Guide to Chargeback Fraud: Detection & Prevention in 2023

What Is Chargeback Fraud?

Chargeback fraud is any and all fraudulent behavior that is related to a chargeback request or even to the process. This includes chargeback requests filed under false pretenses (friendly or first-party fraud) and carding, but it can be much more elaborate. For instance, a merchant could try to falsify evidence of successful completion of an order to contest the request.

The simplest way to describe this, however, is that it takes place whenever a customer attempts to receive goods for free – either by directly requesting an illegitimate chargeback or by using a stolen credit card that subsequently is charged back by the legitimate cardholder. In fact, a customer might even attempt to double dip, keeping the item but also receiving both a chargeback and a refund.

How Does Chargeback Fraud Work? 

For chargeback fraud to work, the person initiating the payment must be familiar with the chargeback process and a company’s refund policy. The fraud can be premediated, or opportunistic. They will purchase something online, receive it, and initiate a chargeback under fraudulent reasons.

In other words, it works exactly like a standard chargeback, albeit one requested for fraudulent reasons:

1. The cardholder approaches their issuing bank and requests a chargeback, providing a fake, wrong or exaggerated explanation of the issue.
2. The cardholder’s bank contacts the acquiring bank, which is who the merchant deals with.
3. The merchant chooses whether to accept or contest the chargeback.
4. The cardholder receives the contested sum of money.

3 Types of Chargeback Fraud

While some chargebacks will stem from merchant error, i.e. poor customer service, there are several other scenarios.

It is worth noting that in addition to issues related to bad actors, honest disputes can lead to chargebacks too, often due to a breakdown in communication between merchant and shopper, and poor customer service.

Friendly Fraud 

This is the most common type of fraud related to chargebacks. Friendly fraud occurs when a customer purposefully goes directly to a bank to initiate the chargeback claim in order to abuse company policies and ultimately keep the purchased products without paying for them.

Criminal Fraud

Criminal fraud is where a stolen credit card or infiltrated account is used to purchase goods and services without the cardholder’s permission. This legitimate customer will then state that the transaction was not authorized and trigger a chargeback process. 

Triangulation Fraud for Chargebacks

A more recent fraud technique linked to chargebacks that is making waves in the ecommerce world is triangulation fraud. It works as follows:

1. Someone makes a purchase from a marketplace seller (e.g. on eBay).
2. The seller is in fact a fraudster, and buys the same item from a legitimate online store.
3. They use a stolen credit card number and give the legitimate store the original customer’s shipping address.
4. This item is shipped to the customer, while the fraudster keeps the “clean” money.
5. The owner of the stolen credit card number notices a transaction they haven’t made and initiates a chargeback.
6. The legitimate online business attempts to get in touch with the eBay seller, but is ignored. They have no option but to pay the chargeback fee.

In this scenario, the initial seller receives the item they paid for and so the fraudulent marketplace seller appears legitimate. But it’s the legitimate store who suffers the most, losing everything that’s lost to a chargeback: original item, money, time, fees, chargeback rate increase.

This is a great example of how widespread and sophisticated fraud has become. Fraudsters are always on the lookout for new avenues to exploit, especially as online stores and marketplaces are constantly attempting to provide a frictionless and fast payment experience for customers. 

The Differences Between Chargeback Fraud & Friendly Fraud

There is a lot of overlap between chargeback fraud, first-party fraud and friendly fraud.

One thing to keep in mind is that all friendly fraud is conducted by a legitimate shopper (who is nevertheless acting maliciously), all first-party fraud is conducted by the cardholder (who is also acting maliciously), but not all chargeback fraud comes from the cardholder.

Another way to look at it is that it all comes down to intentions. While this isn’t something that can be understood when the first transaction is made, you can spot patterns over time – ie, if a person appears to initiate chargebacks more often than not, they should be looked into.

Such a difference does come into play when balancing customer communication/relationships and the option to simply blacklist them entirely.

What Are the Costs of Chargeback Fraud for Businesses?

Fraudulent or not, every chargeback is detrimental to a merchant’s bottom line, both in direct and indirect costs. Here is why they are so damaging for businesses: 

• Chargeback fees: It has been estimated that every dollar lost to a chargeback costs merchants $2.40. This means a $100 chargeback can result in losses of more than $240 due to the extra fees. According to other sources, fraud of a similar type can cost even more – up to $3.60 per $1.
  
• Lost inventory: the fraudster is under no obligation to return the item once a chargeback has been initiated in their favor. These are goods you will never see again.
  

• Card monitoring programme costs: The key metric for this is the chargeback ratio, with which banks keep track of how frequent chargebacks are for each merchant. Get it too high (usually over 1% or more) and you may have to pay extra card feesm or risk being cut off from selling to a large portion of the population.
  
• Operational costs: while hopefully your anti-fraud system will deliver good ROI, it is still an extra expense that you wouldn’t have if chargeback fraud didn’t exist.
  
• Lost opportunity cost: every second spent dealing with a chargeback is time you could have dedicated to better customers. The opportunity cost is particularly high for customer service agents, the finance department, and even sales teams. 

Wondering exactly what this means for you? Use our fraud loss calculator to see an estimate of how much you are losing to chargebacks and other fraud:

Fraudulent or not, chargebacks should be avoided at all costs by merchants who are looking to maximize their bottom line.

Why Do Businesses Need to Reduce Chargebacks?

The modern payment ecosystem is complex and sophisticated. Dealing with chargebacks is just as complex for businesses, and also expensive.

• Lost time and resources: You may contest a chargeback in a process called dispute resolution. This dispute is between your company, the cardholder, and the issuing bank. It may take its toll on your resources and labor management. 
• Lost merchandise and profit: If the chargeback goes through due to payment fraud, your business stands to lose the product or service and the profits of the sale. 
• Admin fees: Card networks have shifted responsibility for paying the chargeback fees onto businesses. You will also have to pay an admin fee to the card network. 
• Higher card processing fees: If your chargeback rate is considered too high (usually above 1% of all transactions), card networks may consider your business high-risk and will charge you higher fees. You’ll also be put under a monitoring program, which adds more operational costs. 

How to Detect & Prevent Chargeback Fraud

Preparing your business for fighting chargebacks is great. Preventing chargebacks from happening in the first place is even better. 

For this, there’s no match for a good fraud prevention tool. It should give you a good idea of who your buyers really are, by focusing on three key touchpoints: signup, log-in and purchase/check-out.

Now let’s dive deeper into the tools, methods, and techniques used to detect fraudulent chargebacks.

Enable Secure Payment Processing Protocols

The good news is that payment processors know about the challenges of chargebacks. The bad news is that deploying security measures can add friction at the checkout stage. 

Still, there are good practices to follow when it comes to securing payments (and deterring fraudsters). 

• Data encryption: Acquire SSL certificates to demonstrate that your business is trustworthy and serious about data protection. 
• AVS: The Address Verification Service matches the checkout address with that of the cardholder. It’s not bulletproof, but it may trip up less sophisticated fraud attempts.
• CVV: Certain online stores remove the Card Verification Value check to make payments faster. However, it’s once again a simple tool that could help with chargebacks in the long run.
• 3DS2: The most widely used forms of payment security, 3-D Secure and its second iteration, 3DS2, let you collect more information during and before checkout. That includes IP address, transaction history, and purchase amount. The data is shared between the issuing and acquiring bank as well as the payment processor. The analysis is fast, taking a few seconds on average. 
• Tokenization: A process whereby transaction data is replaced with randomly generated strings of characters. It helps ensure that cardholder data remains confidential, making it harder to steal and use the card for transaction fraud.
• SCA: Strong Customer Authentication is part of the EU’s PSD2 directive, which forces businesses to increase authentication efforts. Most of it is covered with MFA (multi-factor authentication), one-time passwords (OTP), or biometrics, for instance.

Deploy Data Enrichment

For every transaction your customer makes, there are basic fields that they need to fill in, such as their email address or phone number. With data enrichment, you can use this information behind the scenes to learn more about them without interrupting their shopping journey.

SEON’s fraud prevention solution allows you to obtain a wide variety of additional data points to inform your decisions. This means data enrichment can do the following, among others:

• Digital footprint analysis: See if a user’s email address is linked to one or more of over 50+ social media and online platforms. Obtain a user profile picture and biography. See when the customer was last online.
• Domain analysis: Is the customer’s email address from a disposable or temporary email domain? Does it require SMS verification? Is it a free or high-risk provider? How old is the domain? How often is the domain updated?
• Email address profiling: When was the address created? Does the address match the customer’s name? Can the owner’s information be verified on a WHOIS database?
• Data breach checks: Can the customer’s email address be found on lists of known leaks? From this, the age and maturity of the email address can be inferred. Fresher addresses imply an increased risk.
• Messenger use: Identify if the user’s phone number is linked to one or more messaging apps such as Viber, WhatsApp etc. Obtain a user profile picture and biography. See when the customer was last online.
• Carrier analysis: Detects the origin country for a customer’s phone number. Identify the type of number – landline or mobile? See who the network carrier is. Highlight virtual SIMs and eSIM numbers.
• Phone number verification: Filter out invalid phone numbers.
• Risky connections: Spot proxy, VPN, and Tor usage. Ping open HTTP ports to detect the usage of proxies.
• ISP identification: Identify public and private Internet Service Providers. The risk factor can be increased depending on the category of the ISP or even their location.
• Blacklist checks: Flag if the customer’s IP address has been blacklisted for spamming.
• Look up BINs: Looking up card BINs will provide useful data to both signal any suspicious activity and prove you’re doing your due diligence to any interested parties.

All the data available isn’t just useful to immediately spot obvious fraudsters. It can also be stored for future use to be able to dispute a chargeback or to be used as part of a manual review – when you aren’t sure if you should accept the payment or not.

Device & Behavior Analysis

Device fingerprinting allows you to examine the hardware and software a shopper uses, combining this with as many additional data points as possible, you can create a profile of the user’s setup.

In the context of chargeback prevention, this is an extremely effective way to identify payments made in suspicious circumstances, for instance from a previously-unseen device for that shopper. 

You can consider these points in isolation or in combination, also considering time and overall behavior. For example, it’s possible to use velocity rules to look at how often an action is performed, such as:

• numerous failed login attempts within a set timeframe
• the shipping address is changed very quickly
• a lot of different credit cards are attempted at the checkout

This data can then be fed through risk rules, to help decide if the payment looks suspicious or not. 

Looking at the red numbers, you can see which rules were triggered, and how they affected the score.

By adding and averaging the total number of points, it is possible to get a score that may indicate risk. The rules can be weighed in order of importance. For instance, thresholds can be set for automatically accepting payments or automatically rejecting them if they reach a certain fraud score.

Improve Customer Communication

Educating buyers goes a long way toward preventing both chargeback and refund requests. There are a number of steps that any online business can take to reduce the number of attempted chargebacks:

• Be as descriptive as possible: Your products or services should be described as precisely as possible to ensure customers aren’t disappointed or underwhelmed by the difference between what they expect and what they receive. 
• Be easy to reach: This is particularly useful with buyer’s remorse. It is important to have a phone number, live agent or support email for customers clearly highlighted on your website. Your contact details should also be present on receipts, emails and packing slips.
• Respond as quickly as possible: This adds a lot of value and is part of the overall customer service experience any business should offer.
• Ensure you have full authorization for an order: To prevent improper authorization chargebacks, an online merchant should get authorization for each package they ship out from their store/warehouse.
• Wait until shipping before charging: Place an authorization hold before you charge the customer. The customer should not be charged until the goods leave the warehouse, or the services have been provided, because a hold is incredibly easy to reverse.
  

SEON’s Features Against Chargeback Fraud

SEON’s fraud prevention software works at different touchpoints, to both prevent chargebacks in the first place and provide useful information to challenge a chargeback. It will also help demonstrate that you are doing your due diligence to any intermediaries.

Create an invisible safety net that’s fully customizable. You’ll be able to immediately block obvious fraud, and manually review medium-risk customers – all while making life easy for your loyal and low-risk shoppers. A number of modules gather and enrich data, and then utilize sophisticated machine learning and complex rules to generate a reliable, fully explainable risk score. 

With digital footprint analysis, a single email address can reveal useful information from 50+ sources, through data enrichment. The social media lookup feature can be used to evaluate how risky the address, and more insights are provided by looking at the age, type, string analysis, and more.

We offer powerful device fingerprinting that tracks customers across incognito browsing, emulators and VPNs. Thousands of data points are collected and compared to identify bad users – even after they reinstall or update their browser.

Whitebox machine learning and predictive scoring learns from previous chargeback patterns and retrains itself numerous times a day. Results are provided via human-readable rule suggestions with specific accuracy percentages.

It is possible to enable specific algorithms for login, checkout and even signup to prevent fraudulent transactions at the earliest point possible, providing proactive protection.

We use a micro fee model, where you pay per transaction check. Ensure payments from legitimate customers aren’t blocked while avoiding chargebacks, which is a common pitfall with the chargeback guarantee model – where fraud prevention vendors tend to err on the side of caution, and thus can cause a rise in false positives and legitimate customers being unable to purchase.

Our goal is to give you all the tools you need to understand who is visiting and attempting to shop on your website as soon as they arrive. From there, you can be as hands-on as you prefer – or fully automate the process.

Sign up for a free trial, no card required, or book a demo today.

FAQ

Sources

• Expert Market: Chargeback Fraud Statistics 2022: Everything You Need to Know About Chargeback Fraud