08/08/2017
Fraud in eCommerce and how to deal with chargeback issues
Fraud in eCommerce has long since become a huge problem. The criminals are getting smarter and smarter each year, and new types of fraudulent behaviour are constantly invented. When we add the fact that there are other chargeback reasons which are not strictly related to fraud, it becomes clear that this is an issue that needs to be dealt with.
The chargeback cost is rather high, and companies often mark significant losses due to this occurrence. Not only that they write off the sale that has already been made, but they also have to pay the chargeback fee which leads to inevitable problems.
So, what is a chargeback, how is it related to fraud, and what is the chargeback process? Finally, how come this has become such an issue?
We will try to explain the entire process in this article: what the chargebacks are, why they happen, and how to protect from them.
Credit card chargeback is an occurrence when the customer disputes the purchase made and then requests the return of the money. This is often related to the eCommerce fraud, as most chargebacks are the result of fraudulent activity. Namely, the “customer” never really intended to pay for the goods or services, but had the intent to obtain unlawful financial gain from the transaction. Since the customers are protected by the credit card companies, the chargebacks are inevitable to happen, and the expenses in the end fall on the merchant, generating losses and hindering his business.
The most common types of fraud related to chargebacks are:
• Merchant fraud
• Credit card fraud
• Friendly fraud
• Refund fraud
• Stolen identity fraud
• Phishing
• Card testing
Merchant fraud
This is the type of fraud that is commonly used in marketplaces where the company is responsible for both the merchant and customer. In this case, the merchant lists an item they actually don’t have and have no intention of delivering it to the customer. When the transaction happens, the marketplace needs to compensate the customer. Al leading marketplaces have their own mechanisms for preventing this from happening, but these systems are not 100% proof. Although there is almost no chance that the merchant actually gets the money, and the account gets banned for this behaviour, the marketplace still needs to cover the costs of chargeback that occurred.
Credit Card Fraud
This is the most common type of fraud in eCommerce. Fraudsters use stolen credit card details in order to make purchases online. Sometimes they have obtained a physical credit card, and sometimes they came into possession of credit card details in electronic format. Whatever might be the case, they are able to make a payment using credit card details, and then it is up to the merchant to make sure the transaction is legitimate. In case they process the payment and the real owner gets notification that the transaction has been made via his stolen credit card, the law allows him to ask for a full refund, which results in a chargeback. There are various systems for preventing this type of fraud and we will mention them in a separate chapter.
Friendly Fraud
This type of fraud means that the customer asks for a refund, although he received the merchandise bought. They often wait for the goods to be delivered, and then claim their credit card was stolen and ask for a refund. This fraud is often referred to as chargeback fraud.
Refund Fraud
This is a type of fraud where criminals deliberately overpay the bill with the stolen credit card. After that, they claim that the credit card has been closed and ask for a refund of the surplus money they paid via other means of payment. In this case, the amount that is paid via other payment systems goes to the criminal’s pockets while the merchant is still responsible of refunding the original owner with the full amount, and is also due to pay chargeback fees.
Stolen Identity Fraud
This type of fraud is almost impossible to prevent. Some criminals manage to obtain the full set of data, and they are able to impose themselves as the real card owners. With all this data the fraudster obtains the goods using stolen credit cards and a stolen identity which makes detection extremely difficult. The merchant still has to refund the original owner completely.
Phishing
This method involves fraudster’s impersonation of the cardholder’s bank or other financial institution. The mail is being sent and in it there are requirements for leaving personal and credit card data. This method is often used to steal the identity and break into bank accounts.
Card Testing
This is a method where fraudsters use the websites that send exact reason codes in order to verify the stolen credit cards. In this way, they are able to determine all the data they need to make a credit card fraud on another website.
Each and every of these fraud types result in chargebacks. The only way to counter the issue is to use one of the eCommerce fraud prevention systems that are available for merchants to use. So, what are these tools that are at your disposal? There are 3 basic types of fraud prevention methods:
• eCommerce fraud detection systems
• PSP provided fraud prevention tools
• Fraud prevention managed service
eCommerce fraud detection systems
There are several good fraud detection systems and tools that can be found across the globe. These are companies that provide software which is able to analyse the transactions and make evaluation whether the transaction is fraudulent or not. They are directly connected to Visa and Master Card systems and include credit card chargeback history in the reports. They also provide the evaluation which is expressed in risk level percentage.
Using these tools can help merchants decide whether to process the transaction or not. In many cases, if there is a risk of fraud, but it is low to medium, the merchant requests the proof of identity and then makes the decision.
These types of software are specifically designed for eCommerce, so all of the leading eCommerce platforms have ready-made connectors for integrating fraud detection services into the merchant’s ecosystem.
These tools are able to reduce the fraud occurrence and amount of chargebacks to the minimum, but they are not able to fully eliminate them.
PSP provided fraud prevention tools
Most of the leading payment service providers have devised their own tools dedicated to fraud prevention, and these tools often come as a part of the service. It means that by integrating a certain payment service provider into your online shop you will immediately get to use their fraud prevention tool.
The problem with this approach is that not all PSPs have fraud prevention tools of the same quality. Some provide really great solutions that are on par with specialized fraud prevention systems, some offer those systems as a part of their service (fraud prevention companies and payment service providers have a contract that defines selling bundled services), and unfortunately, some have fraud prevention systems that are far from adequate.
It is necessary to get informed about the options you have before you decide whether there is a reason to buy additional services or the services PSP provides are sufficient to protect you on a satisfactory level.
Integrating any of these PSPs is a pretty standard thing and since they are necessary for any kind of eCommerce endeavour, these are the expenses that are already predicted in your web development budget.
Fraud prevention managed service
This is the most advanced and absolutely safe way to deal with fraud prevention in eCommerce. There are two types of the fraud prevention managed services, and they include fraud prevention management by the external agencies, or management by specialized fraud prevention vendors who also provide managed service based on their software.
In the first case, the managed service is provided by the full service digital agencies. These agencies often have a huge number of employees and they are specialized in providing their customers with everything they need for conducting business. In these cases the agency takes the chargeback risks onto themselves. They process the orders and they guarantee that the chargebacks if happen will be covered by their own financial assets. Of course, this service comes at the cost, and in most cases is defined by the percentage of total trade made via your eCommerce website. It should be considered by the merchants who have high chargeback occurrences, or by the merchants who wish to externalise their operations completely. That is a complete hands off approach that reduces the chargeback issues to zero, but the service is rather expensive, and the costs rise as the volume of sales increases.
There are also as we mentioned – specialized vendors for chargeback prevention who provide managed service. These cases are somewhat different than the previously mentioned scenarios.
These companies use the software of their own choosing to analyse the orders you receive, but they do not process them per se. Instead, they give recommendations in forms of simple messages – the transaction is approved or not approved. They also guarantee for the accuracy of their assessment, and if the chargeback happens despite their recommendation to carry out the transaction, they cover the expenses caused by it.
This type of managed service is ideally suited for retailers who wish to run their operations internally, but they do not have the capacity to make evaluations, the chargeback occurrences are often, or they simply want to be 100% sure there will be no problems with this issue.
Similarly as with the other type of fraud prevention managed service, this is a rather pricey option and requires in most cases percentage of the sales made to be dedicated to the fraud prevention agency.
These would be the basics about eCommerce fraud prevention and chargeback issues. The topic is of course, much more complex and not easy to comprehend, as it involves many parties and various different scenarios. When making a decision on how to manage fraud prevention for your own company, it is a good idea to consult the experts. By experts, we mean digital commerce consultancy agencies. They have all the knowledge concerning the issue, and no incentives to push you specifically towards any of the available solutions.
If you ask the fraud managed service companies, they will all advocate that their system is the best available. They will argue that the other systems are not sufficient and that they leave margin for errors and losses, and that only the managed service can provide you with everything you need to be chargeback free. The same thing will happen if you address full service web agencies to consult you on the issue. They have a direct interest to push you towards managed service and make extra revenue from your business. The vendors who provide analytic tools for fraud prevention on the other hand will argue that the price of managed service is too high, that it rises together with the volume of sales you create, and that there is no financial reason behind this. Finally, the payment service providers will most probably push their own solutions, no matter whether they have their own systems or they are collaborating with vendors specialized in fraud prevention.
This is the exact reason why you need a third party consultancy. These third party consultants have no reason to promote and push either of the aforementioned options, and they will be able to give you a proper suggestion based on your needs and the risks you are being exposed to.
Of course, the truth is somewhere between the opposite options, but that spot between two border defining dots is not the same for every company. It is necessary to take historical data into consideration, as well as geographies where your business operates (in some markets the frauds are literally blooming nowadays and form an entire illegal branch of industry), and the financial projection for each of the options. Only with the personalised approach in consulting you can get the evaluation that will be the best fit for your company and provide the best return on investment.