Chargeback Fraud: From the Flagrant to the Friendly
Member News
Blog
David Dubuque -- Pipl
Mar 08, 2021
Blog
For online merchants, nothing is harder on the bottom line than shipping an item, only to get a notification from the card issuer that the transaction has been disputed by the customer, who claims that their shipment never arrived.
Chargebacks. They are more than just a hassle: Whether the dispute is legitimate or the result of fraud, fees that range from $15 to $40 eat into profits. If the dispute makes it all the way to the arbitration phase, merchants can expect to pay a fee of up to $400. What is more, when chargebacks exceed 0.9 - 1.0% of the merchant's total sales volume with the credit card company, they will be placed on a chargeback monitoring program, subjected to a $5000 fine, and may even face a possible termination of their relationship with the card processor.
Needless to say, it pays to take steps to prevent chargebacks, and to be quick to address and investigate them when they do occur.
In this blog, we will take a look at some of the leading causes of chargebacks and what can be done to mitigate them.
Rerouting fraud
This type of fraud comes in two flavors.
In the first type, the scammer uses a stolen credit card to place an order. Because the credit card information they purchased on the dark web is what criminals refer to as a "fullz" -- the credit card number plus all of the information necessary to make a purchase is present -- the fraudster will have the billing address associated with the card. They will present this address to the merchant as the shipping address. When the scammer has received notification that the package has shipped, they will contact the shipper and change the address. The true owner of the card will, of course, dispute the charge. Because of credit card companies' zero-liability policies, the merchant will lose both the product they have shipped and the payment that they had received.
In the second variation, scammers take advantage of data lag times and disconnects between merchants and shipping companies. They place rush orders to an address that cannot receive a delivery. After several attempts, the shipping company will flag the order as undeliverable. The scammer then contacts the shipping company to reroute the order to a deliverable address. The scammer initiates a chargeback, taking advantage of the fact that, because of the aforementioned disconnect between the merchant and the shipping company, the merchant will be unable to provide proof that the shipment was delivered.
When it comes to prevention, there are several simple steps merchants can take.
First, it should be considered a mandatory practice to require CVV codes. This makes it more difficult for fraudsters to use stolen credit card numbers to make purchases that will inevitably be disputed by the actual card holder. Although it is not a 100% guarantee the purchaser is legitimate, it will fend-off the majority of scammers, since it is much harder for them to get CVV codes.
Next, merchants should take advantage of address verification systems that confirm whether a shipping address is the same as the address on file with the credit card's issuing bank. For addresses that do not match, merchants can choose a more secure method of delivery, such as direct shipping, that prohibits rerouting -- or requiring that a signature be collected in order to receive the purchased goods.
Finally, merchants can take advantage of identity data intelligence providers to help parse mismatched addresses. These systems are able to gather and connect publicly available data to show connections between email addresses, physical addresses, names, and other types of data. If no association is shown between the billing and shipping addresses, the merchant can opt to send the shipment directly, without allowing the option for rerouting. If the scammer has used the undeliverable address in the past, this fact can be surfaced, and the transaction can be declined. If merchants are able to develop better data exchanges with their shippers, they can speed notification of reroute requests, run the new addresses through the system, and require signatures on delivery if the shipment is not associated with the name on the credit card.
Of course, it is possible that a shipment to an address other than the billing address is legitimate: people often ship gifts to friends and family. A good people-data provider will be able to uncover connections between the purchaser and the recipient, allowing merchants to approve these transactions without incurring loyalty-eroding customer friction. But even then, there is a risk of incurring chargebacks...
Friendly fraud
Although it may seem like a stretch to label this type of innocent mistake a fraud, the losses merchants incur because of it are significant, as it makes up 35% of all eCommerce fraud.
The scenario goes something like this: a merchant receives on online order with an address that differs from the billing address on file. Using identity data intelligence, they detect that the shipping address is associated with the credit-card holder's child, so they approve the transaction. After the order is shipped, the merchant sees that the charge has been disputed. The reason, the merchant discovers in phase-one of resolution, is that the cardholder did not remember making the purchase. When shown the shipping address, the cardholder realizes who made the purchase, and the dispute is settled in favor of the merchant.
Merchandise not received fraud
In this type of fraud, a scammer orders a shipment, receives it, claims that the shipment never arrived, and initiates a dispute.
If the merchant recognizes that this customer has engaged in this type of behavior in the past, they can choose to require a signature upon receipt. If it is the first time, however, identity data intelligence solutions are able to connect names and email addresses to associated social media accounts. In these times when it is common for people to overshare on social media, the merchant may just find that the scammer has posted photos of themselves with their ill-gotten goods.
In reality, though, merchants' strongest play is preventative: keeping good records, maintaining close communications and data sharing with shippers, using tools that enable the parsing of discrepancies between billing and shipping addresses, and choosing methods of delivery that correspond with the amount of risk involved in the transaction.
Chargebacks. They are more than just a hassle: Whether the dispute is legitimate or the result of fraud, fees that range from $15 to $40 eat into profits. If the dispute makes it all the way to the arbitration phase, merchants can expect to pay a fee of up to $400. What is more, when chargebacks exceed 0.9 - 1.0% of the merchant's total sales volume with the credit card company, they will be placed on a chargeback monitoring program, subjected to a $5000 fine, and may even face a possible termination of their relationship with the card processor.
Needless to say, it pays to take steps to prevent chargebacks, and to be quick to address and investigate them when they do occur.
In this blog, we will take a look at some of the leading causes of chargebacks and what can be done to mitigate them.
Rerouting fraud
This type of fraud comes in two flavors.
In the first type, the scammer uses a stolen credit card to place an order. Because the credit card information they purchased on the dark web is what criminals refer to as a "fullz" -- the credit card number plus all of the information necessary to make a purchase is present -- the fraudster will have the billing address associated with the card. They will present this address to the merchant as the shipping address. When the scammer has received notification that the package has shipped, they will contact the shipper and change the address. The true owner of the card will, of course, dispute the charge. Because of credit card companies' zero-liability policies, the merchant will lose both the product they have shipped and the payment that they had received.
In the second variation, scammers take advantage of data lag times and disconnects between merchants and shipping companies. They place rush orders to an address that cannot receive a delivery. After several attempts, the shipping company will flag the order as undeliverable. The scammer then contacts the shipping company to reroute the order to a deliverable address. The scammer initiates a chargeback, taking advantage of the fact that, because of the aforementioned disconnect between the merchant and the shipping company, the merchant will be unable to provide proof that the shipment was delivered.
When it comes to prevention, there are several simple steps merchants can take.
First, it should be considered a mandatory practice to require CVV codes. This makes it more difficult for fraudsters to use stolen credit card numbers to make purchases that will inevitably be disputed by the actual card holder. Although it is not a 100% guarantee the purchaser is legitimate, it will fend-off the majority of scammers, since it is much harder for them to get CVV codes.
Next, merchants should take advantage of address verification systems that confirm whether a shipping address is the same as the address on file with the credit card's issuing bank. For addresses that do not match, merchants can choose a more secure method of delivery, such as direct shipping, that prohibits rerouting -- or requiring that a signature be collected in order to receive the purchased goods.
Finally, merchants can take advantage of identity data intelligence providers to help parse mismatched addresses. These systems are able to gather and connect publicly available data to show connections between email addresses, physical addresses, names, and other types of data. If no association is shown between the billing and shipping addresses, the merchant can opt to send the shipment directly, without allowing the option for rerouting. If the scammer has used the undeliverable address in the past, this fact can be surfaced, and the transaction can be declined. If merchants are able to develop better data exchanges with their shippers, they can speed notification of reroute requests, run the new addresses through the system, and require signatures on delivery if the shipment is not associated with the name on the credit card.
Of course, it is possible that a shipment to an address other than the billing address is legitimate: people often ship gifts to friends and family. A good people-data provider will be able to uncover connections between the purchaser and the recipient, allowing merchants to approve these transactions without incurring loyalty-eroding customer friction. But even then, there is a risk of incurring chargebacks...
Friendly fraud
Although it may seem like a stretch to label this type of innocent mistake a fraud, the losses merchants incur because of it are significant, as it makes up 35% of all eCommerce fraud.
The scenario goes something like this: a merchant receives on online order with an address that differs from the billing address on file. Using identity data intelligence, they detect that the shipping address is associated with the credit-card holder's child, so they approve the transaction. After the order is shipped, the merchant sees that the charge has been disputed. The reason, the merchant discovers in phase-one of resolution, is that the cardholder did not remember making the purchase. When shown the shipping address, the cardholder realizes who made the purchase, and the dispute is settled in favor of the merchant.
Merchandise not received fraud
In this type of fraud, a scammer orders a shipment, receives it, claims that the shipment never arrived, and initiates a dispute.
If the merchant recognizes that this customer has engaged in this type of behavior in the past, they can choose to require a signature upon receipt. If it is the first time, however, identity data intelligence solutions are able to connect names and email addresses to associated social media accounts. In these times when it is common for people to overshare on social media, the merchant may just find that the scammer has posted photos of themselves with their ill-gotten goods.
In reality, though, merchants' strongest play is preventative: keeping good records, maintaining close communications and data sharing with shippers, using tools that enable the parsing of discrepancies between billing and shipping addresses, and choosing methods of delivery that correspond with the amount of risk involved in the transaction.
Host a Webinar with the MRC
Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request
Publish Your Document with the MRC
Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document
