The Challenge of First-Party Fraud

We talk about fraud a lot and that’s because we’re invested in stopping it. Most of our previous blog posts focus on what we call third-party fraud, or the unauthorized use of a payment instrument (PI) by a third party – usually a bad actor associated with an organized fraud ring who’s attempting to use a stolen PI to turn a profit.

In this post, we want to focus instead on another growing issue in the ecommerce industry: first-party fraud. There were 252 million chargebacks in 2022, and we’re going to dive into how first-party fraud plays into that number.

What is First-Party Fraud?

First-party fraud (FPF) is a situation in which a customer authorizes a purchase with their own PI, but later initiates a chargeback for that purchase. This scenario can generally be broken down into two categories: friendly fraud and transaction confusion. These terms are often used interchangeably, but to avoid confusion, we’ll assume the following definitions for the rest of the post:

First-Party Fraud is Trending Up

First-party fraud appears to be on the rise. According to a survey conducted by the Payments Journal, 50% of US merchants believe FPF is increasing, while 95% of UK merchants thought the same. In that same survey, US merchants estimated that 23% of chargebacks are from friendly fraud, while UK merchants estimated the amount at 40%. US merchants also estimated that 58% of chargebacks were the result of transaction confusion, while UK merchants estimated the amount at 21%. These numbers are estimates, but even so, first-party fraud is clearly an important issue to many merchants.

There could be many reasons for this increase in first-party fraud. To start, disputing a charge on your credit is easier now than ever before. You can learn more about the chargeback process in a previous post. The short story is, many banking and credit card apps make disputing a charge as easy as the click of a button on your digital statement. Before smart phones became so prevalent, filing a chargeback would have meant waiting for your paper statement to arrive in the mail and then phoning your bank about the issue, which could be a time-consuming process.

Chargebacks aren’t the only thing that can happen instantly: shopping itself can happen much more quickly. A customer can make a purchase in under a minute and at any time of day – even the middle of the night. This approach enables impulse buys which a customer may later regret, leading to a chargeback. It also means a customer may not remember every purchase they made, leading to transaction confusion.

Customers may also be making more transactions of fewer items in their cart (especially on sites like Amazon which offer free shipping) rather than fewer transactions with more items in the cart, as tends to be the case in brick-and-mortar stores. This means longer and more complicated bank or card statements, again leading to transaction confusion.

Inflation and COVID-related economic downturns may also be impacting first-party fraud trends. Customers who are experiencing economic hardship may be more likely to dispute transactions they previously authorized in order to keep themselves afloat financially. This may especially be true if the merchant has a complicated or strict return policy. According to the Merchant Fraud Journal’s Chargebacks Consumer Survey Report, over 61% of customers believe chargebacks are a good alternative to requesting a refund from a merchant.

The FPF Problem

First-party fraud is notoriously difficult to detect at the time of initial purchase. Normal fraud machine learning models or rule stacks will be unable to detect first-party fraud because at that point, it’s not fraud yet. It is, for all intents and purposes, a legitimate purchase until the customer charges it back. This means merchants usually take the hit at the time of chargeback. If you’re a merchant, you probably know chargebacks come with a fee – and that fee is nonrefundable, even if you fight the chargeback and end up winning.

There’s also the operational cost of chargebacks, because if you do decide to fight the chargeback, someone in your organization needs to review the transaction data (and likely data from other transactions made by the customer previously) and compile everything to be sent to the banks for review. If you decide not to fight the chargeback, you’ll need to absorb the cost of a refund on top of the fees mentioned earlier. If you fight the chargeback and lose, that’s chargebacks fees plus operational costs plus refund amount for the item. You can see how these costs can start to add up. Friendly fraud chargebacks are a $50 billion issue for merchants every year!

Reducing First-Party Fraud

First-party fraud cannot be entirely prevented, but there are steps you can take to reduce its impact:

• Wherever possible, ensure your billing descriptor clearly states your business name. This can help prevent transaction confusion. Dynamic descriptors may also be right for your business, as they’ll allow you to provide additional details about the customer’s purchase. These changes can be made through your merchant service provider or your payment processing provider, depending on your situation.
• Simplify your refund policy. As mentioned above, more than half of customers would file a chargeback as an alternative to seeking a refund. This could be because chargebacks are easier to understand and request than some refund policies. A simple and visible refund process may encourage customers to use that avenue instead of initiating a chargeback. 
• Perform a chargeback analysis to determine which products and services, regions, or specific customer banks generate more chargebacks. You can then tailor your business toward less risky options. A human intelligence team can help with this process as they will have significant experience in ecommerce risk.
• Track chargeback data for your customers and set thresholds for an allowable number (or dollar amount) of chargebacks for each customer. This threshold may be static (one amount across the board) or dynamic (changing as the customer’s amount of good spend increases). If a customer is above this threshold, you may want to block their purchases or require them to make purchases with pre-paid gift cards. Chargeback data can be fed into an ML model and/or provided to your human intelligence team to help enforce these policies.
• Take advantage of Visa’s Compelling Evidence 3.0 initiative.

Visa Compelling Evidence 3.0

Visa’s Compelling Evidence 3.0 (CE3.0) initiative went live on April 15, 2023. The new rules under this initiative are aimed, among other things, at improving a merchant’s ability to fight first-party fraud from customers who use Visa PIs. This is accomplished by updating the data requirements for disputing a 10.4 (or card-not-present fraud) chargeback.

Under the previous policy, a merchant would need to provide the following data to fight a 10.4 chargeback:

• 1 prior undisputed purchase made by the customer using the same PI as the disputed transaction.
• The purchase must have IP address, email address, shipping address, and telephone number all in common with the disputed transaction.

The idea is that if a customer made a previous purchase with all the same information and did not dispute that previous purchase, the current disputed purchase is more likely first-party fraud than third-party fraud. However, it wasn’t always easy for merchants to obtain all the data required to fight the chargeback.

The new data requirements for fighting a 10.4 chargeback are much more dynamic:

• 2 or more transactions made by the customer using the same PI as the disputed transaction.
• At least two of these data attributes: customer account/login ID, delivery address, device ID/fingerprint, IP address. Either IP address or device ID/fingerprint must be one of the two data attributes provided.
• The previous transactions must have been made between 120 and 365 days before the disputed transaction.

These new requirements allow much more flexibility for merchants, and it’s more likely merchants will now be able to meet the requirements.

Merchants can also take advantage of the new policy in other ways. If you connect your order processing system to Verifi’s Order Insight service, you can actually fight back against chargebacks before they even happen (pre-dispute). If a customer initiates a chargeback against your business, Order Insight will reach out to your system, and you’ll have a 2-second SLA to return the required transaction data. If you meet the SLA, the chargeback will not be completed. That means no chargeback fees or operational costs for you.

If you choose not to connect with Order Insight, you can still provide the required data after the chargeback has been filed (post-dispute). If the requirements are met, you’ll win the case and the customer will be unable to advance the dispute to arbitration. Again, this cuts down on operational costs, as chargeback arbitration can be quite costly.

The bottom line is, first-party fraud is costly and increasing. There are steps you can take to reduce it, but it requires a robust business strategy – and a robust fraud prevention strategy. Our experienced human intelligence team at IP Services would love to be part of those strategies to help keep your business safe.