Chargeback fraud is a type of online fraud that is a growing concern among business owners, especially online merchants. Merchants are the ones who pay the cost of this pervasive and ever-increasing risk to sales and to the business’ bottom line.
What is online fraud? Online fraud can range from identity theft to a purchase on the internet made for the purpose of defrauding a merchant out of their goods, services or revenue. In short, it is fraud that is carried out online.
Potential causes for growing online fraud
With the increase in popularity of shopping on the internet, card-not-presenttransactions are also increasing. Card-not-presenttransactions are those transactions where the credit card is not physically swiped by a card reader, but rather the credit card information is manually input into a website, mobile app. or other electronic access point. This means that the benefits of chipcards and their enhanced security are bypassed. The credit card number, expiration date, and security code are all that stand between you and a fraudulent transaction.
This also means that there is little opportunity for merchants to implement identity verification of any kind. In other words, if a person has someone else’s credit card information either through identity theftor outright physical possession of the card, you as the vendor have little opportunity to become aware of it before you are the victim of a fraudulent transactionand become liable for a refundfor goods or services that you provided in good faith.
Identity theft adds another layer of complexity into the mix. When a person’s identity is stolen, the merchant may indeed have reasonable safeguards in place to prevent fraud, but the fraudster can easily bypass the security by using their victim’s personal information. The business will again bear the burden of this fraud as the credit card issuer has an agreement in place that states that the cardholder is not liable for fraud.
These days, online transaction processing capabilities are plentiful and easy to acquire for even the smallest merchant. Many end-to-end solutions have come to the market offering both the hardware (card reader) and the software for online transactions.
An end-to-end solutionis an electronic payment transaction system that is vertically integrated to provide a quick and easy setup of online transaction capabilities. However, by offering quick and easy capability, end-to-endsolutions have also added to the overall problem of online fraud. In years past, a merchant may have had to install the credit card processing system into their website themselves. An IT department, a security expert and a webmaster may have all been involved, which meant many eyes were on the credit card transaction processes. Now, with the truly seamless integration of a payment processing system being available via end-to-end solutions such as Stripe, Squareand Paypal,credit card processing technology doesn’t have to go through quite so many gatekeepers.
Chargeback regulations have not adapted to a dynamic marketplace
With all of the benefits afforded businesses by rapid access to online transaction processing, there are many caveats. While a merchantmay be able to electronically sell their goods and services online, they must also deal with the consequences of unsuccessful transactions as well. One type of unsuccessful transaction is the chargeback.
A chargeback is when you think that you made a sale, but for some reason the customer wants their money back.
Chargebacks are the bane of a business’ online transaction history. Under current law, consumers may have up to a year to dispute online transactions under either the category of “billing errors” or “claims and defenses.” This means that you as the business owner may be held liable for the return of the customers’ money and take a hit from the bank or card issuer in the form of fees or penalties.
In the past, card issuers were usually the ones to bear the brunt of unauthorized or fraudulent transactions. Now, however, the liability has shifted to the entity with the lowest security implemented. If the merchant has rigorous fraud preventionand a secure environment designed to thwart and/or minimize credit card fraud, then the burden will again rest with the bank.
But what do you do if you are a small merchant who cannot afford or who does not have access to high-end security equipment or top-of-the-line experts? You can find (or even become) a payment facilitator.
Payment facilitators or PayFacs, are sub-merchant accounts. They can make your life as a business owner quite a bit easier by allowing clients to accept payments quickly and easily. The main benefit to using a PayFac, is that you as the business owner don’t need to worry about the overhead of a security infrastructure. PayFac has almost complete autonomy as to who they allow onto their platform, which makes application time much faster than a traditional merchant ID application. Merchants can usually get a credit card reader easily at any store and have their application filled out and completed in about an hour.Customers choose the easiest, fastest, and most efficient option for goods and services so it should be no surprise that merchants need to be nimble, cost-effective and have an easy to use interface with which customers can purchase their goods and services.
Along with merchants and merchant aggregators, like PayPal and Square, there are also what are known as acquiring banks. The acquiring bank is the entity that holds the merchant’s bank accountas opposed to the issuerwho issues the credit card to the consumer.The explosion of online transaction processing has given rise to all sorts of online fraudand one type that is especially pervasive is chargeback fraud. This type of fraud occurs when a customer files for a chargeback on a legitimate purchase, thereby either intentionally or innocently circumventing the return, refund, or dispute policy procedures that may be in place with the merchant. Designed as a consumer protection mechanism, the chargeback processis relatively simple and flows like this:
- The cardholder files a dispute of the charges with the issuer. Because this is not the merchant, the business that sold the goods or serviceshas no idea what’s happening – yet.
- The dispute is determined to either be valid or not. If it’s determined not to be a valid dispute, the process ends here. If it is determined to be a valid dispute, then at this point it is sent on to the processing network and it becomes a
- The customer is issued a credit (basically a refundof their money) and the issuerstarts the process to have the funds eventually recouped from the merchant.
- The acquirerreceives the chargebackand sends it back to the merchant.
- The merchantcan either accept the chargebackwhich means being out the purchase price and the chargeback fee, or they can fight the chargeback.
- If the merchantdecides to respond, they will be required to provide compelling evidence that the transaction is legitimate. This can include things like transaction history for the disputing customer, geolocation, device information, CVV numbers, date/time stamps and so forth.
- The acquirer(merchant’s account holder) will then review the evidence and decide whether the chargebackis valid (merchant loses) or the chargebackis not valid (customer loses).
Unfortunately for the merchant, this is not necessarily the end of the dispute. The customer can initiate a second chargeback, also known as pre-arbitration, and the process repeats.
Another item of importance for merchants is this: every time a transaction becomes a chargeback whether or not it eventually holds up, it affects what is known as your chargeback ratio. This is a critically important number as it tracks how many times your transactions become chargebackswhich is a key factor for acquirersto determine not only your risk to them as a merchant, and subsequently your transaction processing rates, but also your cost to them as a customer.
Although the deck may seem unfairly stacked in favor of the customers, and perhaps rightly so in many instances, merchantshave a number of chargeback rightsthat they can cling to.
The first right that the merchant enjoys is the chargeback process itself. With the notable exception of fraud, there is no blanket refund of the customer’s money without a number of interested parties reviewing the customer’s dispute, and/or the compelling evidence associated with a merchant’s fighting a chargeback.
The next right that merchants have is one that is simply common sense: The chargeback amount cannot exceed the original transaction amount plus any shipping and handling and any surcharges connected to the dispute.
The next line of defense for a merchant is that several of the reason codesfor chargebacksrequire the cardholder to attempt a resolution with the merchantprior to issuing a chargeback. These chargeback reason codes fall into four main categories: fraud, processing errors, authorizations, and customer. Many times, an issuer will bypass the dispute process and simply issue a refund to the customer on the basis of fraud.
Chargeback fraud protection
There are a number of steps that a merchant can take to reduce chargebacks.
The first steps taken should be in an attempt to prevent chargebacks altogether. Although this is likely an unattainable standard, the policy and procedures that a merchant adopts in pursuit of that standard can significantly reduce the occurrences of online fraud. These steps can consist of easy-to-implement protections such as: clearer transaction policies, enhanced security, excellent customer service and good communication with customers.
Another area where merchantscan protect themselves is in how they manage the process when they do receive chargebacks. Many times when a customer does not recognize a charge, or it appears to be potentially fraudulent, a retrieval requestor soft chargeback will be initiated. This occurs when the issuer requests more information on the transaction in order to determine what, if any further steps should be taken. It is at this point where a proactive approach with customers is the best policy and a merchant might be well served by contacting the customer to inquire as to the nature of the problem. At this stage, it may be a simple issue of the customer not recognizing the name of the entity as it appears on their bank or credit card statements. If the merchant is in contact with the customer or has open lines of communication, an issue such as this can be easily resolved by the customer simply being informed as to the details of the transaction and in many instances this will be sufficient.
Every day the volume of e-commerce transactions increases, and every day a certain percentage of these transactions are subject to fraud. While a business owner has a number of powerful tools in their toolbox to assist in selling their goods and servicesonline, perhaps the best policy is an integrated strategy.
This strategy should include both high-tech and low-tech approaches to the problem. High-tech pieces of the strategy should include keeping updated as to the strengths and weaknesses of the technology, the digital landscape and how fraud is being successfully perpetrated. You should also initiate clear and open communication with your company’s acquirer, the bank and your processing system provider to stay updated with the latest technology both hardware and software.
Your strategy should also include low-tech elements such as providing clear policies on returns, refunds and exchanges along with clearly published timelines for customers to act. Good communication with customers at key times, such as when chargebacksare initiated, can also assist in heading off issues before they become costly problems.