Chargeback fraud, also known as friendly fraud, occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. Once approved, the chargeback cancels the financial transaction, and the consumer receives a refund of the money they spent. When a chargeback occurs, the merchant is accountable, regardless of whatever measures they took to verify the transaction.
Friendly fraud has been widespread on the Internet, affecting both the sale of physical products and digital transactions. To combat digital transaction fraud, prepaid cards have been offered as an effective alternative to ensure customer payment. South Korean software developers such as Nexon implemented a prepaid system in 2007 to combat friendly fraud, selling prepaid cards in stores such as Target.
MasterCard was sued in 2003 by an Internet vendor for having credit card policies and fees that have made Internet vendors especially vulnerable targets of friendly fraud. Internet vendors typically have to pay much of the losses when a fraudulent transaction like friendly fraud occurs.
In recent years, a new variant of friendly fraud, involving bank transfers as opposed to credit card payments, has been documented in Europe. SEPA credit transfers can be recalled within 10 working days of settlement by the payer's bank. The lax handling of SEPA SCT Recall requests by some banks has allowed some payers to fraudulently recall bank transfers after having received goods or services from the payee.
An online merchant that sells physical products cannot fully protect themselves. The only way to have concrete protection is to take an imprint of the card (and even with card readers/makers this can easily be duped), along with photo ID. That signature, in addition to information gathered online, can help in the resolution of chargeback disputes but contractually is no guarantee. Also, the merchant can request the card security code on the credit card to fight "Card absent environment" or "Card Not Present" (CNP) chargebacks. These are the three digit codes on the backs of Visa, MasterCard, and Discover cards, and the four digit code on the front of American Express cards.
Friendly fraud thrives in the digital products market where it is much easier for fraudsters to succeed. Common targets include pornography and gambling websites. Attempts by the merchant to prove that the consumer received the purchased goods or services are difficult. Again, the use of card security codes can show that the cardholder (or, in the case of the three-digit security codes written on the backs of U.S credit cards, someone with physical possession of the card or at least knowledge of the number and the code) was present, but even the entry of a security code at purchase does not by itself prove that delivery was made, especially for online or via-telephone purchases where shipping occurs after finalization of the contract. Proof of delivery is often difficult, and when it cannot be provided, the cardholder gets the product without paying for it.
One method of combating friendly fraud is to create a feature in the product that checks in with the merchant's database. If a chargeback is issued, the merchant can tell the product to suspend service. This tactic will also work for digital subscription services or any other online product that requires updates or logins. The merchant will usually still be charged a fee for incurring a chargeback, so this is not a complete solution.
Call center transactions
Another common channel for chargebacks is mail order/telephone order (MOTO) payment processing through a call center. In this case, as with the two others listed here, the main problem is that this is a card not present transaction. To help eliminate call center purchase chargebacks, call centers are working to make the purchases more like "card present" purchases.
When consumers walk into a store and buy something, they typically swipe their credit cards, confirm the purchase amount, enter a secret code (or sign their name) and leave with the merchandise. This is a "card is present" purchase and fraudulent chargebacks in these situations are almost non-existent.
Agent-assisted automation technology is available for call centers that allows customers to enter their credit card information, including the card security code directly into the customer relationship management software without the agent ever seeing or hearing it. The agent remains on the phone, so there is no awkward transfer to an interactive voice response system. All the agent can hear is monotones. This is the "card present" equivalent of "swiping" the card.
Before the purchase is submitted by the agent, the purchase amount is played back to the consumer along with the last four digits of the card. The consumer is asked to confirm their purchase by providing a verbal signature, which is recorded.
Finally, an email is sent to the consumer with the purchase information and an attached audio file of their verbal signature.
Cost to Merchants
A 2016 study by LexisNexis stated that chargeback fraud costs merchants $2.40 for every $1 lost. This is because of product-loss, banking fines, penalties and administrative costs. A 2018 study by the Aite Group on charge back costs, stated that U.S. CNP fraud losses for 2017 were $4 billion and estimated that by 2020 they would rise to $6.4 billion.
The proliferation of online payment methods, including mobile apps, and the increasing sophistication of the fraudulent actors, including bots, have made the task of detecting and preventing CBF, particularly online CBF, more complex. According to a 2018 Gartner report on online fraud, retailers are increasingly turning to machine-learning based (or AI) fraud prevention system to make rapid, effective risk decisions.
- Poole, Riley (January 5, 2008). "Understanding Friendly Fraud". Merchant Talk. Missing or empty
- Sheffield, Brandon (September 7, 2007). "Nexon's Min Kim On The Power Of Microtransactions". Gamasutra.
- Bayot, Ruben (May 13, 2003). "Company Sues MasterCard Over Fees for Online Sales". New York Times.
- As an example, UK building society Nationwide notes under "Important Information" that "A payer can recall a SEPA Credit Transfer within 10 working days of it being paid into your account. If this happens we'll deduct the SEPA Credit Transfer from your account.", "All about SEPA Payments".
- Yang, Maximilian (September 1, 2016). "Card Payments and Consumer Protection in Germany" (PDF). Anglo-German Law Journal.
- Ritchtell, Matt; John Schwartz (November 18, 2002). "Credit Cards Seek New Fees on Web's Demimonde". New York Times.
- "2016 LexisNexis® True Cost of Fraud 7 SM Study" (PDF). LexisNexis. Retrieved 2016-05-01.
- Conroy, Julie (November 15, 2018). "The Global Chargeback Landscape". aitegroup.com. Aite Group LLC.
- Care, Jonathan; Phillips, Tricia (January 31, 2018). "Market Guide for Online Fraud Detection". gartner.com. Gartner, LLC. Retrieved 3 January 2019.