There is nothing friendly about fraud – it is criminal. “Friendly fraud” refers to apparently legitimate customers using their own names, addresses and credit card numbers to make an online purchase but later disputing the charge with the credit card company. A more accurate term for this behavior is “cyber-shoplifting.”
While credit card theft and other common types of fraud are decreasing because of EMV chip cards and new security technology, low-tech friendly fraud is on the rise. Remember, EMV cards don’t provide any additional protection for you or customers in ecommerce transactions. If you run an ecommerce website, it’s worth knowing about the tools to protect yourself.
- The Cost of Fraud
- Friendly Fraud Explained
- Recognizing Potential Friendly Fraud
- Protecting Your Business
- Review Your Chargebacks
- Consult Your Processor
The Cost of Fraud
In a typical friendly fraud scenario, a business ends up in the red to the tune of $3.08 for every $1.00 in chargebacks, according to the 2014 Lexis-Nexis True Cost of Fraud Study. How is that possible? Remember, a chargeback doesn’t just include refunding the amount of money that was paid. It also includes chargeback fees, shipping costs, processing fees, penalties, and employee time, all of which were calculated into the Lexis-Nexis study’s number.
It’s possible that a family member made a purchase and the primary cardholder doesn’t recognize the charge. That’s an honest mistake, and one that’s easily rectified by an honest consumer. Cyber-shoplifters engaging in friendly fraud are no more honest than in-store thieves. People commit friendly fraud to get merchandise for free or because they can’t pay their minimum balances with a particular charge on the bill. Others falsely claim goods were damaged, and the merchant may ship a replacement without demanding return of the allegedly impaired items.
Recognizing Potential Friendly Fraud
As with any economic crime, there are certain types of transactions more vulnerable to friendly fraud then others. Carefully scrutinize the following:
- International orders – friendly fraud occurs three times more frequently on foreign than domestic orders.
- Unusually large orders – also unusually attractive to fraudsters. These large orders pertain either to a large dollar amount or an extremely large number of items.
- Order risk – for small businesses, certain orders don’t make sense. It may vary according to retailer, but if the scope or type appears fishy, it merits further verification.
Be sure to familiarize yourself with zip codes that are more fraud prone, and check those orders carefully.
This infographic from Experian gives some of the zip codes associated with high fraud levels. Click image to enlarge.
You can also download Experian’s list of the 100 zipcodes most prone to fraud:
While some friendly fraud perpetrators may only attempt a phony chargeback once or twice, many are serial offenders, meaning they repeatedly defraud online businesses. If it’s legal in your jurisdiction – certain consumer protection laws forbid their use – obtain lists of serial offenders through data-sharing services. Your processor may be able to block transactions made with cards previously used in friendly fraud situations.
Several types of purchase reversals are lumped under the general term “chargeback”, including purchases from lost or stolen cards and friendly fraud purchases. However, in December 2014, CBS News reported that a whopping 86 percent of chargebacks are fraudulent. Think about it – only 14 percent of chargebacks, less than one in six, are legitimate. You may have become resigned to not fighting chargebacks, instead calculating them as part of the “cost of doing business.”
There’s no question the odds are stacked against you. The business bears the burden of proof in what often devolves into a “he said, she said” situation. Even if you prevail, the chargeback is still part of your overall chargeback rate.
Too many chargebacks not only affect your bottom line as criminals steal your merchandise, but lead to:
- High fines and fees
- Damage to your reputation with banks and processors
- More administrative work
- Cash flow problems
In the worst-case scenario, your processing account may be closed, leaving you unable to process credit card orders. In e-commerce, that’s tantamount to going out of business.
Protecting Your Business
There are relatively simple ways to protect your e-commerce business from friendly fraud, whether preventing it in the first place or prevailing in a chargeback representation. There are tools you can use at each step of the purchase, described in order below:
Send a confirmation email to every client. Go a step further and use an electronic signature page. These pages make the terms of the purchase and customer agreement clear.
Always require the card verification value, or CVV2 number at the time of purchase. That security number on the actual card proves the person making the purchase has possession of the card, not just the card’s number. The presence of the CVV2 on your receipt can aid you in chargeback disputes.
Utilize 3-D Secure
Consider participating in 3-D secure payer authentication services such as Verified by Visa and MasterCard SecureCode. Depending on the participants in each transaction, your liability for chargebacks may be minimized. There’s a possible downside – some customers hate having to use the necessary passwords. On the plus side, those who hesitate to shop online because of identity theft or fraud fears welcome this protection.
Address Verification Service () is an anti-fraud tool that when combined with delivery signatures can significantly increase your chances of winning a chargeback. Visa notes that requiring signature upon delivery for items sent to a customer after the business receives an AVS code indicating an address and zip code match at the time of checkout is a great way to protect against chargebacks.
Related Article: How to Use AVS.
Record IP Addresses
Keep a record of the IP address used to make transactions. This information will reveal the geographic area where a computer accessed the internet. If a cardholder uses their computer to initiate a chargeback, and the IP address used points to the same location the computer was used to make the order in question, there’s a chance the cardholder is attempting friendly fraud (especially if the mailing address matches as well). Claiming a charge was unauthorized does not hold up as well when the cardholder’s correct billing address, and more importantly, his IP address, was involved in the process.
Require Signatures for Delivery
If feasible, use a delivery service that requires the recipient’s signature, along with real-time tracking and delivery. That may not be practical for every order, but consider setting a monetary threshold that makes sense for your business, and require a signature. It’s hard for a customer to claim they didn’t receive an item when their signature is on the delivery receipt.
Make Contact Easy
This step is more important for general chargeback prevention, but is worth noting. Most customers who don’t receive their merchandise or experience a damaged delivery don’t contact the business, but notify the card issuer. Make it easy for customers with genuine issues to get in touch with you 24/7, and give detailed instructions to your customer service team for handling these complaints. Deliberate fraudsters will still initiate the chargeback process with the card issuer, but providing and publicizing good customer service lowers the chargeback rate for misunderstandings.
Review Your Chargebacks
Review each chargeback carefully, and not only for fraud potential. Do the codes indicate that consumers don’t recognize your business, especially if you utilize a third-party billing service? Make sure that information is clear on your website and on the customer receipt. Work with your processor on descriptor clarification for your customer’s statements, perhaps adding a phone number so puzzled cardholders can contact you directly.
Consult Your Processor
Consult your processor regularly for advice on security updates and current best practices. All parties involved in transactions – businesses, banks and card issuers, and processors – must stay one step ahead of cybercriminals.
While friendly fraud is the bane of Card Not Present merchants, taking proactive measures can lessen the threat to your business and significantly reduce the incidence of customer scams.