Chargeback fraud, also known as friendly fraud, cyber shoplifting [1] , or liar-buyer fraud, [2] occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. Once approved, the chargeback cancels the financial transaction, and the consumer receives a refund of the money they spent. [3] Dependent on the payment method used, the merchant can be accountable when a chargeback occurs. [4] [ better source needed ]
Friendly fraud has been widespread on the Internet, affecting both the sale of physical products and digital transactions. To combat digital transaction fraud, prepaid cards have been offered as an effective alternative to ensure customer payment. [5]
MasterCard was sued in 2003 by an Internet vendor for having credit card policies and fees that have made Internet vendors especially vulnerable targets of friendly fraud. Internet vendors typically have to pay much of the losses when a fraudulent transaction like friendly fraud occurs. [6]
In recent years, a new variant of friendly fraud, involving bank transfers as opposed to credit card payments, has been documented in Europe. SEPA credit transfers can be recalled within ten working days of settlement by the payer's bank. [7] While merchants may be under the (outdated) impression that bank transfers are permanent, this is no longer the case as the SEPA rules replaced domestic bank transfer schemes throughout Europe. Adding to the issue is that some receiving banks have handled SEPA SCT Recall requests without due care and are reverting payments without consulting the payee. This has allowed some payers to fraudulently recall bank transfers after having received goods or services from the payee. [8]
Online merchants who sell physical products cannot fully protect themselves. The only way to have concrete protection is to take an imprint of the card (and even with card readers/makers this can easily be duped), along with photo ID. That signature, in addition to information gathered online, can help in the resolution of chargeback disputes but contractually is no guarantee. Also, the merchant can request the card security code on the credit card to fight "Card absent environment" or "Card Not Present" (CNP) chargebacks. These are the three digit codes on the backs of Visa, MasterCard, and Discover cards, and the four digit code on the front of American Express cards.
Friendly fraud thrives in the digital products market where it is much easier for fraudsters to succeed. Common targets include pornography and gambling websites. [9] Attempts by the merchant to prove that the consumer received the purchased goods or services are difficult. Again, the use of card security codes [10] can show that the cardholder (or, in the case of the three-digit security codes written on the backs of U.S. credit cards, someone with physical possession of the card or at least knowledge of the number and the code) was present, but even the entry of a security code at purchase does not by itself prove that delivery was made, especially for online or via-telephone purchases where shipping occurs after finalization of the contract. Proof of delivery is often difficult, and when it cannot be provided, the cardholder gets the product without paying for it.
One method of combating friendly fraud is to create a feature in the product that checks in with the merchant's database. If a chargeback is issued, the merchant can tell the product to suspend service. This tactic will also work for digital subscription services or any other online product that requires updates or logins. The merchant will usually still be charged a fee for incurring a chargeback, so this is not a complete solution.
Another common channel for chargebacks is mail order/telephone order (MOTO) payment processing through a call center. In this case, as with the two others listed here, the main problem is that this is a card not present transaction. To help eliminate call center purchase chargebacks, call centers are working to make the purchases more like card present purchases.
When consumers walk into a store and buy something, they typically swipe their credit cards, confirm the purchase amount, enter a secret code (or sign their name) and leave with the merchandise. This is a card present purchase and fraudulent chargebacks in these situations are almost non-existent.
Agent-assisted automation technology is available for call centers that allows customers to enter their credit card information, including the card security code directly into the customer relationship management software without the agent ever seeing or hearing it. The agent remains on the phone, so there is no transfer to an interactive voice response system. All the agent can hear is monotones. This is the "card present" equivalent of "swiping" the card.
Before the purchase is submitted by the agent, the purchase amount is played back to the consumer along with the last four digits of the card. The consumer is asked to confirm their purchase by providing a verbal signature, which is recorded.
Finally, an email is sent to the consumer with the purchase information and an attached audio file of their verbal signature.
Regardless of the outcome of the chargeback, merchants generally pay a chargeback fee which typically ranges anywhere from $20 to $100. [11] A 2016 study by LexisNexis stated that chargeback fraud costs merchants $2.40 for every $1 lost. This is because of product-loss, banking fines, penalties and administrative costs. [12] A 2018 study by the Aite Group on charge back costs, stated that U.S. CNP fraud losses for 2017 were $4 billion and estimated that by 2020 they would rise to $6.4 billion. [13]
The international card payment schemes define rules where the liability shift to the issuing bank of the card becomes liable for the payment if the merchant applied the provided 3D Secure Authentication Method. For payments within the EEA the liability between the payment service provider of the payee and payment service provider of payment service user is regulated. [14] [15]
The proliferation of online payment methods, including mobile apps, and the increasing sophistication of the fraudulent actors, including bots, have made the task of detecting and preventing charge back fraud, particularly online, more complex. According to a 2018 Gartner report on online fraud, retailers are increasingly turning to machine-learning based (or AI) fraud prevention system to make rapid, effective risk decisions. [16]
A cheque or check is a document that orders a bank to pay a specific amount of money from a person's account to the person in whose name the cheque has been issued. The person writing the cheque, known as the drawer, has a transaction banking account where the money is held. The drawer writes various details including the monetary amount, date, and a payee on the cheque, and signs it, ordering their bank, known as the drawee, to pay the amount of money stated to the payee.
A direct debit or direct withdrawal is a financial transaction in which one organisation withdraws funds from a payer's bank account. Formally, the organisation that calls for the funds instructs their bank to collect an amount directly from another's bank account designated by the payer and pay those funds into a bank account designated by the payee. Before the payer's banker will allow the transaction to take place, the payer must have advised the bank that they have authorized the payee to directly draw the funds. It is also called pre-authorized debit (PAD) or pre-authorized payment (PAP). After the authorities are set up, the direct debit transactions are usually processed electronically.
A chargeback is a return of money to a payer of a transaction, especially a credit card transaction. Most commonly the payer is a consumer. The chargeback reverses a money transfer from the consumer's bank account, line of credit, or credit card. The chargeback is ordered by the bank that issued the consumer's payment card. In the distribution industry, a chargeback occurs when the supplier sells a product at a higher price to the distributor than the price they have set with the end user. The distributor submits a chargeback to the supplier so they can recover the money lost in the transaction.
An overdraft occurs when something is withdrawn in excess of what is in a current account. For financial systems, this can be funds in a bank account. In these situations the account is said to be "overdrawn". In the economic system, if there is a prior agreement with the account provider for an overdraft, and the amount overdrawn is within the authorized overdraft limit, then interest is normally charged at the agreed rate. If the negative balance exceeds the agreed terms, then additional fees may be charged and higher interest rates may apply.
A merchant account is a type of bank account that allows businesses to accept payments in multiple ways, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations. A high-risk merchant account is a business account or merchant account that allows the business to accept online payments though they are considered to be of high-risk nature by the banks and credit card processors. The industries that possess this account are adult industry, travel, Forex trading business, multilevel marketing business. "High-Risk" is the term that is used by the acquiring banks to signify industries or merchants that are involved with the higher financial risk.
Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner to access the funds in the customer's designated bank accounts, or through a credit account and make payments by electronic transfer with a payment terminal and access automated teller machines (ATMs). Such cards are known by a variety of names, including bank cards, ATM cards, client cards, key cards or cash cards.
An acquiring bank is a bank or financial institution that processes credit or debit card payments on behalf of a merchant. The acquirer allows merchants to accept credit card payments from the card-issuing banks within a card association, such as Visa, MasterCard, Discover, China UnionPay, American Express.
An ATM card is a dedicated payment card card issued by a financial institution which enables a customer to access their financial accounts via its and others' automated teller machines (ATMs) and, in some countries, to make approved point of purchase retail transactions. ATM cards are not credit cards or debit cards, however most credit and debit cards can also act as ATM cards and that is the most common way that banks issue cards since the 2010s.
Chargeback insurance is an insurance product that protects a merchant who accepts credit cards. The insurance protects the merchant against fraud in a transaction where the use of the credit card was unauthorized, and covers claims arising out of the merchant's liability to the service bank.
A controlled payment number, disposable credit card or virtual credit card is an alias for a credit card number, with a limited number of transactions, and an expiration date between two and twelve months from the issue date. This "alias" number is indistinguishable from an ordinary credit card number, and the user's actual credit card number is never revealed to the merchant.
Internet fraud prevention is the act of stopping various types of internet fraud. Due to the many different ways of committing fraud over the Internet, such as stolen credit cards, identity theft, phishing, and chargebacks, users of the Internet, including online merchants, financial institutions and consumers who make online purchases, must make sure to avoid or minimize the risk of falling prey to such scams.
Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.
An issuing bank is a bank that offers card association branded payment cards directly to consumers, such as credit cards, debit cards, contactless devices such as key fobs as well as prepaid cards. The name is derived from the practice of issuing cards to a consumer.
A credit card is a payment card, usually issued by a bank, allowing its users to purchase goods or services or withdraw cash on credit. Using the card thus accrues debt that has to be repaid later. Credit cards are one of the most widely used forms of payment across the world.
A payment processor is a system that enables financial transactions, commonly employed by a merchant, to handle transactions with customers from various channels such as credit cards and debit cards or bank accounts. They are usually broken down into two types: front-end and back-end.
Card schemes are payment networks linked to payment cards, such as debit or credit cards, of which a bank or any other eligible financial institution can become a member. By becoming a member of the scheme, the member then gets the possibility to issue cards or acquire merchants operating on the network of that card scheme. UnionPay, Visa and MasterCard are three of the largest global brands, known as card schemes, or card brands. Billions of transactions go through their cards on a yearly basis.
A card-not-present transaction is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over the Internet, but can also be used with mail-order transactions by mail or fax, or over the telephone.
A card security code is a series of numbers that, in addition to the bank card number, is printed on a credit or debit card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud.
In a credit card or debit card account, a dispute is a situation in which a customer questions the validity of a transaction that was registered to the account.