Friendly fraud, also known as chargeback fraud occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. Once approved, the chargeback cancels the financial transaction, and the consumer receives a refund of the money they spent.[1] Dependent on the payment method used, the merchant can be accountable when a chargeback occurs.[2]
Friendly fraud has been widespread on the Internet, affecting both the sale of physical products and digital transactions. To combat digital transaction fraud, prepaid cards have been offered as an effective alternative to ensure customer payment.[3]
MasterCard was sued in 2003 by an Internet vendor for having credit card policies and fees that have made Internet vendors especially vulnerable targets of friendly fraud. Internet vendors typically have to pay much of the losses when a fraudulent transaction like friendly fraud occurs.[4]
In recent years, a new variant of friendly fraud, involving bank transfers as opposed to credit card payments, has been documented in Europe. SEPA credit transfers can be recalled within ten working days of settlement by the payer's bank.[5] While merchants may be under the (outdated) impression that bank transfers are permanent, this is no longer the case as the SEPA rules replaced domestic bank transfer schemes throughout Europe. Adding to the issue is that some receiving banks have handled SEPA SCT Recall requests without due care and are reverting payments without consulting the payee. This has allowed some payers to fraudulently recall bank transfers after having received goods or services from the payee.[6]
Online merchants who sell physical products cannot fully protect themselves. The only way to have concrete protection is to take an imprint of the card (and even with card readers/makers this can easily be duped), along with photo ID. That signature, in addition to information gathered online, can help in the resolution of chargeback disputes but contractually is no guarantee. Also, the merchant can request the card security code on the credit card to fight "Card absent environment" or "Card Not Present" (CNP) chargebacks. These are the three digit codes on the backs of Visa, MasterCard, and Discover cards, and the four digit code on the front of American Express cards.
Friendly fraud thrives in the digital products market where it is much easier for fraudsters to succeed. Common targets include pornography and gambling websites.[7] Attempts by the merchant to prove that the consumer received the purchased goods or services are difficult. Again, the use of card security codes[8] can show that the cardholder (or, in the case of the three-digit security codes written on the backs of U.S. credit cards, someone with physical possession of the card or at least knowledge of the number and the code) was present, but even the entry of a security code at purchase does not by itself prove that delivery was made, especially for online or via-telephone purchases where shipping occurs after finalization of the contract. Proof of delivery is often difficult, and when it cannot be provided, the cardholder gets the product without paying for it.
One method of combating friendly fraud is to create a feature in the product that checks in with the merchant's database. If a chargeback is issued, the merchant can tell the product to suspend service. This tactic will also work for digital subscription services or any other online product that requires updates or logins. The merchant will usually still be charged a fee for incurring a chargeback, so this is not a complete solution.
Another common channel for chargebacks is mail order/telephone order (MOTO) payment processing through a call center. In this case, as with the two others listed here, the main problem is that this is a card not present transaction. To help eliminate call center purchase chargebacks, call centers are working to make the purchases more like card present purchases.
When consumers walk into a store and buy something, they typically swipe their credit cards, confirm the purchase amount, enter a secret code (or sign their name) and leave with the merchandise. This is a card present purchase and fraudulent chargebacks in these situations are almost non-existent.
Agent-assisted automation technology is available for call centers that allows customers to enter their credit card information, including the card security code directly into the customer relationship management software without the agent ever seeing or hearing it. The agent remains on the phone, so there is no transfer to an interactive voice response system. All the agent can hear is monotones. This is the "card present" equivalent of "swiping" the card.
Before the purchase is submitted by the agent, the purchase amount is played back to the consumer along with the last four digits of the card. The consumer is asked to confirm their purchase by providing a verbal signature, which is recorded.
Finally, an email is sent to the consumer with the purchase information and an attached audio file of their verbal signature.
Regardless of the outcome of the chargeback, merchants generally pay a chargeback fee which typically ranges anywhere from $20 to $100.[9] A 2016 study by LexisNexis stated that chargeback fraud costs merchants $2.40 for every $1 lost. This is because of product-loss, banking fines, penalties and administrative costs.[10] A 2018 study by the Aite Group on charge back costs, stated that U.S. CNP fraud losses for 2017 were $4 billion and estimated that by 2020 they would rise to $6.4 billion.[11]
The international card payment schemes define rules where the liability shift to the issuing bank of the card becomes liable for the payment if the merchant applied the provided 3D Secure Authentication Method. For payments within the EEA the liability between the payment service provider of the payee and payment service provider of payment service user is regulated.[12]
The proliferation of online payment methods, including mobile apps, and the increasing sophistication of the fraudulent actors, including bots, have made the task of detecting and preventing charge back fraud, particularly online, more complex. According to a 2018 Gartner report on online fraud, retailers are increasingly turning to machine-learning based (or AI) fraud prevention system to make rapid, effective risk decisions.[13]