September 22, 2022
The pandemic was a significant catalyst for the accelerated growth of e-commerce and the adoption of digital payments. Lockdowns and social distancing restrictions pushed people to rely on mobile applications, online channels, and cashless payment methods to buy the things they needed. In response, online shopping ecosystems also created space for new business models to provide consumers with more convenient and seamless service.
However, this development also deepened the concerns for cyber security risks, particularly fraud targeting businesses. In 2020, Javelin Strategy & Research revealed a 35% increase in fraud attempts worldwide, adding that criminals are becoming more active at taking advantage of various fraud strategies to penetrate digital channels.
One of the rising threats to online businesses today is friendly fraud. In 2021, Business Wire disclosed that 8 out of 10 merchants experienced friendly fraud attacks. The changing consumer behaviors and regulations during today’s uncertain times are putting pressure on companies to diversify their sales channels and strategies. And these shifts have had a major impact on chargeback rates and friendly fraud.
What is Friendly Fraud?
Friendly fraud happens when the cardholder reports and disputes a credit or debit card charge by mistake or with ill intent. In contrast to actual fraud that occurs due to unauthorized use of a credit card, friendly fraud is perpetrated by the card owner themselves through the chargeback service.
A chargeback is a recourse customers can take when they have complaints about the items they purchased online. It is a reversal of a debit or credit card transaction based on issues like product defects, inaccurate object description, or not receiving the item. But unlike a return and refund where the appeal is directed to the merchant, a chargeback is made to the credit card provider.
Friendly fraud can be made by a customer who honestly made a purchase mistake or forgot about the transaction. It could also be that multiple individuals share a card, and a user fails to communicate their card activity so the card owner believes the charge to be a merchant error.
But customers can also raise a chargeback appeal with malicious intent to abuse consumer protection. A typical scenario, in this intentional deceit, is that a buyer makes a digital purchase using a debit or credit card, then disputes the transaction with the card issuer and lies about the reason to get away with not paying for the product.
In both cases, if the chargeback appeal is approved, the merchant is at a disadvantage. Not only does the company lose income from the sale, but it also has to pay a chargeback and retrieval fee. These fees can go from $20 to $100 per occurrence. If the business gets more than a hundred payment disputes or accumulates a chargeback-to-transaction ratio of 1.5% for two consecutive months, it would also have to pay for an excessive chargeback fee.
Merchants do have a way to defend themselves against chargebacks through a process called conflict resolution, mediated by the card provider. But the steps are usually time-consuming and tedious.
In a study by Kount, 60% of the merchant respondents said that they only dispute some chargebacks, while 5% do not contradict any. Chargeback911 also indicated that merchants typically have a 12% recovery rate or success at representing their disputes.
How can Merchants Prevent Friendly Fraud?
Despite having an unfavorable position when it comes to chargebacks that makes them prone to friendly fraud, businesses have several ways of reducing or eliminating it.
- The company can use a clear descriptor for its merchant account.
The descriptor is the label the customer sees next to their purchase on their credit card statement. This descriptor is generally pulled from the website gateway or doing-business-as (DBA) name listed on the merchant account provider.
The best practice is to use the company name so that customers can easily identify the purchase and clear up confusion as to where the charge is coming from. Enterprises can also add their website or contact information in the descriptor to prompt customers into reaching out to them for any skepticism about the charge.
- Collect relevant information about the customer and the transaction at the point of sale, and notify customers of their purchase details.
Simple actions like emailing sales receipts can already help prevent friendly fraud. It notifies card owners of a credit card usage if it is shared by family members and gives them a record to review if they forget about the transaction. Increasing transparency about their terms and refund policy helps guide customers into making a return instead of chargeback.
- Implement chargeback detection strategies.
Companies can use real-time fraud prevention techniques like managed services or collaborating with card issuers to catch chargeback claims before they are reported. Upon detecting a potential chargeback, the company can present the customer with detailed information about the transaction. This way, the merchant can promptly clear up confusion or prevent fraudulent claims the customer can make to get away without being charged.
- Employ 3D Secure protocols to add security in debit and credit card transactions.
3D Secure (3DS) adds a layer to the fraud prevention mechanisms of online companies by requiring cardholders to provide a proof of identity to complete an online purchase. Particularly, its transaction risk scoring feature deploys machine learning, artificial intelligence algorithm, and behavior analytics to gain in-depth data about customers. This feature enables high-precision prediction of where threats come from.
Low-risk transactions initiate the minimum verification methods for a frictionless checkout and improved customer experience. Meanwhile, high-risk purchases launch additional payment authentication measures like biometric authentication to deter fraudsters from executing their schemes.
It also provides means to improve the payment transaction information sent to the issuing bank, including the actions taken during payment. When 3DS is paired with good customer service, it helps customers track their purchase status, leading to less friendly fraud.
- Use FIDO2 passwordless authentication to supplement risk-based verification of 3DS at the time of online payment.
While 3DS focuses on improving the security of online payments via credit cards, FIDO2 focuses on enabling strong customer authentication. With FIDO2-certified solutions like LoginID, online enterprises can enhance their digital payment security through biometric authentication and asking for a digital signature to complete transactions. Using LoginID complements 3DS rules by ensuring only authorized users can execute credit card payments.
Operating together with 3DS messaging also positively impacts the overall risk assessment of a card-issuing bank with the addition of relevant FIDO authentication data.