intelligence, create a widely accepted definition that focuses on these fraudulent behaviors, and push for regulatory changes that will close loopholes for those carrying out these all-too-common acts.”
A consortium model, which Cook refers to, contains vast amounts of data that machine learning can harness to gain insight into the identity and intent behind each online transaction. Signifyd launched its model a decade ago, and its Commerce Protection Platform is powered by a Commerce Network that has insight into 600 million digital wallets. It recognizes 98% of consumers arriving at a merchant’s site from transactions conducted elsewhere on its network. That intelligence is vital to Signifyd’s Decision Center, which allows merchants to calibrate responses to return and refund requests based on the amount of risk involved.
It was this suite of solutions applied to Signifyd’s wide spectrum of customers that caught the thieves that opened our story.
How to enact the most effective ways to combat first-party fraud
Without the aid of a risk-prevention company, merchants scramble to find strategies to navigate the muddle of INR and SNAD claims. The MRC found that nine of 10 merchants use chargebacks to fight first-party fraud, even though less than 35% claim it’s effective.
Merchants in the survey said these are the best practices for fighting first-party fraud:
- Reviewing and analyzing non-fraud chargebacks and declines – most successfully by a fraud-prevention software but if not, manually – that alert merchants to suspicious transactions that are flagged for review.
- Checking customer purchase and order histories. This is where a consortium approach, such as Signifyd’s vast network combined with machine-learning models can track insight into the identity and intent behind each online transaction.
- Monitoring and analyzing transaction data for unusual activity or anomalies.
- Working with providers to identify fraudulent transactions.
- Requiring Card Verification Values (CVV) codes to process card payments; verifying that billing addresses entered match billing addresses for cards used.
- Notifying customers after processing their payment; notifying customers when orders are processed/delivered.
- Requiring a signature on delivery.
- Deny listing customers who are identified as perpetrators of fraud.
As is always the case, preventing first-party fraud involves a balance between preserving a smooth customer experience and increasing friction in a transaction. In reviewing the checklist above, online brands should consider carefully making changes that inconvenience shoppers.
Beyond the checklist, Signifyd’s Mitchell adds that more detailed descriptors on credit card transactions would help cut down on legitimate purchases not recognized by customers. Confusion with credit card descriptions of transactions was the second-ranked reason that customers filed disputes; the first reason was an attempt to scam products or services for free, according to the survey by MRC.
“I’ve had this happen to me,” Mitchell said. “I look at my credit card statement and I don’t recognize this business, and then I look at the date and the amount, and I’m like, oh, right! I went to a coffee shop, but instead of it showing us the name of the coffee shop, it’s showing the name of the parent company that I have no relationship with. So if I didn’t spend that time thinking about it, I would just assume that it was a fraudulent chargeback.”
Manage first-party fraud intentionally
Mitchell warns that merchants shouldn’t use the chargeback process for everything. “You only fight the stuff when you really do have a strong case, and you’ll build that reputation with the card issuers — they’re going to take you a bit more seriously,” she said.
“They won’t assume that you’re just throwing them everything trying to see what sticks, but you’re putting some thought and energy into it, and they can trust you to fight only when you do have the right of liability shift.”
Chargebacks cause merchants to lose $40 billion a year, according to Signifyd data. And every $100 in chargebacks costs merchants to lose more than the transaction amount because of fees and other costs.
In 2022, Visa changed its rules to provide clearer compelling evidence guidelines for merchants fighting first-party fraud and to provide a liability shift from the merchant to the issuer when the proscribed standards are met.
“The Visa compelling evidence and the Mastercard Trust Program and First-party Trust Program are steps in the right direction,” Mitchell said. “They are garnering a lot of enthusiasm because it feels like they are trying to level the playing field. But it’s not there yet…it’s not level. It’s not what we need. We want to see the playing field get more level.”
Photo by Getty Images
Looking to tackle first-party fraud and abuse? Let’s talk.