Uniting the industry to solve friendly fraud/first-party misuse

Friendly fraud, which is also known as first-party misuse, has been a long-standing issue in the payments industry. Can you describe the state of friendly fraud within the wake of the pandemic, how much it has increased and what verticals or regions have been more affected?

At the MRC, we’ve started referring to this issue as ‘first-party misuse’ as opposed to friendly fraud. The term ‘friendly fraud’ is a reference to the military phrase ‘friendly fire’. There’s nothing friendly about it. It’s also not fraud, so we believe the expression first-party misuse is more accurate. That’s what I’ll be using going forward, and I encourage others to do the same.

As for the impact of the pandemic on first-party misuse rates, it has been enormous. One significant change we’ve seen is that it’s no longer just the digital goods verticals being impacted. The problem has infiltrated physical goods as well.

Another startling fact sourced from our latest Global Fraud Survey, created in partnership with Cybersource, is that the #1 issue among all merchants is now first-party misuse. This is the first time that it's been the #1 concern. 

It’s very clear this problem needs to be addressed. That’s what we’re hoping to do with our upcoming summit and advocacy work.

This topic will be extensively covered during MRC's Friendly Fraud/ First-Party Misuse Summit on 9 November. Could you please walk us through the agenda and explain some of the major topics being discussed?

I believe this First-Party Misuse Summit will bring us together as an industry to find the next step toward solving the problem. I’m super excited!

We’re going to start by drawing attention to how much the issue has recently grown. We’ll hear from a panel of well-known merchants who will discuss how it has impacted their business, and from payment processing experts on how different verticals are being impacted in different ways.

We’ll be partnering with industry experts to highlight issues such as the way Excessive Fraud Merchant (EFM) monitoring programs are increasing fines for merchants, and how the misclassification of first-party misuse disputes as fraud is hurting merchants and ultimately the consumer.

We will also be outlining the MRC’s strategy, including our efforts to recode these troubled transactions as disputes and not fraud. We’re advocating transferring liability to the issuer, so they'll charge it back to the consumer.

Following that will be a focus group with Ethoca, the sponsor of the event, along with a variety of industry experts, including issuers, discussing what’s being done to solve this problem.

We’ll wrap up by talking to merchants about best practices for pushing back against consumers who are committing first-party misuse. 

Card networks, issuers, acquirers, and merchants all face this challenging problem. How can the relationships between all these parties be improved to bring down the rate of friendly fraud? Is there anything they can do beyond what they are already doing?

Right now, merchants are suffering the most from first-party misuse because they’re exposed to the most loss. The acquirers have little incentive to address this problem because they potentially receive revenue from a chargeback along with a possible fee.

The issuers have their hands tied. If a consumer says a dispute is fraud, and there isn't a clear definition of what is required to prove this, the issuer can get fined by their regulator for not honouring the fraud claim. This is partly due to extensive consumer protections in the US, the EU, and beyond.

If there is an obvious repeat offender the issuer can act, but otherwise, the cost is often too high. Providing evidence such as IP addresses and location or device IDs requires extensive knowledge on the part of the consumer and the employee managing the chargeback. It’s often just not practical.

The card networks are trying to address the issue, but they're in the unique position of having to appease all the stakeholders in this four-party system, which complicates things.

The answer? Regulators are going to have to step in and create laws that help solve this problem. 

This type of fraud is mainly associated with transactions made via cards. But how is the dispute scenario changing when cards are not involved and there is, for example, an account-to-account transaction?

First-party misuse is mostly unique to the credit card industry because of the aforementioned consumer protections. 

To compare: if you initiate a transaction with a P2P system or a cryptocurrency, there is no dispute process. It’s essentially the same as cash, which means there is practically no consumer protection built in.

Regarding the new chargeback rules from Visa and Mastercard, what changes must merchants and issuers make to their chargeback management strategies?

In a nutshell, merchants, acquirers, and issuers are starting to decline more good transactions to keep the fraud counts down, and to stay below the thresholds that trigger excessive fees. That's bad for the consumer, and it results in a very poor customer experience. Everyone is losing right now, which is why we need to find a better way.

What advice would you give to merchants to fight friendly fraud and win disputes in a timely manner, so their revenue is not affected?

There are no guarantees, but the MRC has worked with issuers to identify evidence that can increase the likelihood of winning. If you have two transactions that are over six months from the date of the disputed transaction, in addition to two common elements such as the IP address, device ID, or device location, you are more likely to win that chargeback or dispute. 

Even so, it’s no guarantee, because the issuer ultimately decides.

The best answer here is for merchants to have strong policies in place to react to perceived threats. That way, if first-party misuse does occur, they can stop repeat offenders, or at least convince them to go somewhere else.

About Julie Fergerson

Julie Fergerson, CEO of the MRC, has over 25+ years of experience developing, delivering, and promoting Internet-based technologies. She has a proven track record of bringing key stakeholders together to solve difficult problems and positioning existing technology to meet the needs of an audience without changing the fundamental value of that technology. Prior to her appointment as CEO of the MRC, Julie was Senior Vice President of Industry Solutions at Ethoca. 

About Merchant Risk Council

The MRC is a global membership organisation connecting ecommerce fraud and payments professionals through an educational programme, online forums, career development, conferences, and networking events. As a non-profit organisation the MRC encompasses a membership network of over 500 companies, all focused on fraud prevention, payments optimisation, and risk management. The MRC is headquartered in Seattle, Washington.