Despite the effort to alleviate fraud through EMV technology, recent statistics reveal an increase in fraud exposure for certain merchants.
New criminal techniques have combined with evolving consumer behaviors, leaving merchants at a distinct disadvantage.
EMV (Europay, MasterCard® and Visa®) cards contain tamper resistant chips, which are embedded to store and protect cardholder data. Aside from the chip itself, the cards also generate cryptograms, or essentially text written in code, alongside the traditional primary account number and expiration date associated with the card.
These chips and cryptograms make it nearly impossible for criminals to capture sensitive cardholder information or create counterfeit cards. However, the new technology hasn’t eliminated merchants’ risk of fraud.
While the liability shift of EMV is working to secure a safer card-present environment, online merchants are dealing with the aftermath as previous card-present criminals now flock to online channels. These new EMV-thwarted criminals are mixed up with fraudsters that act, behave, and factually are legitimate cardholders.
Online merchants are not novices to traditional fraud hacks and criminal fraud attempts. They face threats from botnets, location manipulation, account takeovers and data breaches. However, because of friendly fraud, e-Commerce merchants are realizing their defenses are anything but robust.
Evolving consumer trends combine with new loopholes created by the fact that less than 50% of US merchants are EMV-ready is quickly adding to this negative growth trend.
One of the most significant barometers of card payment fraud is chargebacks, a growing pain point for both issuers and acquirers alike. A chargeback occurs when a cardholder disputes a credit card transaction by filing a claim with the issuing bank.
When a chargeback is filed, the merchant’s bank account is automatically debited. The cardholder is provided a temporary refund pending an investigation period of approximately 45 days During this time, the merchant has the right to refute the chargeback or accept it by default of doing nothing.
The goal of chargebacks is to protect consumers from unauthorized purchases, ultimately increasing and securing improved adoption rates and cardholder retention. This is accomplished because cardholders who feel safe and secure spend more, more often.
However, the disproportionate growth rate of chargebacks to transactions may prove a hidden agenda is also under way, another industry nemesis that goes by the name of friendly fraud.
Chargebacks can be linked back to three primary sources:
Criminal fraud; and
Friendly fraud (also known as chargeback fraud, family fraud, cyber-shoplifting and buyer’s remorse).
According to a report by DigitalTransactions.net, there has been a 15% increase in overall chargeback volume and a 50% rise in card-present chargebacks since the liability shift. The current surge of chargebacks has baffled many credit card issuers and merchants, with the online community getting hit worst.
Speculation based on recent statistics suggests consumers are making the connection that purchases made with a merchant who cannot process an EMV card qualify for a chargeback under the claim that the transaction was technically “unauthorized.” Some industries are affected worse than others, with many stores reporting repeat abuse.
A new form of friendly fraud has tiptoed into storefronts. Chargebacks filed against merchants that are not EMV compliant offer no recourse and grant an immediate refund to the cardholder without merchant rebuttal rights.
Logic suggests that the default incentive for this type of activity, where no criminal consequence exists, ends with eminent growth — something the industry has come to know as evolving fraud.
The bottom line is this: while EMV may hinder counterfeiters, the latest reports prove that criminals — and consumers — are still exploiting many different ways to commit fraud.
Merchants not only have to address criminal fraud, but they’re finding that lost/stolen card fraud and non-receipt fraud are often committed by cardholders themselves.
In order to address these issues, a multi-layered approach is needed. This includes tools and strategies that help identity a person’s location and further validate their authentication working behind the scenes to help reduce evolving threats. However, tackling the issue of illegitimate chargebacks risks cardholder loyalty and may sacrifice a century-old mantra, “the customer is always right.”
What else can be done to prevent crime? The biggest onus falls into the lap of the merchant. While a third-party firm can assist with minimizing potential fraud risks from known criminal components, tackling the types of friendly fraud requires a different approach.
Retailers who have physical store locations are encouraged to update their terminals to accept EMV cards; not doing so creates additional risk as they can become easy targets for criminals who may be savvy enough to exploit current weaknesses.
For online merchants, proactive attention is best. Chargebacks bring additional liabilities and require focused effort on preventative strategies, in addition to effective rebuttal processing.
While friendly fraud may be the industry’s Achilles heel, best practice methods are still the best bet for avoiding common mistakes, which often means learning from past history as well. Using best practices goes well beyond customer service policies or strong authentication.
In today’s world of rapidly advancing technology and evolving fraud risks, best practice methods also include an acute awareness of common red flag items — those found to have a higher propensity for chargebacks. These may differ from merchant to merchant, such as:
Bulk orders that are out of the normal range for a typical transaction;
High ticketed items for new customers;
Multiple orders made within a short period of time;
Different billing and mailing addresses with different names;
Orders that are demanding a rush order or overnight delivery for large or unusual items; and
Multiple orders made with different cards, but each one utilizing the same mailing address
When it comes to understanding the source of the problem, whether EMV, merchant error or cardholder related, a better understanding of fraud incentives is paramount. Chargebacks are a symptom that increases costs, decreases profits, restricts freedoms and flexibilities, and eventually renders harm to every member in the value chain through inflation and friction.
Being proactive is still the best policy, but collaborating intelligently with a goal to leverage historical insight for collective improvements is even better. The problem is not issuer against acquirer, cardholder against merchant, or industry against industry. Where fraud is involved, we all share one common enemy — the evolution of a faceless crime; it is us against it.
Monica Eaton-Cardone is the co-founder of Chargebacks911, which offers both response and resolution services for chargebacks and cardholder disputes. The company works with merchant clients to help them keep their dispute rates down, with source detection software that helps identify and predict chargeback and fraud trends to recover associated lost revenue.