Online merchants are no strangers to challenges and in the last few years those challenges have multiplied beyond measure. There is, however, a ray of hope for merchants trying to combat the problems of chargebacks and friendly fraud, in the form of Visa’s new dispute resolution rule Compelling Evidence 3.0.
The rise of friendly fraud and chargebacks
The cost of “friendly fraud” (also known as first-party fraud or first-party misuse) is estimated to be a whopping $50 billion globally in 2020 according to a report by the Mercator Advisory Group. Friendly fraud, in general, is defined as when a customer legitimately purchases an item but later claims they did not authorize the transaction. They do this so they can financially benefit from the recovered funds and in some cases sell on the item they have received for further reward.
Like other fraud vectors, friendly fraud experienced considerable growth during the pandemic. Subcategories of friendly fraud include: a pre-determined attempt to obtain free goods, family fraud (where the valid transaction was made by another family member), buyer’s remorse or using dispute protections to obtain a refund for products outside of the return window. While it’s not possible to pinpoint customers’ exact motivations for committing friendly fraud, a likely possibility is financial hardship, again exacerbated by the recent economic shocks.
Chargebacks have grown and continue to be a huge operational cost to online merchants. When a single chargeback is raised, it’s estimated that merchants can typically lose more than 2x the original transaction amount because of a variety of costs including chargeback fees, transaction fees, marketing costs and operational costs e.g., packing, shipping, inventory management and logistics. It’s therefore in the merchant’s interest to become as efficient as possible at managing chargebacks to reduce ongoing costs.
With the two problems compounding, card schemes have found that friendly fraud makes up the lion’s share of chargebacks. According to a Visa internal reporting source, 75% of chargebacks are classified as friendly fraud, so it’s a problem that needs to be tackled head-on.
What is Visa Compelling Evidence 3.0?
Card schemes have recognized the growing scale of friendly fraud and have been working with the wider merchant community to resolve it.
Visa has announced a new global dispute resolution rule called Compelling Evidence 3.0, which takes effect from April 2023 to tackle the problem. According to Visa guidelines, compelling evidence is “proof the cardholder participated in the transaction, received the goods or services, or benefitted from the transaction.”
Under existing Visa rules, if a cardholder raises a chargeback with their card issuer and claims they did not authorize a transaction (in a card-not -present environment)[1], then the merchant is typically liable for the transaction. Under the new rule, if the merchant can provide compelling evidence in the form of certain required datapoints, the liability of the disputed transaction is shifted to the issuer. Merchants need to provide datapoints from a customer’s transaction history which match datapoints from the disputed transaction.
Merchants will need to provide a digital footprint of a customer’s transaction history. This means capturing datapoints including the user account log-in ID, shipping address, device ID and IP address. The datapoints must originate from at least two undisputed transactions that have taken place at least 120 days prior to the date of the disputed transaction, establishing a baseline of legitimate cardholder activity. If datapoints are consistent with the disputed transaction, then it’s “compelling evidence” that the cardholder did participate in the transaction. The disputed transaction is considered likely to be friendly fraud.
An additional option available to merchants is to feed data into Visa’s pre-dispute Order Insight. This will create time/resource efficiencies for the merchants as they’ll benefit from the liability shift at pre-dispute stage. This effectively stops the disputed transaction in its tracks from becoming an official, fully-fledged chargeback.
Device fingerprinting: not all device ID is created equal
The new Visa rule change is great news for merchants, and many will already have some form of device ID associated with a user’s device. However, to benefit from the new rule merchants will need to capture device intelligence data that’s consistent across two transactions and is dated at least 120 days prior to the disputed transaction. The challenge therefore becomes capturing datapoints that are persistent over time that cannot easily be wiped by the consumer.
Cookie-based device ID technology is not reliable. Here the datapoints are stored within cookies which consumers have the power to delete, reducing the potential for data to be persistently captured. Browser companies like Google are also phasing out their third-party cookie use over the coming years, diminishing the relevance of cookies even further.
Callsign’s deep device fingerprinting captures datapoints that are persistent over time using non-cookie-based technology. Callsign can cryptographically “bind” a user with a device and store this unique datapoint on the client and server side. This ensures a more persistent device ID, fulfilling the compelling evidence rule.
In addition to non-cookie-based device fingerprinting, Callsign’s location intelligence can capture the IP address of a device. This is another mandatory datapoint for compelling evidence.
Callsign’s market-leading intelligence
Callsign’s market-leading layered intelligence (or “Digital DNA)” can help merchants beyond Visa’s new dispute resolution rule. With advanced AI and machine learning, Callsign’s Intelligence Engine collects, analyzes and fuses together thousands of datapoints to create ensembled scores for authentication and fraud detection. These data points are created from layered intelligence including pioneering behavioral biometrics, device intelligence, location data, telephony intelligence and threat detection.
While device intelligence is specifically required for Visa’s friendly fraud chargebacks (i.e., post-purchase), layered intelligence can be used to protect customers at all stages of the customer’s user journey. Friction is reduced using passive authentication at registration, login, account management and payment check out. It can also be applied to tackle third- party fraud such as identity fraud (using stolen account and card number details) and ATO fraud.
Merchants cannot single-handedly put a stop to friendly fraud. However, with the card schemes’ latest chargeback rule changes and investment in the right technology, merchants are in a better position than ever before to tackle one of their biggest challenges.
[1] Classified by Visa as Reason Code 10.4 Card Not Present Fraud Dispute
