How payments data can mitigate the risk of chargeback fraud

As you know, the chargeback was primarily designed by credit card companies to protect customers. It’s how shoppers get their money back if the product is sub-standard, doesn’t arrive, or it wasn’t them who bought it at all. 

Each year billions of dollars are refunded by merchants - typically between 0.7% and 1% of all their sales - in the form of chargebacks to customers. The vast majority of these claims are not disputed, so it’s hard to get an accurate picture of how many are genuine. But growing evidence reveals that chargeback protection is increasingly being subverted. A 2018 study by the Aite Group estimated that, in the U.S. alone, card-not-present fraud losses would rise to $6.4 billion this year (2020), an increase of 60% in just three years. And some estimates suggest an eye-watering 60-80% of all chargebacks relating to online purchases are fraudulent. 

Despite this, 67% of merchants we surveyed for our report Black Boxes and Paradoxes: The Costs of Disconnected Payments do not receive fraud and chargeback analysis data.

With the growth of e-commerce and digital services, more transactions are performed with the consumer, product and merchant apart. These ‘card-not-present’ purchases give an opportunistic shopper the chance to claim ignorance about the transaction. Delivery of the product - or not, as may be alleged - offers another chance to hoodwink. Savvy consumers know the default position of their bank is to believe them and force a refund. They also know the merchant is likely to want to avoid the hassle and reputational threat of disproving their complaint. So the person gets their product, and they get their money back. Of more concern to merchants is the increase in large-scale, systematic chargeback fraud. 

With each chargeback costing merchants around $2.40 for every $1 refunded in loss of product, penalties and administration, according to a LexisNexis survey from 2016, it’s no wonder they’re fighting back. And it’s enhanced payments data (such as user, device and buyer behavior data), collected via the new generation of 3D Secure products, that they’re turning to.

The use of data to combat chargeback fraud is nothing new. The new generation of 3D Secure products, such as ‘Visa Secure’ (what was known as ‘Verified by Visa’) or ‘MasterCard Identity Check’ (previously ‘SecureCode’) - now mandate two-factor verification. And ‘Address Verification Services’ (AVS) and ‘Card Verification Value’ (CVV) are already used to match a card with its rightful owner at the point of purchase (though these are considered weak fraud defences, as a stolen card usually comes with the cardholder’s name, address, and CVV code).

But fraud - organised or the opportunistic kind - has a way of keeping one step ahead of the security. 

In response, the battleground is shifting. Innovative merchants and their PSPs are starting to use payments data predictively to detect and prevent fraud from entering the payments ecosystem in the first place. Yet payments data alone offers little insights for this challenge. The step-change with the latest 3D Secure authentication data has been to allow merchants to collect, analyze and share user data and shopper behavior data with card issuers. In essence, it means that the liability is now shared between merchants and issuers, creating a greater incentive to prevent fraud. By using payments data to block suspicious customers and cards way before they transact, merchants are wrestling back control. 

Fraudulent use of cards, like all types of fraud performed at scale, follows patterns and reveals anomalies. Algorithmic exercises, or more sophisticated machine learning techniques, can turn those insights into actions. Cards can be blocked, and customers can be blacklisted. 

It sounds impressive, and that’s because it is. Predictive modelling is hard. Here’s where the value of your PSP comes into the picture. 

Let’s for one minute leave aside the European Payment Services Directive (PSD2) that makes PSPs legally responsible for fraud committed towards their merchants if they do not provide Secure-Customer-Authentication tools. PSPs that are reluctantly combatting chargeback fraud because of legal obligations, or de-risking the threat with low chargeback fees, are unlikely to be taking it seriously enough to support you. 

• How much data are you leveraging? Precise modelling needs lots of payments data, over a long period of time. The more a system knows, the more it can recognize when something looks odd. Understanding peaks and troughs in individual spending patterns, individual transaction values, and how many different schemes are being used are all key data points. But transactional insights alone won’t cut it. Signs of potential fraudulent chargebacks include behavioral data such as: does the claimant change their card after a chargeback?; how many devices are they regularly using to make online purchases?; and is the claimant buying products that are easily liquidated? This data is only possible to gather and analyse if processed via 3-D Secure 2.
• Who have you got working on this? The best predictive modelling strategies combine the automation capabilities of technology with the instincts of experts. And we’re not just talking about data scientists here. Payment and investigation experts are critical in bringing context to the data, and drawing conclusions from it. Equally a customer success manager can advise on the possible trade-offs you may need to consider before implementing new security protocols that may increase friction. Though such a trade-off is not an automatic consequence. The right PSP can help you optimize this protocol for maximum frictionless processing while meeting your regulatory obligations as well. This holistic approach, that pits technology alongside multiple point experts to combat chargeback fraud, is the hallmark of a PSP taking it seriously. 
• How soon can we see the benefits? A PSP that gives you a short-term answer to this question is misleading you. Predictive modelling, at least in its early phases, is about establishing a base level. It’s not about identifying live cases and reacting to them. A trusted PSP should explain the need for patience, and why it’s important to retain and develop your current detection and response measures.

In truth, predictive modelling in the payments space is relatively immature. And much of it is focused on improving payment success rather than combating chargeback fraud. But that’s OK. It doesn’t have to be perfect. Fraud is about exploiting the soft touches. Merchants only have to make it harder to commit fraud with them than another vendor, and they push the fraud elsewhere, with all the costs and consequences that go with it. 

So tackling fraud - and your choice of PSP to give you the best shot at it - has become more than just a payments issue. It is another opportunity for a merchant to use payments to strike a competitive advantage in its market. It is about marketing, customer retention, brand reputation and everything else that makes a business tick over and grow. 

Find out more about how merchants use data in our new report Black Boxes and Paradoxes: The Costs of Disconnected Payments