The primary goal for risk analysts is to detect and prevent fraudulent online transactions from being fulfilled. In order to do that, an analyst needs to discover whether the order was placed by the authorized cardholder or a fraudster who’s using the legitimate cardholder’s information. Seems straightforward, right?
The vast majority of the orders that a risk analyst reviews falls into one or the other category. However, for a small subsection, the authorized cardholder and the likely fraudster are one and the same. This is known as friendly fraud, and it’s nearly impossible to detect in the card-not-present world. (And, according to Lexis Nexis, it’s a pain point for over a fifth of ecommerce merchants.)
Considering the extreme difficulty for merchants in detecting and preventing friendly fraud, we’ll delve into what it is about our current environment that allows for friendly fraud to exist and continue unfettered. Then, we’ll recommend some strategies for merchants to be proactive about mitigating potential cases of friendly fraud.
If you are an online merchant evaluating commerce protection vendors, you might be interested in our free Commerce Protection Buyer’s Guide. This comprehensive guide outlines the evolution of commerce protection from fraud prevention and details the integral components of a commerce protection solution. Takeaway resources include:
- A sample RFI template to leverage in your evaluation process
- Tips on how to build a business case for a Merchant Fraud Protection solution
- How to evaluate ROI and understand the tools used to prevent chargebacks
- How to find the right solution for your business
Three categories of chargebacks: Actual fraud, merchant error and friendly fraud
As friendly fraud concerns an authorized cardholder filing a chargeback automation on a seemingly legitimate transaction, it’s important to take a step back and review the three types of chargeback disputes a merchant faces.
All chargebacks fall into three main categories:
1. Actual fraud. The most obvious reason for a chargeback is also the most common. A fraudster used a legitimate cardholder’s information, purchased an item from a merchant and the merchant shipped said order to the fraudster. Upon reviewing their statement, the authorized cardholder identifies a charge as illegitimate due to fraud and files a chargeback, requesting a refund.
2. Merchant error or negligence. The merchant either never shipped out the order or shipped out an item that was broken or different than described, and failed to provide good customer service to rectify the situation. When the authorized cardholder fails to receive the item they paid for, they file a chargeback on that transaction, requesting a refund.
3. Friendly fraud. Friendly fraud (also called chargeback fraud) is an industry term for authorized cardholders who dispute seemingly legitimate charges to their credit cards. The authorized cardholder may file a chargeback on a legitimate charge for a few reasons: (1) they want to avoid paying for the order in question, (2) they may have forgotten they made the purchase, or (3) there may be another household member who made the purchase in their name, and they don’t recognize the transaction.
Banks and card Associations: Creating the environment for friendly fraud
Considering the possibility that a legitimate cardholder can purchase an item from a merchant, and then attempt to avoid paying for it, strikes merchants as criminal. So, why do banks and card associations tolerate this behavior?
Let’s look at the environment that helps foster this activity.
Some quick background: Card associations (e.g. Visa or Mastercard) dictate participation guidelines to the banks that wish to issue their cards. (We discuss the payment ecosystem in more detail here.) For example, if a bank wants to issue or receive payment from Visa cards, they need to adhere to Visa’s interchange rules and regulations. Visa, Mastercard, and other card associations have a consumer first policy, as their primary goal is to increase the number of their cards used by the general population, and federal regulations dictate that consumers are guaranteed certain rights in regards to disputing transactions. This bears repeating: in order to increase cards in circulation, and avoid attracting federal inquiry, card associations prioritize consumer rights over merchant rights.
This means that banks, bound by card association rules and regulations, adopt a consumer first policy by association, and default to backing the consumer in a chargeback dispute against the merchant. Essentially, card associations force the hand of banks to favor the consumer over the merchant. Banks have little choice but to comply with the card association rules in chargeback disputes, unless the merchant can conclusively show that the cardholder acted fraudulently or with ill will.
But, as any merchant who has participated in a chargeback dispute can attest, attempting to win a chargeback is an uphill battle that rarely ends in victory for the merchant.
So, when a consumer files a dispute with their issuing bank over a legitimate transaction in a case of friendly fraud, though the merchant may have supporting documentation that shows the cardholder acting with ill will, the merchant may still potentially lose a legitimate sale.
Detection: Can friendly fraud be identified?
The reality for merchants is that friendly fraud is nigh impossible to detect.
As mentioned earlier, when reviewing an order for fraud, fraud analysts are looking to detect if the card is being misused in any way by someone other than the authorized cardholder. When a card is being used by the cardholder themselves, it will be impossible to determine if that card is being used in a legitimate or malicious way, given that the purchase is indeed being conducted by the authorized cardholder.
That being said, a fraud analyst can look for anomalies in the order that might suggest that there is a risk of friendly fraud occurring.
When reviewing an order for a risk of friendly fraud, think about the following:
- Is the order amount larger than normal, either for this customer or for average customers on site?
- Has the customer been placing a high frequency of orders?
- Is the item that the customer purchased commonly stolen?
If the answer to any of this is yes, then we recommend following the steps below to both verify the order and minimize the risk of accepting an order that may be friendly fraud.
Even when a fraud analyst believes that they’re seeing a legitimate purchase made by the authorized cardholder, a merchant can protect themselves against fraud claims from their customers by documenting the transaction in the following ways:
- Make validating phone call and record it. For example, if a merchant’s average transaction amount is $275, and a customer places an order for $6,300, that should warrant extra investigation by the fraud analyst, and likely a phone call or email outreach to the customer. When a merchant makes a validating phone call, they can record their conversations with tools such as Talkdesk to use as evidence later for the banks should a chargeback be filed.
- Always gather and save delivery documentation. Merchants can request that a package must be signed for to be delivered, proving that it is now in the hands of the purchaser or listed recipient of the order. Most of the time a merchant can request that UPS or Fedex request signatures on all their orders to prevent claims that the package was stolen off the porch or never delivered. The merchant can use the signature as evidence to the banks that the customer has possession of the merchandise.
- Make a commitment to providing excellent customer service. By building a relationship with your customer, they are far less likely to commit friendly fraud against you. If there is any issue at all with the product or the service and they know that you are willing to help them, the customer is more likely to ask for help first before filing a chargeback.
By documenting shipping, recording phone calls, keeping track of all email conversations and above all, providing excellent customer service to customers, merchants can significantly reduce the number of chargebacks that they receive.
Customer deny lists and the network effect: What merchants can do to avoid repeat friendly fraud
Similar to our documentation advice above, if a merchant has lost a dispute from a customer on what they believe is a clear case of friendly fraud, it’s advisable to document the chargeback in order to avoid accepting an order from that customer in the future. While it is indeed possible that this customer filed their first chargeback, and was unaware that they could initially reach out to the merchant to resolve the matter, it’s quite likely that they have filed chargebacks against other merchants, won and are continuing their pattern.
Keeping a customer deny list helps prevent you from repeat friendly fraud offenses, but it is likely to be of little use in detecting new attempts.
Note: If a merchant uses a fraud detection and prevention tool, they may benefit from a network effect. As an example, Signifyd merchant customers benefit from data that we have across all our merchants on customers who have committed friendly fraud. Thus, if a customer who committed fraud with one Signifyd merchant attempts to buy from another Signifyd merchant, we prevent that transaction from going further.
Signifyd also offers automated friendly fraud management with its Abuse Prevention solution. Abuse prevention extends Signifyd’s ecommerce chargeback protection, including item not received and significantly not as described claims, and comes with a financial guarantee.
Conclusion: The responsibility is on the merchant
Being proactive about providing excellent customer service and documenting transactions is a merchant’s best weapon against friendly fraud. While this won’t eradicate every occurrence, it can certainly reduce it. We also recommend examining your fraud prevention tool to see if you can benefit from a network effect and access to occurrences of friendly fraud across other merchants.
We can help prevent friendly fraud chargebacks.