by Ben Dwyer There is nothing friendly about fraud – it is criminal. “Friendly fraud” refers to apparently legitimate customers using their own names, addresses, and credit card numbers to make an online purchase but later disputing the charge with the credit card company. A more accurate term for this behavior is “cyber-shoplifting.”
While credit card theft and other common types of fraud are decreasing because of EMV chip cards and new security technology, low-tech friendly fraud is on the rise. Remember, EMV cards don’t provide any additional protection for you or customers in ecommerce transactions. If you run an ecommerce website, it’s worth knowing about the tools to protect yourself.
The Cost of Fraud
In a typical friendly fraud scenario, a business ends up in the red to the tune of $3.08 for every $1.00 in chargebacks, according to the Lexis-Nexis True Cost of Fraud Study. How is that possible? Remember, a chargeback doesn’t just include refunding the amount of money that was paid. It also includes chargeback fees, shipping costs, processing fees, penalties, and employee time, all of which were calculated into the Lexis-Nexis study’s number.
Friendly Fraud Explained
It’s possible that a family member made a purchase and the primary cardholder doesn’t recognize the charge. That’s an honest mistake, and one that’s easily rectified by an honest consumer.
Cyber-shoplifters engaging in friendly fraud are no more honest than in-store thieves. People commit friendly fraud to get merchandise for free or because they can’t pay their minimum balances with a particular charge on the bill. Others falsely claim goods were damaged and the business may ship a replacement without demanding return of the allegedly impaired items.
Recognizing Potential Friendly Fraud
As with any economic crime, there are certain types of transactions more vulnerable to friendly fraud then others. Carefully scrutinize the following:
- International orders – friendly fraud occurs three times more frequently on foreign orders compared to domestic orders.
- Unusually large orders – also unusually attractive to fraudsters. These large orders pertain either to a large dollar amount or an extremely large number of items.
- Order risk – for small businesses, certain orders don’t make sense. It may vary according to retailer, but if the scope or type appears fishy, it merits further verification.
Be sure to familiarize yourself with zip codes that are more fraud prone and check those orders carefully.
This infographic from Experian gives some of the zip codes associated with high fraud levels.
Click image to enlarge.
You can also download Experian’s list of the 100 zipcodes most prone to fraud:
Download list of shipping zip codes.
Download list of billing zip codes.
Serial Offenders
While some friendly fraud perpetrators may only attempt a phony chargeback once or twice, many are serial offenders, meaning they repeatedly defraud online businesses. If it’s legal in your jurisdiction – certain consumer protection laws forbid their use – you might want to consider obtaining lists of serial offenders through data-sharing services. Your processor may be able to block transactions made with cards previously used in friendly fraud situations.
Chargebacks
Several types of purchase reversals are lumped under the general term “chargeback”, including purchases from lost or stolen cards and friendly fraud purchases. However, in December 2014, CBS News reported that a whopping 86 percent of chargebacks are fraudulent. Think about it – only 14 percent of chargebacks, less than one in six, are legitimate. You may have become resigned to not fighting chargebacks, instead calculating them as part of the “cost of doing business.”
There’s no question the odds are stacked against you. The business bears the burden of proof in what often devolves into a “he said, she said” situation. Even if you prevail, the chargeback is still part of your overall chargeback rate.
Too many chargebacks not only affect your bottom line as criminals steal your merchandise, but lead to:
- High fines and fees
- Damage to your reputation with banks and processors
- More administrative work
- Cash flow problems
In the worst-case scenario, your processing account may be closed, leaving you unable to process credit card orders. In e-commerce, that’s tantamount to going out of business. The card brands establish chargeback thresholds; exceeding those thresholds can lead to closure of your merchant accounts.
Protecting Your Business
There are relatively simple ways to protect your e-commerce business from friendly fraud, whether preventing it in the first place or prevailing in a chargeback representation. There are tools you can use at each step of the purchase, described in order below:
Send Confirmations
Send a confirmation email to every client. Go a step further and use an electronic signature page. These pages make the terms of the purchase and customer agreement clear, which can help you fight any fraudulent claims later.
Require CVV2
Always require the card verification value, or CVV2 number at the time of purchase. That security number on the actual card proves the person making the purchase has possession of the card, not just the card’s number. The presence of the CVV2 on your receipt can aid you in chargeback disputes.
Utilize 3-D Secure
Consider participating in 3-D secure payer authentication services such as Verified by Visa and MasterCard SecureCode. Depending on the participants in each transaction, your liability for chargebacks may be minimized. There’s a possible downside – some customers hate having to use the necessary passwords. The extra layer of protection creates more friction in the checkout process, which isn’t always what you want.
On the plus side, those who hesitate to shop online because of identity theft or fraud fears may welcome this protection.
Use AVS
Address Verification Service (AVS) is an anti-fraud tool that, when combined with delivery signatures, can significantly increase your chances of winning a chargeback. Visa notes that requiring signature upon delivery for items sent to a customer (after the business receives an AVS code indicating an address and zip code match at the time of checkout) is a great way to protect against chargebacks.
AVS is easy to use and will not cost an arm and a leg.
Related Article: How to Use AVS.
Record IP Addresses
Keep a record of the IP address used to make transactions. This information will reveal the geographic area where a computer accessed the internet. If a cardholder uses their computer to initiate a chargeback, and the IP address used points to the same location the computer was used to make the order in question, there’s a chance the cardholder is attempting friendly fraud (especially if the mailing address matches as well). Claiming a charge was unauthorized does not hold up as well when the cardholder’s correct billing address, and more importantly, his IP address, was involved in the process.
Require Signatures for Delivery
If feasible, use a delivery service that requires the recipient’s signature, along with real-time tracking and delivery. That may not be practical for every order, but consider setting a monetary threshold that makes sense for your business, and require a signature. It’s hard for a customer to claim they didn’t receive an item when their signature is on the delivery receipt.
This can be particularly beneficial for high-value purchases.
Make Contact Easy
This step is more important for general chargeback prevention, but is worth noting. Most customers who don’t receive their merchandise or experience a damaged delivery don’t contact the business, but notify the card issuer. Make it easy for customers with genuine issues to get in touch with you 24/7, and give detailed instructions to your customer service team for handling these complaints. Deliberate fraudsters will still initiate the chargeback process with the card issuer, but providing and publicizing good customer service lowers the chargeback rate for misunderstandings and simple mistakes.
Review Your Chargebacks
Review each chargeback carefully, and not only for fraud potential. Do the codes indicate that consumers don’t recognize your business, especially if you utilize a third-party billing service? Make sure that information is clear on your website and on the customer receipt. Work with your processor on descriptor clarification for your customer’s statements, perhaps adding a phone number so puzzled cardholders can contact you directly.
Some businesses use a “dba” or doing-business-as name that may differ from the name that appears on a customer’s statement. Proactive work to make it easy to recognize charges can help cut down on chargebacks due to those confusing transactions.
Consult Your Processor
Consult your processor regularly for advice on security updates and current best practices. All parties involved in transactions – businesses, banks and card issuers, and processors – must stay one step ahead of cybercriminals.
While friendly fraud is the bane of Card Not Present merchants, taking proactive measures can lessen the threat to your business and significantly reduce the incidence of customer scams.
Have you been hit by friendly fraud? What steps have you taken to prevent it?
