Friendly fraud, generally speaking, occurs when customers order digital or physical goods, falsely claim they never got them, and ask their credit card issuer for a chargeback. Another variety of friendly fraud is purchases made with stolen credit card numbers that look legitimate — until the real cardholder calls in a chargeback request. If you run an online business, friendly fraud is most definitely not your friend.
This type of fraud hits e-commerce merchants of all kinds, big and small. In fact, it’s on the rise because now that EMV controls have made it harder to commit fraud at the point of sale in the US, thieves are now shifting their sights to online shops that are more vulnerable to credit card fraud – and that includes small merchants who may think they’ve escaped fraudsters’ notice.
How much does friendly fraud cost?
Friendly fraud cost merchants more than $11 billion in 2012, and the problem has only grown since then. Chargebacks are rising by about 20% per year, and card-not-present merchants – those who sell online and over the phone – are particularly vulnerable.
[bctt tweet=”Friendly fraud cost merchants over $11 billion in 2012, and chargebacks are rising 20%/yr. #ecommerce” username=”hostgator”]
That’s the industry-level view. For any given merchant, a single chargeback can incur a processing fee of anywhere from $15 to $100 – and that’s just the start. Each chargeback also represents a loss of the shipped goods plus the revenue from the transaction. Worse, too many chargebacks (generally more than 1% of all transactions) can cost merchants their business if their banks cut them off.
What are potential signs of friendly fraud?
Not every transaction that raises a flag is actually fraud, but you or your fraud-management partner should carefully screen transactions that fit these descriptions.
- A customer billing address that doesn’t match the credit card billing address
- High ticket-value purchases by a first-time customer
- Purchases of multiple items in more than one size, color, etc. by the same buyer, especially if those purchases are made with different cards
- Repeated attempts by the customer to enter a correct card expiration date
- Repeated attempts by the customer to make purchases at increasing or decreasing ticket values
- Similar credit card numbers used for a group of purchases
- Many credit cards used to make purchases from the same IP address
These flags can (but don’t always) mean buyers is guessing at cardholder information such as address, credit limit, or card expiration date, or they can indicate someone shopping with a list of stolen credit card numbers.
How E-commerce Merchants Can Fight Friendly Fraud
If your overall sales volume is very low, you may be tempted to handle all your fraud screening yourself or in-house. This may not be the best solution, for two reasons. First, fraudsters are always refining their tactics to avoid detection, which means you’ll need to become a fraud expert in addition to running the rest of your business.
Second, your sales volume may grow rapidly during peak times like big sales events and the holiday season, which is often a peak season for fraud, too. Those peaks can overwhelm your fraud-screening capacity and force you to choose between a sales bottleneck and increased fraud risk.
A better option is to choose a processor with fraud protection services or hire a third-party fraud service to screen your transactions.
If you’re using WHMCS, HostGator’s comprehensive online business solution partner, you can opt in to fraud protection services MaxMind and VariLogiX. MaxMind allows you to set the parameters you want to approve transactions, and the MaxMind system screens and scores each transaction request according to your specifications. You can set a score threshold for automatic rejection of the highest-risk orders. You can also manually review the orders MaxMind flags and set up phone verifications of flagged orders.
VariLogiX is another option for WHMCS users. It can automatically call customers before their orders are submitted to verify their identity and the validity of the transaction. Customers enter a code shown on their order screen during the call. Contacting customers directly shows them you’re serious about protecting their identity and payment information. It can also save you the hassle and expense of fraudulent transactions.
Whatever fraud-protection service you choose, make sure it uses detection and predictive tools that can evolve with changes in fraud tactics. Friendly fraud may not ever go away entirely, but you can make your business less of a target by watching out for buyers who aren’t really your friends.
Take action to secure your online business by choosing a reliable hosting provider like HostGator. Learn more about our ecommerce hosting here.
Casey Kelly-Barton is an Austin-based freelancer who enjoys writing about business development and marketing, e-commerce payments and fraud prevention, and travel.