Login
Follow Us! ThumbsUp
info@seon.io+44 20 3997 6090
© Copyright SEON Technologies Ltd. - Legal & Security

Focus on Chargeback Fraud: Detection & Prevention

Focus on Chargeback Fraud: Detection & Prevention

If you browse the online forums of Shopify, the largest online store builder in the world, you’ll find hundreds of comments from new merchants baffled by an apparent rise in chargeback rates.

For online merchants, chargebacks are inescapable, damaging, and often completely unexpected. The sad reality is that, for pretty much every online business offering Card Not Present (CNP) payments, they are a fact of life. 

But it doesn’t have to be this way. In this guide, we’ll deep dive into the problem of chargeback fraud, why it happens, and what you should do to solve it.

What Is a Chargeback?

Chargebacks occur when a cardholder turns to their debit or credit card provider to request that a retailer give their money back because it is linked to a fraudulent or disputed transaction.

At this point, the card issuing bank will contact the merchant’s bank, and request that the merchant sends back the money through this channel.

The chargeback process is ultimately designed to protect customers. At their core, chargebacks are a force for good, but they’re also a piece that fits within a complex payment ecosystem and can be used for fraudulent purposes. 

Chargebacks are not the same as refunds. The latter is just money returned by a merchant to the consumer, while the former is money returned by a merchant to the consumer via at least two intermediaries, who will also penalize the merchant in various ways.

Also note that chargebacks don’t work on other types of payment cards, such as gift cards, or cards not issued by the three leading card providers: Visa, AmEx and Mastercard.

There is limited published data regarding chargebacks as involved parties tend to keep this information to themselves. Issuing banks and card networks refuse to publish essential data. Merchants are also worried it could damage their reputation.

How Do Chargebacks Work? 

Chargebacks occur when a consumer feels like they are owed money back for a purchase that didn’t go as expected. For instance, when someone is dissatisfied with a product or when their card was used without their knowledge. In these instances, the account holder can claim a forced reversal of funds back to their bank account – a chargeback. 

For a chargeback to happen, funds have to be taken from the merchant’s account and sent back to the customer. This can take weeks or months and costs a great deal in administrative fees, which are always passed on to the merchant.

Specifically:

  1. The cardholder approaches their issuing bank and requests a chargeback, providing an explanation of the issue.
  2. The cardholder’s bank contacts the acquiring bank, which is who the merchant deals with.
  3. The merchant chooses whether to accept or contest the chargeback.
  4. The cardholder receives the contested sum of money.
chargeback process workflow

3 Possible Outcomes of a Chargeback

Another way to look at this is by considering the outcome and consequences.

After a chargeback is initiated, there are three potential scenarios. They all have negative consequences for the merchant and sometimes others:

outcomeconsequences
1The merchant accepts the chargeback.• The merchant loses item(s), funds and admin fees.
• The merchant’s chargeback ratio increases.
• The cardholder receives the money.
• The cardholder or fraudster keeps the item(s).
2The merchant contests chargeback but loses.• The merchant loses item(s), funds and admin fees.
• The merchant’s chargeback ratio increases.
• The merchant loses time spent gathering and filing evidence.
• The cardholder receives the money.
• The cardholder or fraudster keeps the item(s).
3The merchant contests chargeback but wins.• The merchant loses item(s) and admin fees.
• The cardholder does not receive money.
• The cardholder or fraudster keeps the item(s).

This dispute process that takes place if the merchant chooses to contest the request is called chargeback recovery. Even if the merchant wins, there is still much lost.

The dispute process is in no way straightforward and can be extremely time-consuming. It may take weeks, requires extensive knowledge of chargeback codes for specific reasons, and there can be a second chargeback or pre/arbitration stage.

Risk teams can lose hours fighting a single dispute, which is why many merchants opt to simply deal with the loss rather than wasting energy challenging the chargeback.

As becomes obvious, the best possible scenario is not even on our table. It’s preventing chargebacks from happening in the first place – which should be every merchant’s goal, and we’ll look at later.

Why Do Buyers Request Chargebacks?

Here are four common reasons why a merchant would receive a chargeback request.

  1. Merchant error: Shipped the wrong item, forgot a discount, or technical mistake.
  2. Unauthorized payments: Someone used a card without permission – usually family members, such as children who purchase mobile games without their parents’ consent.
  3. Card fraud: The card details have been stolen by fraudsters who purchased goods without the original cardholder’s authorization.
  4. Friendly fraud: Also known as chargeback abuse, first-party fraud or “liar buyer”, this is a growing problem stemming from opportunistic buyers taking advantage of card issuers’ and merchants’ goodwill.

In recent years, we have also seen a rise in chargeback requests used as a weapon against stores. This could be because of a store policy they disapprove of, or simply because they feel buyer’s remorse.

For example, a shop offers some kind of account credit or gift card instead of a refund as a result of a complaint, and the customer does not like this. So they turn to their bank to reclaim their money in full.

chargebacks
The chargeback process

Who Is Involved in the Chargeback Process?

To understand why chargebacks are so expensive, it helps to visualize who is involved in the process:

  • Buyer, or customer: the person who files a chargeback request. Also known as the original/legitimate cardholder.
  • Merchant: the online store or business that sold the goods or services. They can either accept the chargeback or fight it through a dispute.
  • Issuer: the bank connected to the buyer’s credit card.
  • Acquirer: the bank or financial institution that processes card payments for the merchant.
  • Payment gateway: the software used to transfer transaction data from the merchant to the acquirer.
  • Credit card company: the organization that oversees the whole chargeback process. Major credit card companies have different procedures for dealing with chargebacks.
Forex Firm Slashes 45% of Chargebacks with SEON

Read a real-life account of how this award-winning forex platform eliminated chargebacks, as well as chargeback fraud, with SEON.

Read the Testimonial

How Much Does a Chargeback Cost?

Chargebacks add insult to injury for retailers. Merchants lose a sale, a physical or digital item, and also have to pay fees on top. If chargebacks occur too often, then merchants can even incur additional penalties as well.

Failing to meet the issuer’s requirements for chargebacks means merchants will be considered high-risk, fined, and in extreme cases, prevented from accepting the company’s payment methods altogether.

The key metric for this is the chargeback ratio, with which banks keep track of how frequent chargebacks are for each merchant. Get it too high (usually over 1% or more) and you may even be cut off from selling to a large portion of the population.

In fact, it has been estimated that every dollar lost to a chargeback costs merchants $2.40. This means a $100 chargeback can result in losses of more than $240 due to the extra fees. According to other sources, fraud of a similar type can cost even more – up to $3.60 per $1.

And that’s before we even consider the additional time and effort lost as a result of chargebacks for the sales team, IT or customer support agents – and fraud managers.

See How Much Chargebacks Could Cost You

The thing is, fraudulent or not, every chargeback is detrimental to a merchant’s bottom line. But the way to reduce and hopefully minimize cases of chargebacks will depend on whether it is fraudulent or not.

The biggest problem for businesses comes from accepting a payment from a stolen credit card. These card numbers are physically stolen, acquired via phishing techniques or bought on the dark web, among others.

By the time the legitimate cardholder issues a chargeback request, your business has dispatched the goods and has to foot the bill. The fraudster disappears with stolen goods and you’re left with one missing sale, less cash in the bank, and an angry potential customer. 

This is what it costs you:

  • Merchants lose $2.40 for every $1 a fraudster takes.
  • There’s almost one chargeback for every 49 legitimate transactions.
  • Chargebacks increase by 41% every two years.

Wondering exactly what this means for you? Use our fraud loss calculator to see an estimate of how much you are losing to chargebacks and other fraud:

 
 
 
 
 
 
 
 

Fraudulent or not, chargebacks should be avoided at all costs by merchants who are looking to maximize their bottom line.

What Is Chargeback Fraud?

Chargeback fraud is any and all fraudulent behavior that is related to a chargeback request or even to the process. This includes chargeback requests filed under false pretenses (friendly or first-party fraud) and carding, but it can be much more elaborate. For instance, a merchant could try to falsify evidence of successful completion of an order to contest the request.

The simplest way to describe this, however, is that it takes place whenever a customer attempts to receive goods for free – either by directly requesting an illegitimate chargeback or by using a stolen credit card that subsequently is charged back by the legitimate cardholder. In fact, a customer might even attempt to double dip, keeping the item but also receiving both a chargeback and a refund.

Why Do Businesses Need to Reduce Chargebacks?

The modern payment ecosystem is complex and sophisticated. Dealing with chargebacks is just as complex for businesses, and also expensive.

  • Lost time and resources: You may contest a chargeback in a process called dispute resolution. This dispute is between your company, the cardholder, and the issuing bank. It may take its toll on your resources and labor management. 
  • Lost merchandise and profit: If the chargeback goes through due to payment fraud, your business stands to lose the product or service and the profits of the sale. 
  • Admin fees: Card networks have shifted responsibility for paying the chargeback fees onto businesses. You will also have to pay an admin fee to the card network. 
  • Higher card processing fees: If your chargeback rate is considered too high (usually above 1% of all transactions), card networks may consider your business high-risk and will charge you higher fees. You’ll also be put under a monitoring program, which adds more operational costs. 

3 Types of Chargeback Fraud

While some chargebacks will stem from merchant error, i.e. poor customer service, there are several other scenarios.

It is worth noting that in addition to issues related to bad actors, honest disputes can lead to chargebacks too, often due to a breakdown in communication between merchant and shopper, and poor customer service.

Friendly Fraud 

This is the most common type of fraud related to chargebacks. Friendly fraud occurs when a customer purposefully goes directly to a bank to initiate the chargeback claim in order to abuse company policies and ultimately keep the purchased products without paying for them.

Criminal Fraud

Criminal fraud is where a stolen credit card or infiltrated account is used to purchase goods and services without the cardholder’s permission. This legitimate customer will then state that the transaction was not authorized and trigger a chargeback process. 

Triangulation Fraud for Chargebacks

A more recent fraud technique linked to chargebacks that is making waves in the ecommerce world is triangulation fraud. It works as follows:

  1. Someone makes a purchase from a marketplace seller (e.g. on eBay).
  2. The seller is in fact a fraudster, and buys the same item from a legitimate online store.
  3. They use a stolen credit card number and give the legitimate store the original customer’s shipping address.
  4. This item is shipped to the customer, while the fraudster keeps the “clean” money.
  5. The owner of the stolen credit card number notices a transaction they haven’t made and initiates a chargeback.
  6. The legitimate online business attempts to get in touch with the eBay seller, but is ignored. They have no option but to pay the chargeback fee.

In this scenario, the initial seller receives the item they paid for and so the fraudulent marketplace seller appears legitimate. But it’s the legitimate store who suffers the most, losing everything that’s lost to a chargeback: original item, money, time, fees, chargeback rate increase.

This is a great example of how widespread and sophisticated fraud has become. Fraudsters are always on the lookout for new avenues to exploit, especially as online stores and marketplaces are constantly attempting to provide a frictionless and fast payment experience for customers. 

triangulation

The Difference Between Chargeback & Other Fraud

There is a lot of overlap between chargeback fraud, first-party fraud and friendly fraud.

One thing to keep in mind is that all friendly fraud is conducted by a legitimate shopper (who is nevertheless acting maliciously), all first-party fraud is conducted by the cardholder (who is also acting maliciously), but not all chargeback fraud comes from the cardholder.

Another way to look at it is that it all comes down to intentions. While this isn’t something that can be understood when the first transaction is made, you can spot patterns over time – ie, if a person appears to initiate chargebacks more often than not, they should be looked into.

Such a difference does come into play when balancing customer communication/relationships and the option to simply blacklist them entirely.

friendly fraud vs chargeback fraud

How to Detect & Prevent Chargeback Fraud

Preparing your business for fighting chargebacks is great. Preventing chargebacks from happening in the first place is even better. 

For this, there’s no match for a good fraud prevention tool. It should give you a good idea of who your buyers really are, by focusing on three key touchpoints: signup, log-in and purchase/check-out.

Now let’s dive deeper into the tools, methods, and techniques used to detect fraudulent chargebacks.

Enable Secure Payment Processing Protocols

The good news is that payment processors know about the challenges of chargebacks. The bad news is that deploying security measures can add friction at the checkout stage. 

Still, there are good practices to follow when it comes to securing payments (and deterring fraudsters). 

  • Data encryption: Acquire SSL certificates to demonstrate that your business is trustworthy and serious about data protection. 
  • AVS: The Address Verification Service matches the checkout address with that of the cardholder. It’s not bulletproof, but it may trip up less sophisticated fraud attempts.
  • CVV: Certain online stores remove the Card Verification Value check to make payments faster. However, it’s once again a simple tool that could help with chargebacks in the long run.
  • 3DS2: The most widely used forms of payment security, 3-D Secure and its second iteration, 3DS2, let you collect more information during and before checkout. That includes IP address, transaction history, and purchase amount. The data is shared between the issuing and acquiring bank as well as the payment processor. The analysis is fast, taking a few seconds on average. 
  • Tokenization: A process whereby transaction data is replaced with randomly generated strings of characters. It helps ensure that cardholder data remains confidential, making it harder to steal and use the card for transaction fraud.
  • SCA: Strong Customer Authentication is part of the EU’s PSD2 directive, which forces businesses to increase authentication efforts. Most of it is covered with MFA (multi-factor authentication), one-time passwords (OTP), or biometrics, for instance.

Deploy Data Enrichment

For every transaction your customer makes, there are basic fields that they need to fill in, such as their email address or phone number. With data enrichment, you can use this information behind the scenes to learn more about them without interrupting their shopping journey.

SEON’s fraud prevention solution allows you to obtain a wide variety of additional data points to inform your decisions. This means data enrichment can do the following, among others:

  • Digital footprint analysis: See if a user’s email address is linked to one or more of over 50+ social media and online platforms. Obtain a user profile picture and biography. See when the customer was last online.
  • Domain analysis: Is the customer’s email address from a disposable or temporary email domain? Does it require SMS verification? Is it a free or high-risk provider? How old is the domain? How often is the domain updated?
  • Email address profiling: When was the address created? Does the address match the customer’s name? Can the owner’s information be verified on a WHOIS database?
  • Data breach checks: Can the customer’s email address be found on lists of known leaks? From this, the age and maturity of the email address can be inferred. Fresher addresses imply an increased risk.
  • Messenger use: Identify if the user’s phone number is linked to one or more messaging apps such as Viber, WhatsApp etc. Obtain a user profile picture and biography. See when the customer was last online.
  • Carrier analysis: Detects the origin country for a customer’s phone number. Identify the type of number – landline or mobile? See who the network carrier is. Highlight virtual SIMs and eSIM numbers.
  • Phone number verification: Filter out invalid phone numbers.
  • Risky connections: Spot proxy, VPN, and Tor usage. Ping open HTTP ports to detect the usage of proxies.
  • ISP identification: Identify public and private Internet Service Providers. The risk factor can be increased depending on the category of the ISP or even their location.
  • Blacklist checks: Flag if the customer’s IP address has been blacklisted for spamming.
  • Look up BINs: Looking up card BINs will provide useful data to both signal any suspicious activity and prove you’re doing your due diligence to any interested parties.

All the data available isn’t just useful to immediately spot obvious fraudsters. It can also be stored for future use to be able to dispute a chargeback or to be used as part of a manual review – when you aren’t sure if you should accept the payment or not.

Device & Behavior Analysis

Device fingerprinting allows you to examine the hardware and software a shopper uses, combining this with as many additional data points as possible, you can create a profile of the user’s setup.

In the context of chargeback prevention, this is an extremely effective way to identify payments made in suspicious circumstances, for instance from a previously-unseen device for that shopper. 

You can consider these points in isolation or in combination, also considering time and overall behavior. For example, it’s possible to use velocity rules to look at how often an action is performed, such as:

  • numerous failed login attempts within a set timeframe
  • the shipping address is changed very quickly
  • a lot of different credit cards are attempted at the checkout

This data can then be fed through risk rules, to help decide if the payment looks suspicious or not. 

fraud score

Looking at the red numbers, you can see which rules were triggered, and how they affected the score.

By adding and averaging the total number of points, it is possible to get a score that may indicate risk. The rules can be weighed in order of importance. For instance, thresholds can be set for automatically accepting payments or automatically rejecting them if they reach a certain fraud score.

Improve Customer Communication

Educating buyers goes a long way toward preventing both chargeback and refund requests. There are a number of steps that any online business can take to reduce the number of attempted chargebacks:

  • Be as descriptive as possible: Your products or services should be described as precisely as possible to ensure customers aren’t disappointed or underwhelmed by the difference between what they expect and what they receive. 
  • Be easy to reach: This is particularly useful with buyer’s remorse. It is important to have a phone number, live agent or support email for customers clearly highlighted on your website. Your contact details should also be present on receipts, emails and packing slips.
  • Respond as quickly as possible: This adds a lot of value and is part of the overall customer service experience any business should offer.
  • Ensure you have full authorization for an order: To prevent improper authorization chargebacks, an online merchant should get authorization for each package they ship out from their store/warehouse.
  • Wait until shipping before charging: Place an authorization hold before you charge the customer. The customer should not be charged until the goods leave the warehouse, or the services have been provided, because a hold is incredibly easy to reverse.
Reduce Chargeback Rates with SEON

Install a real-time fraud prevention solution to screen your business transactions, with machine learning, custom lists and rules, and unique digital footprint analysis.

Book a Demo

SEON’s Features Against Chargeback Fraud

SEON’s fraud prevention software works at different touchpoints, to both prevent chargebacks in the first place and provide useful information to challenge a chargeback. It will also help demonstrate that you are doing your due diligence to any intermediaries.

Create an invisible safety net that’s fully customizable. You’ll be able to immediately block obvious fraud, and manually review medium-risk customers – all while making life easy for your loyal and low-risk shoppers. A number of modules gather and enrich data, and then utilize sophisticated machine learning and complex rules to generate a reliable, fully explainable risk score. 

With digital footprint analysis, a single email address can reveal useful information from 50+ sources, through data enrichment. The social media lookup feature can be used to evaluate how risky the address, and more insights are provided by looking at the age, type, string analysis, and more.

We offer powerful device fingerprinting that tracks customers across incognito browsing, emulators and VPNs. Thousands of data points are collected and compared to identify bad users – even after they reinstall or update their browser.

Whitebox machine learning and predictive scoring learns from previous chargeback patterns and retrains itself numerous times a day. Results are provided via human-readable rule suggestions with specific accuracy percentages.

It is possible to enable specific algorithms for login, checkout and even signup to prevent fraudulent transactions at the earliest point possible, providing proactive protection.

We use a micro fee model, where you pay per transaction check. Ensure payments from legitimate customers aren’t blocked while avoiding chargebacks, which is a common pitfall with the chargeback guarantee model – where fraud prevention vendors tend to err on the side of caution, and thus can cause a rise in false positives and legitimate customers being unable to purchase.

Our goal is to give you all the tools you need to understand who is visiting and attempting to shop on your website as soon as they arrive. From there, you can be as hands-on as you prefer – or fully automate the process.

Sign up for a free trial, no card required, or book a demo today.

FAQ

How serious is chargeback fraud?

Chargebacks directly impact both present and future revenue. Not only can a loss of stock and profits ensue but also merchants can lose the account with their card network or face higher fees when accepting orders – all because of a high chargeback rate.

Is a chargeback considered fraud?

This depends on the context but a chargeback is considered fraud if it’s with malicious intent. Due to the fact the chargeback is actioned from the customer’s side, telling the difference between deliberate chargeback fraud and genuine chargebacks can be difficult for merchants.

How do you fight chargeback scams?

Collecting as much evidence and establishing a customer profile is the best way to dispute chargeback claims yet it is still difficult for merchants to claim that the person is a fraudster as the system is set up to support the customers. Understanding who they are and their typical behavior will ultimately help, and provide that valuable evidence.

How did chargeback law start?

In 1974, the Fair Credit Billing Act in the US decreed that consumers who noticed a suspicious credit card transaction could contest it with their bank. The goal was to boost trust in the credit card and banking system and to de-incentivize merchants from committing fraud. Similar legislation was also put in place in other countries and regions – for example, the Consumer Credit Act in the United Kingdom. Chargeback regulations are the modern-day evolution of such legislation.

What happens when you request a chargeback?

First, the card-issuing bank receives the chargeback request. It is then handed to the acquiring bank that does the actual payment processing. The merchant is then served the request, and then can either accept the chargeback, paying back the spent money as well as incurred fees, or contest it, providing evidence that the product and its delivery were all up to par. The merchant will either win, concluding the issue, or lose – in which case the chargeback goes ahead.

How long does a chargeback take?

The process of a chargeback can take anywhere from 30 to 90 days. If the merchant does not dispute the chargeback, it will take much less time than if they do. Disputing the chargeback will trigger an arbitration process that involves looking at any evidence the merchant has that suggests the chargeback is invalid – a process that can drag on for weeks.

Sources

  • Expert Market: Chargeback Fraud Statistics 2022: Everything You Need to Know About Chargeback Fraud

 

Share on social media

Sign up to download

In order to download this PDF, please sign up to our newsletter.

Thanks for submitting the form, click the button below to download our guide.

Click the button below to download our guide.

download box icon