Distinguishing Legitimate Fraud from Friendly Fraud

ecommerce fraud

Fraud is nothing new to the ecommerce space. However, it gets costlier and more common every year. A recent study from Juniper Research suggests retailers will lose $130 billion over the next five years due to card-not-present fraud.

Of course, online fraud isn’t just one megalithic problem; it’s a web of interrelated issues and potential triggers, including:

  • General ecommerce growth: Risk is always present in every market, so as ecommerce expands, so will risk.
  • EMV liability: As fraud became more difficult to commit in store, perpetrators started seeing online fraud as the path of least resistance.
  • Inconsistent policies and practices: Divergent and unresponsive industry rules and responses to those rules create gaps that fraudsters can exploit.
  • New technologies: Policy can’t keep pace with the rate of technological innovation. Generally, fraudsters learn how to exploit new tools before we learn how to stop them.

Protecting oneself should be a top priority in the digital market. If left unaddressed, fraud can quickly spiral out of control and cause catastrophic, irreparable damage.

Take chargebacks, for example. Chargebacks are, at least in theory, a consumer protection mechanism. They exist to give cardholders legal recourse to recover their cash in the event of fraud. In the ecommerce age, chargebacks are less of a consumer protection tool and more a merchant hazard.

Isn’t consumer protection a good thing? Yes, consumer protection tools are important assuming they’re deployed appropriately. That’s why we need to distinguish between legitimate and illegitimate uses of chargebacks regarding online fraud.

Legitimate Reasons to File Chargebacks

If a fraudster completes a transaction using stolen cardholder information, the cardholder generally has a right to demand a chargeback to recover the money. There are numerous methods of carrying this out.

As the name implies, account takeover occurs when a fraudster utilizes complete or partial user information to takeover a user’s account, often using phishing sites or other tricks to secure the data. By contrast, in fast fraud the fraudster accesses a cardholder’s payment information, then tries to ram through as many transactions as possible before it’s discovered. These strategies are very different and require different security means to detect and prevent them.

Your first line of defense should be fraud scoring. This tool examines different metrics to determine the likelihood that a transaction is fraudulent. Your decision should be dynamic and informed by insight from multiple technologies and strategies. For example, some common and reliable fraud indicators include:

  • Geolocation
  • Proxy piercing
  • Device fingerprinting
  • AVS (address verification service)
  • Velocity checking
  • Biometrics (if using mobile apps like Apple Pay or Samsung Pay)

What About Illegitimate Chargebacks?

Chargebacks are an important tool protecting consumers against fraud. The problem is most chargebacks aren’t the products of criminal fraud.

In fact, friendly fraud is one of the fastest-growing threats in the online market, occurring when a customer requests a chargeback without proper justification. Here are a few of the most common chargeback triggers:

  • Customer expectation: Contemporary ecommerce trains consumers to expect instant gratification. If they don’t get it, they’re more likely to request a chargeback.
  • Lack of understanding: Few customers understand the process deeply. To most, there’s no real difference between a return and a chargeback.
  • Buyer’s remorse: The buyer decides they don’t want an item. Instead of requesting a return, the individual goes straight to the bank.
  • Cyber shoplifting: Also known as chargeback fraud, this occurs when a buyer completes a purchase with the intent to file a chargeback later and get something for free.

Internal data from Chargebacks911 suggests 60%-80% of chargebacks result from friendly fraud. It’s a big  deal considering chargebacks cost businesses $31 billion in direct losses through revenue, merchandise and fees in 2017. There are plenty of ancillary costs to consider including false declines, margin compression, rising prices and long-term threats to business sustainability.

Can Anything Be Done?

The industry is making some positive strides to address fraud. For example, Visa rolled out its Claims Resolution initiative in April 2018, overhauling and providing desperately needed updates to its chargeback process. Mastercard is rolling out a similar system, called Mastercard Dispute Resolution.

Yet, it’s still not enough to really tackle the problem head-on. According to a Chargebacks911 study conducted last year, most merchants either saw no change in Visa chargebacks five months after the Visa Claims Resolution rollout or reported an increase in Visa chargebacks.

To resolve this growing problem, we’ll need cooperation between institutions and merchants to develop a fairer and more responsive chargeback system. In the meantime, merchants can protect themselves by trying to prevent criminal fraud using the tools mentioned above. They can also fight friendly fraud through representment or partnering with a mitigation service who can.

Merchants who do nothing about this growing threat leave themselves open to big losses now and in the future.

Monica Eaton-Cardone is Co-Founder and COO of Chargebacks911

Leave a Reply