Outsmarting Friendly Fraud: A Deep Dive into First-Party Misuse vs. Compelling Evidence 3.0

In the world of e-commerce, merchants face numerous challenges, with first-party misuse, commonly known as "friendly fraud," being one of the most significant. This blog post will explore the intricacies of this issue and introduce the new Compelling Evidence 3.0 standard as a potential solution.

First-Party Misuse Fraud by the Numbers

The impact of first-party misuse is staggering:

• While true fraud is a growing concern, friendly fraud (first-party fraud) can account for up to 75% of all chargebacks. 1
• According to the NRF, the losses from friendly fraud total over $25 billion a year.2

It's crucial for the health of the entire ecosystem to reduce the losses incurred from friendly fraud chargebacks.

Why Some Fraud Fighters No Longer Use the Term "Friendly Fraud"

There's a growing trend to use "first-party misuse" instead of "friendly fraud" because:

• It's a more accurate description of what's actually occurring.
• It allows for a more suitable classification including family fraud, buyer's remorse, and policy abuse.
• "Friendly Fraud" undermines the true impact this abuse can have on a merchant's account.
• An industry standard definition helps merchants identify and exclude these orders for a more accurate view of their fraud rates.

Top 10 Reasons First-Party Misuse Occurs

1. Transaction Confusion (e.g., unrecognized charge)
2. Buyer Remorse - economic circumstances
3. Family Fraud
4. Cyber Shoplifting - Attempt to receive goods and services for free
5. Dispute with consumer service team - Refund delay, delivery charge
6. Outside of return window/ Return confusion
7. Convenience – avoid the hassle of disputing with the merchant
8. Dissatisfaction with quality of goods/ customer experience 'Angry chargebacks'
9. Policy Abuse
10. Unexpected financial hardship

Why Fighting Against First-Party Misuse is So Difficult

Combating first-party misuse presents unique challenges:

• Transactions will look the same as a genuine customer
• "Customer is always right" mindset
• Potential loss of lifetime value of a customer
• Double refunds (consumer credit & chargeback)
• Negative list data pollution
• Lack of a bespoke strategy to combat friendly fraud from traditional fraud
• Historical lack of bank and network policies

How to Identify First-Party Misuse

To identify potential first-party misuse, consider the following:

• Does the customer have a history of previous transactions? Age of account?
• What's different about this transaction compared to previous, unchallenged ones?
• What other information do you have about the transaction? (e.g., device ID, IP address)
• Could a third party have had access to the customer's payment details?
• Compare the customer's use of your mobile application and/or online account service to the time the fraud was reported
• Compare the geography of genuine spend up to the point of the loss or theft and where the subsequent fraud took place

Best Practices for Merchants Combating First-Party Misuse

1. Merchant Descriptors: Ensure merchant name is clear and makes sense on customer statements Use descriptors to provide context, such as customer support numbers
2. Terms and Conditions: Make payment and return policies transparent For recurring payments, provide subscriber notification before initial payment For digital goods, include parent's phone/account to set up alerts and spend caps
3. Communication: Provide multiple support channels (help center, chatbot, phone, social media) Solicit survey responses to identify unresolved customer escalations
4. Proactive Refunds: Consider a threshold amount for immediate refunds to avoid formal disputes
5. Dispute Defense Team: Create detailed defense evidence data collection Evaluate whether to revoke future services for repeat offenders or re-establish relationships For account takeover disputes, check if customers want cases investigated by law enforcement

How You Can Protect Your Business Against First-Party Misuse

• Use Identity Behavior Analysis (IBA) to flag positive customers with pre-existing positive history
• Implement device fingerprinting & enhanced profiling
• Monitor different identities linked to the same device using Device Behavior Analytics
• Leverage global history to monitor repeat offenders across merchants
• Utilize Managed Risk Consultant teams to analyze disputes and fine-tune fraud strategies
• Create negative or exclusion lists for frequent offenders
• Use proactive follow-on refunds in Electronic Business Center
• Create review lists for suspicious accounts
• Upload TC40 files in Decision Manager to enhance AI & Unified Consortium Model
• Collect evidence for Compelling Evidence 3.0

What is Compelling Evidence 3.0?

Compelling Evidence 3.0 (CE3.0) is a new standard that applies to Visa disputes categorized as 10.4 Other Fraud—Card Absent Environment. Key points:

• Requires a minimum of two transactions on the same payment method, settled at least 120 days prior to the dispute date
• At least two core data elements must match between prior transactions and the disputed transaction (one must be IP address or Device ID)
• Core data elements include: User ID, IP Address, Shipping Address, Device ID

Benefits for sellers meeting qualification criteria:

• Liability shifted to the issuer
• Dispute deflection – no illegitimate fraud disputes
• Fraud AND dispute ratios not impacted
• Seller retains revenue from the sale
• Seller not liable for dispute costs, fees, or fines – and reduces operational costs

Key Takeaways

To make the most of CE3.0 and protect your business:

1. Ensure you're collecting CE3.0 remedy criteria
2. Pass quality data through your vendors across the ecosystem
3. Work with your acquirer to get up-to-date fraud data
4. Assess pre-dispute vs. post-dispute implementation considerations
5. Leverage Visa Resolve Online (VROL) and Verifi's Order Insight

By understanding first-party misuse and implementing these strategies, merchants can significantly reduce their exposure to this costly form of fraud. Stay informed, stay vigilant, and leverage the latest tools and standards to protect your business in the digital marketplace.