For over two decades, first-party misuse, also known as friendly fraud, has plagued the world of online payments and fraud prevention. Merchants have grappled with this challenge, trying to find solutions to protect their businesses and customers. The Merchant Risk Council (MRC), in collaboration with Visa, has taken a significant step forward in addressing this issue with the update of Visa's compelling evidence rules with the CE3.0 (Compelling Evidence 3.0) initiative. In this blog post, we will delve into the intricacies of first-party misuse and how this card brand rule update is reshaping the landscape of fraud prevention.
Understanding First-Party Misuse
First-Party Misuse is a deceptive form of fraud where a customer disputes a transaction that appears consistent with a pre-established relationship between the cardholder and the merchant. This type of fraud can be particularly elusive because it often involves legitimate customer information and patterns. Merchants typically look for commonalities across attributes like account/NameID, payment method, device ID, device name, device location/IP Address.
Imagine a scenario where the same account ID, payment method, and device ID have been used for months to purchase the same product without issue. Suddenly, a fraudulent dispute arises for a purchase with no apparent changes in these attributes. This is the challenging nature of first-party misuse. Year after year, friendly fraud ranks among the top fraud-related problems plaguing merchants of every size in every industry.
Source: MRC Global Ecommerce Payments and Fraud Report 2023
It is essential to distinguish first-party misuse from other fraud programs. Penalizing merchants for cardholders abusing the chargeback process not only creates an unjust burden but also adds operational expenses that could be avoided, benefiting all parties involved in the transaction cycle.
The Problem with Traditional Approaches
One of the key reasons first-party misuse has persisted is that traditional mechanisms for dispute resolution heavily favor consumers. Card rules and regulatory protections worldwide require that, unless the consumer's bank (the credit card issuer) can provide concrete evidence to the contrary, the consumer's claim of fraud is usually accepted, and the money is refunded within a short timeframe.
This ambiguity surrounding the consumer's intent, whether an innocent mistake or a hostile fraud attempt, leaves banks hesitant to challenge consumers without substantial proof. A report from industry analyst Aite revealed that 16% of consumers admitted to disputing charges they knew were theirs.
First-party misuse is a substantial problem for merchants, with 91% experiencing this type of fraud2, and for some, it constitutes a significant portion of their fraud claims. Digital goods merchants, such as those selling games and online services, are especially vulnerable, reporting up to 80% of their fraud stemming from first-party misuse. Even traditional retailers selling physical goods face the issue, with as much as 30% of their fraud claims attributed to this problem.
The Birth of Compelling Evidence 3.0
In partnership with Visa, the MRC has been working diligently to combat first-party misuse. We formed a subcommittee dedicated to this issue three years ago, which involved collaboration between issuer and merchant members to measure the problem's scale, identify crucial data fields, and work closely with Visa to create a standard solution. Representing the Voice of the Merchant™ for our merchant community, we asked for the following:
- Rails to present the information in real-time to the issuer
- These transactions to no longer be coded as fraud chargebacks), but to be reclassified as disputes (non-fraud chargebacks)
- Shift the liability from the merchant back to the consumer (via the consumer bank)
In 2021, a breakthrough was achieved with the launch of Visa's Compelling Evidence 3.0. This rule update empowers issuers to provide concrete evidence in near real-time to challenge consumer disputes. It proves a link between the disputed transaction and historical undisputed transaction, cementing its legitimacy. This prevents these transactions from being labeled as fraud chargebacks, shifting the liability back to the consumer's bank.
Merchants and The Required Data Fields
To leverage Compelling Evidence 3.0, merchants have two options:
Pre-dispute: Real-time deflection for confirmed first party misuse 10.4 disputes. This is achieved by providing transaction data to Visa to prove the legitimacy of the transaction.
Post-dispute: Merchants can follow the pre-arbitration process to represent confirmed first party misuse 10.4 disputes.
For both pre-dispute and post-dispute, data elements to benefit from the rule update include:
- IP Address or Device ID/Fingerprint
- One of the following:
- Item Information
- Customer Account/ Login ID
- Delivery Address
Eligible Transactions must meet the below criteria:
- Transactions must be settled between 120 and 365 days prior to the date of the disputed transaction.
- Transactions must not have been previously disputed as fraud.
- Transactions must be made with the same payment method (PAN or token)
- The transactions must have the same merchant descriptor
While adopting this technology may take some time and effort for merchants, it is a crucial step towards combating first-party misuse effectively. Several MRC solution provider members already offer this evidence in an automated real-time manner for their customers. We anticipate that, like any new fraud-fighting technology, mainstream adoption may take approximately three years.
Looking forward, we hope to see Visa and other card networks expand the evidence package and reduce the required transaction history duration. The MRC has initiated discussions with Mastercard and other networks, hoping to see widespread adoption of similar technologies across the industry.
First-party misuse has been a persistent challenge for merchants, causing financial losses and negatively impacting consumers. Thanks to the collaboration between the MRC and Visa, Compelling Evidence 3.0 represents a significant stride towards mitigating this problem. As this technology gains traction, merchants should consider it a vital component in their arsenal against fraud. Visa's commitment to improving the dispute process is promising, especially during economic downturns when first-party misuse tends to rise.
To learn more about Compelling Evidence 3.0 and its implementation, consider exploring the new online e-Learning course offered by MRC in collaboration with Visa. Merchants and solution providers alike should have this solution on their roadmap to fortify their defenses against first-party misuse.
Ready to arm yourself with the most up-to-date and innovative friendly fraud solutions? Enroll in MRC's Visa Compelling Evidence 3.0 eLearning course today (eligible for CPEs!).
Together, we can work towards a safer and more secure online payment environment, protecting both businesses and consumers from the scourge of first-party misuse.
2 MRC Global Ecommerce Payments and Fraud Report 2023