By Karisse Hendrick, Principal, Chargelytics Consulting
In the spring of 2010, a group of more than a dozen e-commerce fraud prevention professionals sat in a Las Vegas hotel conference room. The topic of discussion was what to call a new phenomenon they had all started seeing in their chargeback reports.
Prior to the recession of 2008 in the United States, chargebacks with a fraud reason code were relatively low and almost always reflected true credit card fraud. As a result of the economic downturn, however, large enterprises experienced a steep increase in fraud-coded chargebacks that, upon investigation, revealed that cardholders were participating in the disputed transaction.
After some debate, the group settled on the term “Friendly Fraud,” which was being used in similar scenarios by banks. Since then, this particularly unfriendly challenge (for the record, I participated in this meeting but voted against the terminology) has evolved well beyond chargebacks, becoming one of the biggest threats to a CNP merchant’s bottom-line.
In a 2019 report, Mercator Advisory Group estimated that friendly fraud would account for over $50 billion in 2020. Given the e-commerce world—along with the rest of the world—went haywire in 2020, we can assume that this number was even higher. The economic impact of Covid-19 has caused many consumers to look for opportunities to maintain their pre-pandemic lifestyle, even if they can’t afford it. Because this problem is so costly to CNP merchants, we wanted to provide a list of the most common forms of friendly fraud in 2021, some of which are much different than—or didn’t even exist—a decade ago.
Friendly Fraud Chargebacks
The most traditional type of friendly fraud is often in the form of chargebacks. While many companies define this a little differently, here are the variations of friendly fraud chargebacks.
Fraud reason code: Most merchants agree this is the most common form of friendly fraud their companies experience. In this case, a fraud-coded chargeback is initiated by the issuing bank. Once the merchant reviews the information in the original transaction, however, there is no evidence that the payment method was stolen (e.g., the customer made purchases using this card on this website in the past; the address, phone number, and/or email address are all registered to the customer; or other verification information is consistent with the cardholder making the purchase). Another common scenario is, while the cardholder may not have made a purchase, it can be proven that the purchaser was someone the cardholder knows, such as a child, spouse, or roommate.
Note that, when performing analysis on these chargebacks, many merchants discover the cardholder has no recollection of filing a chargeback with their bank. They may have called to ask a question about a purchase or filed fraud chargebacks on purchases after this particular one, but did not intend to claim fraud on this specific transaction. For most issuing banks, “fraud” is the easiest chargeback to file for a representative and has become a “catch-all” reason code. This should be considered when determining if you should blacklist the cardholder.
Non-fraud reason codes: Some merchants categorize any chargeback not caused by a processing error on the merchant’s side as “friendly fraud.” In these cases, a cardholder or bank may select other reason codes such as “Product not received” or “Item not as described” to recover the funds they spent for the item or service purchased, without returning the product. In some cases, these claims may be legitimate. Especially if these reason codes begin to increase. If this is the case, it is best to perform an analysis to look for areas of improvement that might prevent future disputes.
It can be challenging to infer customer intent when reviewing chargebacks. However, having a solid process and policies for these chargebacks will not only streamline your internal systems, but also lead to better business intelligence. Optimizing the process to select the right chargebacks to respond to will result in more revenue returned.
The New Fraud in Town: Refund Fraud
The Covid-induced increase in e-commerce purchases has significantly impacted the supply chain, causing legitimate customer service claims of items that “did not arrive.” However, this also created an area of opportunity for what we refer to as refund fraud. This newer type of friendly fraud has two defining features: One, the customer requests a refund for merchandise they received. And two, instead of filing a chargeback with their issuing bank, the customer contacts the merchant’s customer service to request a refund.
Some customers make these requests for themselves, sometime habitually at the same retailers, providing a pattern of behavior that can be flagged for future purchases. What has become more popular lately, however, is hiring a “refunder”: a third party who requests a refund from the merchant. In exchange for this service, and their knowledge of the best way to obtain a refund without returning the purchased items from a specific retailer, refunders charge the customer a fee ranging anywhere from 7 to 25 percent, depending on the merchant and amount spent on items purchased.
Refund friendly fraud is impacting CNP merchants in several ways.
DNA Refunding: Claiming that an item “Did Not Arrive” is the most common claim for customers or refunders pursuing a refund from customer service. As noted above, the legitimate cases of items being lost in transit have increased in the last year, and friendly fraudsters know this. Typically, they will only make this claim once per retailer, and cycle through many retailers with this claim. This method is costing merchants a lot of lost revenue, in both product costs and the refund of the transaction. One prominent retailer shared that their “DNA claims” exceeded their chargeback losses by almost three times in 2020.
Boxing Refunds: Boxing is a term refunders use to describe the method of returning a box, either empty or with items that have significantly less value than the item that was purchased, back to the retailer’s warehouse. Some merchants have reported receiving such items as plastic toy soldiers, cheap candy, animal crackers, peas, etc., in place of the item they sent to the customer. But, because many warehouses are backed up on processing returns and, out of a desire to provide exceptional customer service, a refund can be issued prior to the warehouse discovering that the item was not returned. Similar to DNA refunds, a customer will use their own card to purchase the item, and not make another purchase with that retailer for years. Instead employing this tactic on new retailers each time.
Fake TID Refunding: Fake TID is another term taken from private refunder forums. It’s used to describe the practice of manipulating a Tracking ID to show an item returned to the warehouse (resulting in a call to customer service to demand a same-day refund), when in fact it was sent to another address in the same city, or similar manipulations specific to each shipping company. These tactics vary not only by the shipper, but also by the merchant. Similar to payment fraud, refunders study the entire supply chain and policies for each merchant, learning the exact vulnerability to deploy. Fake TIDs are by far the most damaging type of refund fraud because they allow refunders to “guarantee” obtaining refunds for the highest dollar amounts, depending on each retailer. In some cases, professional refunders will guarantee obtaining refunds for up to $25,000 per transaction.
Challenges with Detection
The biggest challenge associated with all types of friendly fraud is they take place post-transaction, making it nearly impossible to predict at the time a customer places an order. Unlike payment fraud, there are few, if any signs or signals of a customer’s intent to claim fraud, or that an item didn’t arrive on their doorstep, or that they plan to hire someone to send confetti back to the merchant’s warehouse in lieu of the item.
So, the technology and processes merchants rely on to detect and predict payment fraud cannot accurately predict friendly fraud, unless there has been a pattern of behavior on the same account, which is uncommon.
Instead, merchants can deploy root cause analytics to friendly fraud chargebacks, looking for patterns of behavior to implement policies or processes to prevent future similar incidents. Additionally, responding to friendly fraud chargebacks is a good best practice, especially when deployed thoughtfully and practically. Some merchants have also opted to receive alerts or participate in chargeback deflection through a provider, though others have found those to be cost prohibitive. Each e-commerce company should select the right options for their busines, in a holistic manner.
Because friendly fraud refunds are still new, merchants are still working to define best practices to reduce the impact of this latest phenomenon. Some have found that sharing findings from internal analysis with peers (even competitors) has been beneficial. Others have contacted services that have specialized intelligence on how refunders are targeting and exploiting each merchant individually. In some cases, they are contracting a specialist to place “test refund” requests on purchases, allowing them to obtain the Modus Operandi, and adjust policies and processes accordingly.
Whether your company is experiencing friendly fraud chargebacks, friendly fraud refunds, or a combination of both, the need to balance friction for the opportunists and fraudsters while not impacting your legitimate customers remains top priority for a thriving online or mobile business. Diving into the data, identifying patterns, and communicating new policies with customer service will be your guideposts for navigating these exploits that may not involve stolen payment credentials, but can be just as damaging to a CNP company’s bottom-line.