Fighting fraudsters is tough work for financial institutions (FIs) and merchants and the job becomes even harder when the fraudster is a customer.
Consumers initiate disputes with FIs for a variety of reasons. They may have a legitimate issue with the merchant, such as misrepresentation of the goods/service, a quality issue, or an item not received. Some disputes occur because consumers do not recognise a purchase due to confusing merchant names or transaction amounts on their statements. There are also disputes in which consumers are fully aware of making the purchase but are untruthful with FIs and claim they did not make the purchase to avoid financial liability. This abhorrent consumer behaviour goes by many names— first-party fraud, first-party misuse, and friendly/consumer fraud. Though rarely used, the term cyber shoplifting accurately describes it as well.
Some consumers have come to learn the three magic words: ’do not recognise’. They call their FIs to dispute charges and use these words to avoid paying for the good or service. Card network rules determine who assumes the financial liability for the transaction. Usually, FIs are liable for card-present transactions, and merchants are liable for card-not-present transactions, though exceptions exist.
These unscrupulous consumers are wreaking havoc on FIs and ecommerce merchants by falsifying their disputes, which all too often turn into chargebacks. First-party fraud chargebacks hurt FIs and merchants in several ways:
Costs: These include network fees related to chargebacks, staffing costs to process the chargebacks, and IT costs to maintain the chargeback system, including enhancements specified in biannual network mandates. Ecommerce merchants have the added loss of goods or services that cannot be recovered and shipping fees.
Time: Processing a chargeback is time-intensive for FIs and merchants, requiring staff to research the transaction, determine if they have chargeback rights, and whether first-party fraud is suspected. If the merchant decides to challenge the chargeback, it must compile supporting documentation to send to the FI as to why it believes the cardholder performed the transaction.
Labour: Staff needs to be trained to perform these functions. Unfortunately, turnover in the dispute intake and processing areas is high. FIs and merchants also consider chargeback processing a non-value-added function that must be supported as part of issuing and accepting credit and debit cards. They prefer to deploy these headcounts on more productive activities to advance their businesses and enhance consumer services.
This form of fraud is also an opportunity where collaboration between FIs and merchants (especially ecommerce merchants) can provide mutual benefit.
Ecommerce merchants commonly have a treasure trove of user data when users log into their online accounts. That data can include user account names, device information, behavioural and physical biometrics, and location data. For example, suppose a consumer has made 10 purchases from the same merchant using the same device, same account name, same IP address, and same card number yet only disputes one transaction and not the other nine. In that case, there is strong evidence that the FI can use to challenge the consumer and potentially reject the dispute.
In 2022, Visa announced a programme called Compelling Evidence 3.0 (CE3.0), in which a merchant can provide certain data elements to the FI to refute the dispute/chargeback and avoid financial liability. Those data elements include some combination of IP address, device ID/fingerprint, user ID, and delivery address. The data elements associated with the disputed transaction must match two successful prior consumer purchases with the merchant. CE3.0 officially launched in April 2023, and industry support is gaining traction. In a Q3 2023 survey of 200 ecommerce merchants in the US and UK, 45% reported supporting or planning to support CE3.0 within the next year. While no announcement has been made yet, Mastercard is expected to announce a similar programme.
FIs have developed systems to detect consumers possibly attempting to commit first-party fraud and will challenge them, but historically, they have lacked definitive data to prove it. In a Datos Insights survey of 16 FIs across the UK and the US, 11 FIs indicated they would definitely leverage the data from merchants to contest the dispute with their consumers. Three FIs indicated they probably would.
Device fingerprinting technology is another tool that can be used to combat first-party fraud. These solutions provide a rich data set about consumers, including their mobile phone and PC/laptop devices, such as device ID and IP address. These unscrupulous consumers tend to be digitally savvy and likely to be users of online and mobile banking systems – the same devices they use to make ecommerce purchases. FIs and merchants can preserve this data to build digital fingerprints of their consumers, which can effectively prove that the consumer made the transaction and provide the evidence to reject the dispute.
In surveys on potential benefits of programmes like CE3.0 and the improved data sharing mechanism it supports, FIs and merchants report the following:
Improvement in machine learning model performance: 91% of merchants and 62% of FIs expect model performance to somewhat or significantly increase. Today, firms lump first- and third-party fraud into a general classification. However, this confluence of data hinders the performance of the models. Organisations can develop more accurate models with unique tagging of first-party vs. third-party fraud. For example, for a suspected first-party fraud transaction, a merchant could require additional levels of stepped-up authentication to confirm the purchaser’s identity, thus making it more difficult to claim it was fraudulent.
Reduction in chargeback volume: 85% of merchants and 75% of FIs expect the number of chargebacks they receive will somewhat or significantly decrease. This would lower labour and expenses for all parties.
Rise in ecommerce authorisation approval rates: 80% of merchants expect authorisation approval rates will somewhat or significantly increase. Card-present authorisation approval rates are in the mid-90% range, while card-not-present authorisation approval rates are in the low 80% range. For many years, increasing CNP authorisation approval rates has been a goal of merchants, FIs, and card brands. Any industry initiative that positively impacts this would benefit the ecommerce market.
First-party fraud has been a growing issue for years. Through industry initiatives such as CE3.0 and the rise of passive authentication tools such as device fingerprinting, merchants and FIs can finally gain an advantage in this fight.
This editorial is part of The Paypers' Fraud Prevention in Ecommerce Report 2023-2024, the ultimate source of knowledge that delves into the world of fraud prevention, revealing the most effective security methods for companies to stay one step away from bad actors and secure their businesses.
David Mattei is a strategic advisor at Datos Insights. He has over 20 years of payments industry experience working with merchants and FIs on fraud and disputes, giving him a unique industry perspective. Prior to joining Datos Insights, David was VP of Product Management for Worldpay, leading a team responsible for fraud and chargeback solutions for 1,400 FIs and one million merchants.
Datos Insights delivers comprehensive and industry-specific data and advice to the companies trusted to protect and grow the world’s assets, and to the technology and service providers who support them. Staffed by experienced industry executives, researchers, and consultants, we support the world’s most progressive banks, insurers, investment firms, and technology companies through a mix of insights and advisory subscriptions, data services, custom projects and consulting, conferences, and executive councils.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now