Guide to Chargeback Fraud: Detection and Prevention

A notable surge in friendly fraud marks the current state of chargeback fraud. The 2023 Chargeback Field Report noted that nearly 75 percent of respondents reported an uptick in chargeback fraud – with friendly fraud accounting for an average of 44 percent, attributed to expanding payment methods and increasing economic pressures. This worrying trend underscores the need for proactive chargeback management and fraud prevention strategies to mitigate lost revenue in today’s challenging commercial environment.

What Is Chargeback Fraud?

Chargeback fraud encompasses the deceptive activities linked to chargeback requests or processes. It can range from customers filing false chargeback claims, known as friendly or first-party fraud, to the use of stolen credit cards, in which charges are later disputed and charged back by the rightful owner. Another more complex form of chargeback fraud occurs when a customer obtains goods without payment, illegally requesting a chargeback or exploiting a stolen card. 

How Does Chargeback Fraud Work? 

Chargeback fraud mimics legitimate chargebacks. In a fraudulent transaction, the cardholder contacts their bank and provides a misleading or exaggerated reason for requesting a chargeback – such as that an item was never received or the transaction was not authorized. The bank contacts the merchant’s bank to initiate the process. The merchant is then faced with a decision to either contest or accept the chargeback. If uncontested, the cardholder receives back the amount of the transaction. 

Three Common Types of Chargeback Fraud

While some chargebacks stem from merchant error or poor customer service, it is worth noting that honest disputes do occur as a result of communication breakdowns. The three most common types of chargeback fraud include:

1. Friendly Fraud
   
   Friendly fraud is a broad category of fraud in which legitimate buyers are responsible for unwarranted chargebacks. In these scenarios, the card’s rightful owner makes an online purchase and later disputes the charge with their bank, falsely claiming it was unauthorized or the product was never received. Subcategories include innocent or accidental fraud and opportunistic or malicious friendly fraud.
   
   
2. Criminal Fraud
   
   This form of deliberate fraud is where a criminal uses a stolen credit card to make a purchase and then requests a chargeback from the bank after receiving the goods or services. In this type of fraud, the fraudster’s objective is to receive purchased items or services without paying for them. At the same time, the genuine cardholder remains unaware of the transaction until after the fraud has occurred.
   
   
3. Triangulation Fraud
   
   Triangulation fraud is a particularly malicious and complex exploit involving the customer, the fraudster and an online store. The fraudster sets up a web store or lists items on a big marketplace at unrealistic prices. When they receive an order for an item, they’ll use the unsuspecting customer’s information, shipping address and stolen credit card data to purchase that item from a different store. The customer receives their order, unaware of the fraud. Meanwhile, the customer’s payment information is retained for further unauthorized transactions.

There is much overlap between the types of chargeback fraud. Still, one thing to keep in mind is that all friendly fraud is conducted by a legitimate shopper (who is nevertheless acting maliciously), all first-party fraud is run by the cardholder (who is also acting maliciously), but not all chargeback fraud comes from the cardholder. Another way to look at it is that it all comes down to intentions.

What Are the Costs of Chargeback Fraud for Businesses?

Fraudulent or not, every chargeback is detrimental to your bottom line in direct and indirect costs. Significant impacts include: 

• Fees – It’s estimated that every dollar lost to a chargeback costs merchants between 1.5 and 2.5 the disputed dollar amount, with fees ranging from $20 to $100 per chargeback. With most card networks shifting responsibility for paying the chargeback fees onto businesses, merchant costs total around 260 percent of the item’s sale price. 
• Lost Inventory – Fraudsters are not obligated to return products once a chargeback has been initiated in their favor – compounding financial loss with further inventory loss. 
• Card Monitoring Program Costs – Banks track how frequent chargebacks occur for each merchant, and if your chargeback ratio exceeds 1%, you are at risk of being tasked with extra card fees, put on a monitoring program, or worse, cut off from selling. 
• Operational Costs – While delivering positive ROI, anti-fraud solutions are an extra expense you wouldn’t have to contend with if chargeback fraud didn’t exist. 
• Lost Opportunity Costs – Every second spent dealing with a chargeback is time you could have dedicated to better customers. Being stuck in a dispute resolution process affects your resources and labor management. The opportunity cost is exceptionally high for customer service agents, the finance department, and even sales teams.

How to Detect and Prevent Chargeback Fraud

Preparing your business to handle chargebacks effectively is a good strategy, but preempting chargebacks altogether is even more advantageous. A robust fraud detection and prevention solution can accurately identify your customers, focusing primarily on three critical interactions: user signups, login and the purchase/checkout process. 

Striking a balance between deploying security measures, which can add friction at the checkout point, and allowing customers to have a seamless experience is crucial for maintaining customer satisfaction while ensuring transaction security.

Enable Secure Payment Processing Protocols

The following mechanisms are integral to deterring fraudsters and reducing chargeback events:

• Data Encryption – Acquire Secure Sockets Layer (SSL) certificates to demonstrate that your business is trustworthy and serious about data protection. 
• Address Verification Service (AVS) – AVS is not a bulletproof step, but ensuring that the checkout address matches the cardholder’s address may catch less sophisticated fraud attempts. 
• Card Verification Value (CVV) – Certain online stores have removed CVV checks for faster payments. This simple tool could help lower chargeback fraud in the long run by adding CVV forms. 
• 3D Secure 2.0 (SDS2) – The primary card authentication method that introduces frictionless authentication for online transactions, SDS2 collects data, including IP addresses, transaction histories and purchase amounts, which is shared with the issuing bank, acquiring bank and payment processor. Analyzing collected data allows transactions to be deciphered as low or high-risk.  
• Tokenization – A process whereby transaction data is replaced with randomly generated character strings, tokenization helps ensure that cardholder data remains confidential, making it harder to steal and use the card for transaction fraud.
• Strong Customer Authentication (SCA) – Part of the European Union’s revised Payment Services Directive (PSD2, SCA forces businesses to increase authentication efforts such as multi-factor authentication (MFA), one-time passwords (OTP), or biometrics, for example.

Deploy Digital Footprinting

Referring to the trail of data individuals leave behind when they engage in online activities, and this information can be examined to evaluate risk. It can also be stored to dispute a chargeback or as part of a manual review. 

• Digital Footprint Analysis – Access your customers’ most comprehensive online identity and behavioral data by surveilling social signals and profiles to confirm identity and root out suspicious users. 
• Domain Analysis – Derive insights from patterns, behaviors and methods related to domain information. For example, how old is the domain? How frequently is it updated? Is a user’s email address attached to a temporary or disposable domain name?
• Email Address Profiling – Gather identity-related information, online behaviors and associations through email address analysis. Looking at the age of the email account, ensuring the address matches the customer’s name and verifying information on the WHOIS database can compile a more precise picture to weed out fraudulent accounts. 
• Data Breach Checks – An email address’s age and maturity can be inferred if the address appears in data breaches. Fresher addresses imply an increased risk. 
• Messenger Use – By identifying if a user’s phone number is linked to messenger apps like WhatsApp, Viber, etc., you can capture information regarding when the user was last online, see a profile picture and often find a biography to verify user veracity. 
• Carrier Analysis – Carrier analysis can detect the country of origin of a user’s phone number, decipher whether it is a landline or mobile number and highlight SIMS or eSIM numbers to deduce risk profiles. 
• Phone Number Verification – This is a simple way to filter out invalid phone numbers. 
• Risky Connections – Determining if a user connects online via proxy, Virtual Private Network (VPN) or Tor can contribute to elevating risk. Likewise, pinging open HTTP ports can detect the use of proxies. 
• Internet Service Provider Identification (ISP) – Risk factors can be impacted by identifying which public or private ISPs and their location are being used. 
• Blacklist Checks – A simple way to check if a customer’s IP address has been blacklisted for negative behavior. 
• Bank Identification Number (BIN) Lookup – This is a process of identifying the financial institution that has issued a given card using the first few digits of the card number. 

Leverage Data and Create Adaptable Velocity Rules

Examining the extensive device, IP, software and digital footprint data and taking points in isolation or combination while factoring in time and overall behavior can enable clearer insights to determine suspicious payments.

Setting up velocity rules is a mechanism that checks how often an action is performed in a specified timeframe. For example:

• Numerous failed login attempts
• Shipping address changes
• Many credit card numbers were attempted at checkout 

This data can be fed through a risk rules engine to decide if the payment is suspicious.

Looking at the red numbers above, you can see which rules were triggered and how they affected the overall fraud score. By adding and averaging the total number of points, it is possible to get a score that indicates risk. Rules can be weighted in order of importance to your business use case, as well as customizable thresholds set to automatically accept or reject a payment if it reaches a certain fraud score.

Better Customer Communication

Customer education can go a long way in preventing chargeback and refund requests for online businesses. Taking proactive steps to prioritize clear communication, like providing detailed product or service descriptions to align customer expectations, ensuring easy accessibility through featured contact details or support offerings, and prompt responses to customer inquiries, can enhance the customer journey and add value to the transactional experience.

Fighting Chargeback Fraud

Businesses can fight back against chargeback fraud by using an effective fraud prevention solution. With the ultimate goal of understanding their online visitors better through digital footprint analysis, device intelligence, and more secure payment processing protocols, you can create a customer-friendly, trustworthy environment to safeguard your business’s bottom line. 

FAQ