Friendly fraud or chargeback fraud is when a cardholder disputes a purchase on their transaction statement, despite the transaction being legitimate. Friendly fraud can occur in a multitude of ways – from a consumer who reports a package missing only to find it a few days later (and fails to report that the first package was delivered) to a customer who regrets a high price-tag purchase and disputes the charge to get a return.
Friendly fraud is quite common – 1 in 4 customers openly admitted to engaging in friendly fraud in their chargebacks — and rates are rising: a 2023 survey of retailers reported a 19% year-over-year raise in the practice.
Enigma chatted with Ashley Isenberg, leading payments and fintech advisor and former Finix alum, about how friendly fraud affects payment processors, why rates of friendly fraud might be rising, and how Enigma’s data might be able to solve the problem.
This interview has been edited for length and clarity.
Can you give us a few examples of friendly fraud?
Friendly fraud is when somebody intends to make a transaction and then later makes the decision to charge back that purchase. Think about someone signing up for a subscription they decide they don’t want and instead of reviewing the membership policy and asking for a refund, they just call the number on the back of their card to dispute the charge. Or if somebody overspends that month, their solution is to go back to their ecommerce purchase – something that they did not buy in person, something that was delivered – and charge those transactions back. There's also niche cases where someone may have paid for something that's a must-pay industry on behalf of somebody else, and now they're charging it back.
Step-by-step, what happens after a consumer initiates a chargeback, kind of what are the series of events that happen after that?
The cardholder or the consumer will call the number on the back of their card or will log into their bank online and they will get a cue to say “I want to dispute this charge.” When a consumer is going through their bank’s site, or calling, the bank will ask them a series of questions like “did you lose your card?”, “Did someone else take your card and spend this?, or “Did you not receive the product?” The consumer will identify one of those reasons, declaring product not received or poor service and then the card issuer is going to start the request.
What's challenging about chargebacks is while the issuer is starting the request, the acquirer has no visibility to that transaction, so the ability to acquire transactions and issue transactions happens on two sides of the networks and those two sides don't communicate. By the time the merchant will get a notice that says this chargeback is being disputed, they already have to provide evidence.
So the evidence is extremely important: how you collected the transaction, timestamp, signed agreements, proof of delivery, a picture of that product delivered. The merchant has an opportunity to send that evidence back, and the issuer will review it and say either “we don’t agree with the cardholder, there is no transfer of liability to the merchant” or “we agree with the card holder and we’re going to transfer the liability to the merchant.”
At that point, the funds are typically already with the processors and out of the merchants account. If they are found liable, the funds just won't process back. If they are found not liable for the transaction – that it was a good transaction – then the funds will be moved back into their account.
Friendly fraud sounds like it could just be a problem that merchants have to solve with their consumers. Why are processors and payments companies so concerned about this?
One reason that this matters is that processors’ merchants in aggregate need to be below a certain chargeback threshold in order for that processor to be sponsored with all the networks. In most cases, it's under a percent. If a processor has multiple merchants that are hitting those thresholds, a processor in aggregate could itself also start to get flagged from the networks and have restrictions, audit requirements, monitoring programs put on them.
The second reason is because liability rolls uphill. If those merchants on the processors don't have the capital to cover the chargebacks. Let's say they're on the verge of bankruptcy or they're a small business and they just made payroll last week and they don't think they're going to have the money to cover that chargeback or they're truly fraudulent and they close their account and walk away. That liability rolls over to the processor: it doesn't go to the network.
Risk sits with the merchant first. If the merchant is unable to cover that liability, then it goes to the processor. If the processor is unable to cover that liability, it falls to the bank. The networks don't take on any of that risk.
Can you give an example of this?
Furniture stores are historically very high risk verticals. The reason is because they sell large ticket items that customers pay for in advance and that, in some cases, may still be getting built to deliver later.
There have been a few cases in the last two years that I've heard of where a company has come to a processor and said, “We're a furniture company, we do custom furniture.” That company then charges people for a bunch of orders, closes their account, and walks away. In some cases, these are losses upwards of 50 million.
Processors have as much, if not more responsibility, to educate their merchants as merchants have to have a good relationship with their customers and clear communication on refunds. A merchant’s job might be to sell widgets online, for example, but our job as a processor is to help them.
Why are the rates of and dollar amounts of chargeback fraud rising?
Payments continues to digitalize. People who historically used cash are moving on to digital forms of payment. Even during a downturn, you don't see payments decrease – that digital conversion is still growing.
The second piece is that we just went through a huge period of inflation and are going through an adjustment in the market. The majority of the US probably can't afford half of the stuff that they need to buy. I'm seeing chargebacks in insurance through the roof, for example. People are charging back essentials and I think that's just because people can't afford the cost of living.
How have chargeback fraud and the ways of handling it changed over time?
It was harder to issue a chargeback before as a consumer. Banks have made that easily accessible and banks and issuers serve the cardholder: they don't serve the merchant. You can literally just log into your banking portal and decide “I'm gonna charge that back.” Historically, before you had to call or fax in evidence to the bank or issuer to even start that chargeback process. So I think actually, by streamlining that process within the issuer, we've made it more convenient. So in that way, I don't think progress has been positive.
If we're going to make chargebacks easily accessible for consumers, then we need to change the rules for merchants. But nothing's changed on the merchant side to make it easier to argue against a fraudulent case except for the fact that they can now upload documentation instead of fax it in. And now the funds are automatically drafted from merchants’ accounts and held in an FBO account.
There are processors offering merchants automated chargeback handling as a value proposition but … it’s essentially a bloated insurance policy.
Some payment processors create higher fees for merchants that have a lot of chargebacks or remove services to them altogether. But there are cons to refusing to many merchants for fear of chargebacks. What is the solution there?
You have to have a load balancing the risk. If you're going to take a customer that has higher chargebacks that you know is riskier, that's going to take some additional work, you have to have a lower risk business to offset it.
It is very specific processor by processor on how they're going to make those decisions. However, it’s more challenging for merchants and processors working in higher risk verticals. High risk typically means more chargebacks, more reputational risk, and thus difficulties for higher risk verticals to get support from processors. There’s going to have to be processors that eventually come out and figure out how to balance that risk or build tools to prevent those chargebacks.
Does it matter to processors if merchants are at a chargeback rate closer to .6% or .7% vs. .8%? Is there a marginal difference between these merchants versus merchants with slightly higher chargeback rates?
It depends on a processor’s contract with a network and it depends on the network. You might see a merchant has a .6% chargeback rate, but when you break it down in individual networks, their rates are much higher with Visa than they are with Amex, for example. Each individual network is going to take action on chargbeacks. So if a merchant can stay at that .6% across networks, then they're managing it. But if they're seeing 90% of that .6% hitting one network, they're probably going to get flagged by that network, which is going to cause them to get shut down. Even if it’s just one network that flags, and that merchant would get shut off for processing as a whole.
What is the role of data and providers like Enigma in helping processors manage chargeback risk?
One of the biggest issues we see is that during the onboarding process, there's really no way to validate prior processing history. So unless somebody has been shut down for chargebacks, and didn't have money in their account, they're not getting matched as a high risk for chargebacks. For example a prospect might sign up for an account at a payment processor and say they process 25 million but they really process 5 million right to get discounted pricing. A payment processor wouldn’t be able to build the right risk rules for that type of exposure.
Enigma is really valuable because you're going to build an educated risk algorithm because you have historical data from a third party.
Enigma’s team wanted to find a way to manage this sort of growing merchant risk, working under our belief that one of the best ways to manage merchant risk is to determine its risk upfront.
We reviewed three merchants that were known to be highly risky for their processor or wholesale ISO, two insurance companies and one concert venue overselling tickets.
While Enigma data does not have chargebacks, we do have access to refunds. In partnership with our customers, we have empirical evidence that refunds are correlated with chargebacks.
When we look at how the refund to revenue ratios of the three merchants above rank among all merchants, we can see all of them rank in the worst 6% in terms of the proportion of refunds of total revenues.
Using this percentile rank on the merchants you’re considering onboarding can help provide a predictive signal about those that may be likely to over-index on friendly fraud – and that you may not want to work with. Moreover, you’d be able to compare reported data of prospects and customers to true data from Enigma, from processing volumes to transaction sizes.
Enigma can provide near-real-time data to help you make better risk and underwriting decisions.