You're viewing documentation for our latest API. This will not impact your integration, but you will need the documentation relevant to you. If you have an account with Checkout.com you have received an email confirming which version to use.
Fraud is the most common reason for disputes – from stolen card details to so-called "friendly fraud". In this guide, you'll learn how fraudulent disputes happen and what you can do to prevent them and reduce their impact on your business.
Malicious fraud is when a third party steals a customer's card or details and then makes a purchase without the customer's knowledge or consent. Most such cases are only spotted after they've happened, when the customer notices and reports irregular activity on their account.
3DS requires customers to complete an extra authentication step with their bank when making a payment – usually asking them to enter a password or a code sent to their phone to verify the payment.
As well as ensuring the customer is who they say they are, 3DS authentication also shifts the liability for fraud-related chargebacks from you to the card issuer. In other words, the customer's bank cannot raise a fraud dispute against the transaction if it has been successfully authenticated with 3DS.
Even though 3DS authentication prevents the customer's bank from raising a fraud dispute, it does not stop the transaction being marked as fraudulent by the card schemes. If you get high volumes of fraudulent transactions, you may be placed on a card scheme's fraud monitoring program.
You can also set up rules to flag or prevent suspicious transactions. For example, you might want to flag and manually review any unusually large transactions.
Friendly fraud occurs when the customer makes a legitimate transaction but then later claims it is fraudulent. This may be deliberate or accidental.
Accidental. The customer doesn't recognize the transaction on their statement, or they're confused about your order or refund process so they they contact their bank to raise a dispute.
Deliberate. The customer wants to obtain the goods without paying or changes their mind after making a legitimate purchase and raises a dispute in an attempt to get refunded.
You should gather as much data about the transaction as possible, like the customer's name, email, billing address and postal code. This makes it easier for us and the customer's bank to verify that the customer is legitimate, and is useful as evidence if the payment is later disputed.
To win fraudulent dispute cases you need to demonstrate a link between the person who received the product/service and the genuine cardholder, or prove that the cardholder legitimately made the payment and has received the product/service. You should keep any screenshots, emails, or other evidence that proves:
A connection between the person who received the order and the cardholder (useful, for example, where one of the cardholder's family members made the payment).
The cardholder disputing the transaction is in possession of, or using, the merchandise.
The cardholder's email address, physical address, telephone number, and/or IP address.
If you sell digital goods, you should keep a description of the merchandise downloaded, the date and time of the download, and as much as possible of the below:
IP address of the purchaser at the date and time of the transaction.
The geographic location of the purchaser's device at the date and time of the transaction.
The purchaser's device ID number and name.
The name and email address linked to the customer's profile.
Evidence that the customer's profile with created and verified by the cardholder before the date and time of the transaction.
Evidence that the cardholder accessed or used the downloaded digital goods on or after the date and time of the transaction.
Evidence that the same device and card were used in previous, undisputed transactions.
If you sell physical goods, shipping to a verified billing address and requiring a signature on delivery can help defend against fraudulent disputes. If you deliver to an unverified address, you won't be able prove that the order was sent to the legitimate cardholder if the payment is later disputed.
If the merchandise was delivered to the cardholder's business address, you should have proof that the right merchandise was delivered, and proof that the cardholder was present at the address at the time of the delivery.
Clearly state your order process and return policy on your website, and ask your customer to agree to them at checkout. This can help prevent cases of accidental friendly fraud where, for example, a customer experiences a delay in an order being delivered so contacts their bank stating that they have not received the goods that they paid for.