Failing to prevent criminal fraud makes it harder to address other threat sources that can potentially cause chargebacks.
If you’ve operated in the eCommerce space for any significant length of time, you’re probably familiar with credit card disputes, commonly known as chargebacks. These bank-level payment reversals are more than minor inconveniences. Each chargeback results in lost revenue and added fees. Over time, they may even constitute a long-term threat to your business’s survival.
In this article, we’re going to address why chargebacks happen. We’ll also discuss a key reason why many merchants fail to effectively manage them and highlight why preventing fraud attacks is an essential first step for any successful chargeback management strategy.
Why Do Chargebacks Happen?
Every chargeback issued comes with a reason code that is meant to explain the dispute. However, these reason codes are not reliable indicators. The truth is that we can trace all chargebacks to one of three fundamental sources regardless of the code attached:
- Third-Party Fraud: Criminal activity; this covers all third-party fraud attacks involving a bad actor who impersonates a legitimate user to make fraudulent purchases.
- Merchant Error: This covers any kind of misstep in policy or procedure on your part that might result in a chargeback.
- First-Party Fraud: Friendly fraud; these attacks involve a cardholder who completes a transaction, then requests a chargeback without a valid reason to do so.
You must be able to source disputes before you can take any steps to address chargebacks. This is because each chargeback source calls for a radically different, yet interconnected solution.
For instance, let’s say you have trouble with cardholders engaging in friendly fraud. If you try to handle the problem by treating these chargebacks like third-party criminal fraudsters, you will only waste resources and increase friction, with no real impact on disputes.
It would be even worse, though, if you receive chargebacks resulting from criminal fraud, but assume they’re cases of friendly fraud. In that case, you could end up re-victimizing a cardholder who’s already lost money to criminals, while the actual fraudster proceeds without consequences.
Looking Beyond Reason Codes
Each chargeback issued by a bank comes with a reason code. These codes are meant to explain why the chargeback was filed. Why, then, are reason codes so ineffective at determining chargeback sources? The problem lies in friendly fraud itself.
When a cardholder engages in friendly fraud, whether intentional or by accident, they’re essentially making a false claim. The bank takes this claim at face value, though, and files a chargeback against you. The bank then attaches a reason code to the dispute that does not necessarily reflect the real situation at hand.
Let’s give an example; imagine a Visa cardholder. Now, a close family member of the cardholder, like a child or spouse, has access to the card in question. The family member completes a purchase without the cardholder’s knowledge, and when that transaction shows up on the cardholder’s statement, they assume it’s an unauthorized purchase and request a chargeback. The bank files a chargeback, attaching Visa reason code 10.4 (Other Fraud – Card-Absent Environment) to the case.
This is just one example of a limitation tied to the existing reason code-based system. In a broader sense, though, it illustrates why you can’t rely on reason codes to pinpoint issues. You have to treat chargebacks as a holistic problem and address both pre- and post-transaction threats as part of a broader strategy.
Pre- and Post-Transaction Chargeback Mitigation
A lot of merchants run into trouble with segmenting first- and third-party threat sources. The problem is that criminal fraud is pre-transactional in nature, while friendly fraud is post-transactional. You can prevent criminal attacks by identifying bad actors during the transaction process, but to “prevent” friendly fraud is a lot harder without good fraud prevention measures in place.
Further complicating matters is the fact that merchant error can be either pre-or post-transactional. For example, the way you handle customer service after a transaction can impact chargeback issuances as much as the billing descriptor that you set before ever making a sale. That’s not to say there’s a clear divide between these chargeback sources, though.
It’s helpful to think about chargeback threat sources as a spectrum. We have deliberate merchant fraud on one end, and deliberate cardholder abuse (or “cyber shoplifting”) on the other. In between lies a broad expanse of threats that may be preventable, and which overlap to a considerable degree. There’s a strong correlation between friendly fraud and merchant error, for instance. Many chargebacks have some element of both.
To illustrate, let’s assume that a cardholder files a chargeback because they couldn’t recognize a legitimate purchase on their billing statement. The buyer should have tried to contact the merchant first, which suggests it’s friendly fraud. However, the merchant should have had a clear, identifiable billing descriptor, which is indicative of merchant error.
This vagueness surrounding chargeback sources can be extremely confusing. It’s also a problem because it produces inaccurate data about chargebacks, which can lead you to deploy an ineffective strategy. This creates a feedback loop, making it harder and harder to protect your business.
How to Build a Better Chargeback Management Strategy
You want to divide chargebacks into two buckets: ones you can prevent through preemptive means like criminal fraud management, and ones you can fight through representment. But, as we outlined above, it’s not that easy. You must take these interconnected threat sources and build out a strategy that addresses all three in a coordinated way.
Step 1: Prevent Third-Party Fraud
You can prevent most third-party fraud attacks with the right tools and tactics in place. This is where you need to start if you’re looking for the best, most comprehensive approach to segment chargebacks.
You can adopt anti-fraud tools to target known red flags, including:
- Geolocation
- Device Fingerprinting
- Velocity Limits
- Address Verification Service (AVS)
- Fraud Blacklists
- CVV Verification
- 3-D Secure Technology
Most of the time, though, you need some degree of third-party support to restrict actual fraud chargebacks. At Vesta, we can help by facilitating better, more accurate fraud detection and customer authentication without causing a surge in costly false declines.
We’re able to do this because of our highly sophisticated machine learning models, which can instantly draw connections between disparate transactional data points and determine whether a transaction is fraudulent in real-time. Our solution guarantees every transaction that is approved, in order to completely take the burden of fraud off your shoulders so you can focus on what matters most – growing your business.
Step 2: Minimize Merchant Error
There are a multitude of potential errors and friction points that may result in a chargeback claim. Resolving these problem points will generate valuable operational insights. Some of the most common include:
- Customer service missteps, like making live service harder to access.
- Unclear shipping and return policies.
- Not auditing product pages for accuracy and ease of use.
- Not matching chargebacks to sales records.
- Not maintaining clear and accurate records.
These are just a few examples. To thoroughly test your system to determine whether you have any risks for merchant error you need to try shopping your own store, testing customer support channels…in effect, conduct a top-down audit of every aspect of your business. This is the only way to pinpoint errors that might cause chargebacks.
Step 3: Refute Friendly Fraud
Once you’ve (more or less) ruled out criminal fraud and merchant error, you can be a lot more confident in refuting chargebacks…even if they have a reason code usually connected to fraud.
The chargebacks that fall into this bucket all result from post-transaction issues that are outside the range of merchant error. It could be that a buyer misinterpreted your policies or was confused by a specific aspect of the process. Alternately, the buyer might be engaged in deliberate cyber shoplifting.
Representment won’t undo the chargeback. Each dispute filed comes with a nonrefundable fee, and still counts against your chargeback ratio. That’s another reason to consider outsourcing fraud prevention and chargeback management to a trusted third party like Vesta. With Vesta, you don’t have to fight chargeback abuse. Through our advanced machine learning technology, we can stop fraud before it happens and identify bad actors that might slip through the door, helping you fight back against abuse and focusing on growing your revenue, while also improving the overall customer experience.
First appeared on Vesta’s Blog on E-Commerce Fraud.