Not-so-friendly fraud

E-retailers look for ways to combat consumers disputing charges for web purchases.

Thad Rueter

Talk to an e-retailer about so-called "friendly fraud" and you'll likely come away with a version of this: Some consumers, accustomed to the generous, 90-day, few-questions-asked online return polices offered by retailers such as Wal-Mart Stores Inc. and Costco Warehouse Corp., think little of using a product they've purchased, then returning it to the merchant for a refund. The merchant absorbs the loss, all but certain that challenging it will result in wasted time and eventual defeat.

One U.S.-based e-retailer, who sells both in the United States and abroad, makes that complaint with vigor. Like all e-retailers interviewed for this story, this merchant demanded anonymity so as to not make trouble with payment card processors or issuers, or customers. This relatively small web merchant estimates that friendly fraud accounts for 40% of its chargebacks and more than $100,000 in lost revenue annually.

While hardly "friendly," what's generally referred to by retailers and the payments industry as friendly fraud occurs when consumers dispute seemingly legitimate charges made to their credit cards. This may happen for various reasons: a consumer may want to wriggle out of paying for product, may be unaware another household member made the purchase or may have forgotten about a transaction he made and think it is an illegitimate charge.

Friendly fraud accounts for about a fifth of the fraud experienced by online merchants, according to a recent report from LexisNexis. Experts say that lowering that fraud rate requires e-retailers to figure out ways to communicate better with customers, clarify and communicate customer service polices and sometimes fight back.

Enough merchants have done so, and have shared their tactics, that one payments expert anticipates positive movement in the coming years. "It will decrease," predicts Karisse Hendrick, e-commerce fraud and payments program manager, Americas, for the Merchant Risk Council, a Seattle-based industry group that promotes e-commerce payment security. She says improving communications between retailers and consumers, along with an improving economy, will make fewer consumers seek chargebacks.

She bases her optimism largely on the talks she regularly has with web merchants about fraud issues. Nonetheless, those merchants remain very concerned about friendly fraud, she says.

In a 2013 online fraud report from CyberSource Corp., a payment security and payment systems provider to dozens of e-retailers ranked in the 2013 Top 500 Guide, 59% of surveyed merchants, all of which had annual e-commerce revenue of $25 million or more, reported that they thought friendly fraud had increased over the past two years. Friendly fraud ranks third—behind account takeovers and "clean fraud" (the industry term for fraudulent transactions that appear legitimate and slip past merchant checkpoints)—among perceived fraud threats.

Survey results in the "LexisNexis Trust Cost of Fraud Study" from September 2013 suggest friendly fraud in the United States accounts for 18% of fraud suffered by merchants. That's unchanged from 2012 and down from 19% in 2011 and 20% in 2010, when the economy was worse than it is now. While the friendly fraud rate is relatively steady, this type of fraud still poses a significant risk to e-retailers.

Online merchants can incur chargebacks for instances of friendly fraud, and for other reasons, including legitimate disputes over purchases the retailer doesn't resolve to the consumer's satisfaction, transaction errors and instances when thieves steal a consumer's identity and make purchases. A friendly fraud chargeback, however, typically looks like this: A cardholder calls his card issuer and disputes a charge made to his account. That bank debits the charge from the merchant's account. The bank then informs the retailer of the chargeback, which the retailer can accept or dispute. A merchant who disputes the chargeback then gathers evidence that shows the transaction was legitimate and sends its version of the case to the processors and issuer. If the merchant wins, its account is credited for the original amount. "The merchant can be credited the amount only if the dispute is found in its favor, after presenting the necessary details that the cardholder was aware or participated in the transaction," Hendrick says.

Based on her research, Hendrick estimates that friendly fraud can account for between 25% and 40% of e-retail chargeback volume. Another payments executive, Monica Eaton-Cardone, co-founder and chief operating offering of Chargebacks911—which for a monthly fee starting at $500 helps retailers avoid and challenge chargebacks—says that for some clients, up to 70% of their chargebacks stem from various forms of friendly fraud.

Merchants are becoming more diligent about policing chargebacks, Hendrick says. "Merchants have been looking under their couch cushions for more money over the past couple of years," she says. And any chargeback activity costs retailers more than the original payment if it isn't resolved in their favor. Payment processors charge merchants fees ranging from $5 to $25 per chargeback. "If a merchant has an overall chargeback rate in excess of 1% of its sales volume [each card brand has different criteria], a merchant can be assessed 'excessive chargeback fees' that can go into the hundreds of thousands of dollars," Hendrick says.

E-commerce's very nature makes friendly fraud tempting for consumers, not all of whom consider themselves thieves, according to Eaton-Cardone and others who have asked consumers why they commit it. Subscription-based e-retailing—where consumers who opt in pay a regular fee to receive regular shipments—for example, has generated a rise in chargeback activity. Consumers can easily say they forgot to cancel a shipment, and take up their complaints with their card issuers, which, merchants grumble, are loath to rule against cardholders. Merchants interviewed for this story generally expressed fatalistic attitudes toward challenging chargebacks, all but certain they will lose. (Neither the Visa or the MasterCard Worldwide payment card networks agreed to comment for this story.)

"With the growth of the Internet, you have a significant amount of transactions that are completely faceless, and it's easy to contact your [card issuer] to get what amounts to a refund," Eaton-Cardone says. "We are not talking about consumers who are vicious or malicious. They just have no idea that doing this has a consequence [for merchants], that a chargeback is black mark on a merchant's record, and that a merchant can get a fine."

When a merchant decides to challenge a chargeback—a process that involves not only the merchant but its processor, the consumer's issuer and the relevant payment card network—it must provide evidence that disputes the cardholder's claim. Claiming they never got their order is one of the main excuses consumers use when lodging complaints against e-retailers, experts say. If the e-retailer can show evidence that the package was delivered to the cardholder's shipping address and signed for, it may win its claim. "The seller has to create an impression that the buyer would fail in the dispute," says Susan Oliver, vice president of risk at online payment processor 2Checkout.com Inc.

But not all retailers want the expense of requiring delivery confirmations on all orders. UPS Inc. charges $2 for delivery confirmation, according to its 2014 rate card—that service includes an e-mail sent to the shipper with the delivery time and date, the name of the recipient and, in the event of a return, the reason for it. If UPS has to collect a signature with delivery, the cost can be as high as $4.90. And those rates keep going up: UPS increased its delivery confirmation charge by 12 cents in 2014, and increased its charge for collecting an adult signature by 15 cents.

Another way to build a defense against chargeback complaints is to add a layer of customer service. Retailers selling pricey items, such as jewelry and electronics that can easily be sold for cash, may want to contact consumers via phone or e-mail to verify purchases and deliveries to reduce the risk of friendly fraud, experts say. Other sellers can send e-mail confirmations immediately after delivery, including such information as the retailer's customer service number, the purchase amount and other information that backs up the transaction. According to Internet Retailer's Top500Guide.com, 183 e-retailers in the Internet Retailer 2013 Top 500 Guide offer estimated delivery dates to customers, and 337 offer shipment tracking—little reminders, experts say, that could help prevent forgetful consumers from later disputing transactions.

Retailers also can simply make their terms and conditions clear on their e-commerce sites to help plant the idea in a shopper's head that this is a real transaction that can't be ignored. Having a prominently displayed customer service number that is answered 24/7 can also reduce the chances that displeased or semi-devious consumers will contact their banks to dispute charges. "As many card issuers have moved to web-based customer service, it's easier to log on and open a dispute case," Oliver says. "Consumers go for the path of least resistance."

One smaller, newer online retailer based in Chicago who sells homemade arts and crafts via the Etsy Inc. online marketplace, among other sites, has yet to experience any major fraud with her online customers. But one instance of friendly fraud from a year ago—a customer claimed to have not ordered a $25 item, forcing the seller to eat the charge—led her to include brief, handwritten thank-you notes on her business cards with shipments. Her hope is that the personalized touch would jog any faulty memories and make sure customers know there is a person behind the products.

The larger e-retailer who believes other retailers' liberal return policies spoil consumers plans to take a stab at the "more information" approach. The merchant says it will soon prominently display information about its 30-day return and refund policy on its site.

Those steps won't deter professional criminals. But these retailers are hoping that friendly messaging can persuade otherwise law-abiding shoppers from trying their hand at friendly fraud.




E-retailers hope CVV2 codes save them from fraud

So-called "friendly fraud" will continue to vex e-retailers for the foreseeable future, but the threat of account takeover looms even larger.

Criminals who steal consumer payment and personal data, then use that information to place orders, account for 40% of e-commerce fraud, according to a recent Forrester Research Inc. report. The data breaches that hit retailers including Target Corp. (with information of up 110 million consumers affected), The Neiman March Group Inc. (some 1 million consumers) and Michaels Stores Inc. highlight the danger. And while retailers and processors can give no firm evidence that those breaches have resulted in escalated fraud for e-retailers, web merchants have also come under attack: Easton-Bell Sports in January says criminals broke into a server operated by a vendor that contained web shoppers' payment information.

The burdens of such crimes are potentially significant: a research note from Wells Fargo Securities in February estimated that the Target data breach could cost the chain between $330 million and $550 million. Unaffected merchants could suffer, too. 50% of consumers who are victims of fraud say they would avoid "smaller" online merchants—those with less than $1 million in annual sales—while 19% would avoid larger e-commerce operators such as Amazon.com Inc. and eBay Inc., according to the "2013 LexisNexis True Cost of Fraud Study."

Top 500 e-retailers are aware that a data breach anywhere negatively affects them all. "When a breach happens it can lead to consumer fear around the safety of their personal information," says an executive of one web-only merchant who requested anonymity. The executive—like others contacted by Internet Retailer—reported no special alerts from his processors, nor any notable increase in fraud in the wake of the breaches. Perhaps that is because he relies on CVV2 codes printed on the back of payment cards for protection. CVV2 codes are three or four digit numbers many e-retailers require consumers to enter with their payment details. They are supposed to help lower the risk of fraudulent transactions because having the codes is an indication that the consumer physically has the card in hand.

79% of e-commerce operators in the United States ask for those codes when customers place orders, according to CyberSource Corp. That means that 21% of online merchants have a potential weak spot because they don't ask for those codes before allowing an online purchase to go through. So far, there is no indication that criminals stole those codes from Target or the other chains.


Authorize.Net (www.authorize.net)
The Authorize.Net Payment Gateway enables merchants to accept online payments safely and easily, offering value-adding products, free customer support, free fraud detection tools and a free verified merchant seal. Learn more.


chargebacks, credit cards, Friendly fraud, online payments, payment security