Although the rates of bankcard fraud in e-commerce may be “stable”, according to the French OSMP (Observatory for the Security of Payment Means,2019 Annual Report), they continue to be a source of concern for e-merchants. It’s high stakes for e-merchants with PSD2 legislation coming into force in May, reviewing types of fraud and understanding not just how to navigate it but be in the drivers seat is key for success in 2021.
However, there is a specific type of fraud that escapes the risk analysis rules traditionally used by merchants which is friendly fraud. While the rules are becoming stricter with the entry into force of the implementing legislation of PSD2, let’s take stock of this type of fraud and its stakes in 2021.
1/ Friendly fraud is protean and complex to identify
This generally occurs:
- With consumers who are familiar with the mechanisms of the regulations to which banks are subject: Article L.133-18 of the French Monetary and Financial Code indeed states that refunds must be made immediately, which does not leave the issuer time to study the cases properly.
- With consumers who have received defective products or have not received the service ordered: they then declare the transaction as unauthorised, in order to be reimbursed. It is actually a commercial dispute. These cases have mechanically increased with Covid-19, in connection with the increase in the number of undelivered services (in the travel and tourism sector in particular).
- In ‘addictive’ sectors such as gambling, betting and online fortune-telling.
Friendly fraud is difficult to tackle, as the cardholders generally behave in a standard way, without any fraud recorded in their history. They are therefore ‘scored’ by the tools used to fight against fraud as being low risk, thus giving them a frictionless path. An anomaly that makes it all the more difficult to tackle. However, if strong authentication were strictly applied, it would automatically remove the possibility for these “friendly fraudsters” to deny that they are the originators of the transaction.
Example of friendly fraud: a commercial dispute disguised in fraud
2 / Reducing fraud rates is a key challenge of the PSD2
With PSD2, strong authentication becomes mandatory for all payments, unless exemptions are provided for in the RTS (Regulatory Technical Standards). To be able to request exemptions and have them accepted by the issuers (cardholders' banks), the merchant must first and foremost comply with fraud rate thresholds (find out more about these thresholds in this article).
Friendly fraud is of paramount importance here, as it inflates the fraud rates of many merchants, even if 3D Secure authentication is triggered. Indeed, 3D Secure strong authentication protects the merchant who is not held financially liable, and it is the issuer who reimburses the cardholder. However, the transaction is still identified as fraudulent and is therefore taken into account in the calculation of the fraud rate.
There is therefore a little-known challenge at stake, which is that of reducing the fraud rate. The EBA (European Banking Authority) has also taken the measure of this phenomenon, since it provides that this type of fraud can be deducted from the rates that fall within the thresholds to benefit from the exemptions of strong authentication. That is one piece of good news... but as the EBA has not defined a formula to calculate these fraudulent chargeback claims, it is therefore difficult at this stage to exclude them from the scope.
3/ Challenging unpaid friendly fraud offers a double benefit
As with any fraud, the merchant must contest the outstanding payment to recover the amounts it is owed. In addition to this financial aspect, the other benefit of contesting concerns fraud rates: contesting outstanding payments will make it possible to prove the cardholder’s misconduct, and thus lower the merchant’s overall fraud rate. Under PSD2 (as seen above), this will enable the merchant to reach the fraud thresholds required to benefit from the exemptions.
The double benefit of contesting
To prove these frauds, proof must be collected to show evidence that it was indeed the cardholder who used his or her card and made the payment, even if they deny it: usual delivery address, emails exchanged with the e-commerce site showing that they are expecting the service to be provided, etc.
It is therefore in the interest of merchants to act in this way, since the evidence will enable them to win their case with the card networks. They can be supported by their PSP (payment service provider) with the appropriate tools.
Dalenys has set up a dispute management tool to ensure optimal monitoring of claims. The interface allows the merchant to see at any time the breakdown by type of the merchant’s outstanding payments, the reasons for the non-payments, and the status of the claims received.
For the detailed procedure with regards to managing disputes, see our article:
Find out more about the challenges of PSD2 for retailers in our white paper: https://download.dalenys.com/white-paper-psd2/
