Like any industry, payments has its unique lexicon; it’s rumored to be more elaborate than most, as payments is an industry in constant flux. This is most apparent in how we talk about fraud. Payments has ascribed a great many names to fraud, to literally come to terms with it: true fraud, criminal fraud, friendly fraud, chargeback fraud. The problem however is that fraud evolves, leaving ever more names in its wake.
Luckily, dispute management professionals have brought a more precise nomenclature to the party — pun intended, as you shall see. Though there are all sorts of shady tactics that generate fraud — identity theft, account takeovers, etc — we’ll stick to how fraud is talked about within the payments ecosystem. So let’s get you up to speed so you can talk fraud among the staunchest payments jargonistas.
In payments, we deal with the ends more than the means; we define fraud more in terms of who perpetrates it, rather than specifically how they do it. There are two main parties that compose the “who”; there is first-party fraud and third-party fraud.
FIRST-PARTY FRAUD
This is the umbrella term to encompass fraud perpetrated by the cardholder, aka the “first” party, either intentionally or accidentally.
- Friendly fraud typically described the accidental variety, when a cardholder doesn’t recognize a transaction and reports it as fraud.
- Merchants see it as anything but friendly, so “friendly fraud” is on the outs.
- Chargeback fraud falls under the intentional variant, where the cardholder abuses their issuer’s chargeback policy to rob the merchant.
- From the merchant perspective the end result is the same; intentional or not, it’s all theft — so it’s all considered first party fraud.
It’s virtually impossible to prevent first-party fraud in pre-authorization because
- The cardholder makes the transaction, and
- It often doesn’t become fraud until well after the transaction.
So it’s important for merchants to have a post-auth strategy to deal with it.
THIRD-PARTY FRAUD
True fraud, aka criminal fraud, is now known as third-party fraud as it is committed by an external bad actor.
- A “third” party acquires the cardholder’s payment information and uses it to authenticate transactions.
- Merchants are invariably liable for processing third-party fraud; it’s on them to catch it pre-auth.
First-party, third party — which is more prevalent?
As mentioned above, first-party fraud is difficult to detect; moreover, the first-party varietal is always reported to issuers as third-party fraud, further muddying the data. However, an expansive study by Experian found that the first-to-third ratio is roughly 3:1. Aite-Novarica provides a deeper insight worth mentioning. Commissioned by Mastercard’s Ethoca, Aite-Novarica surveyed over 300 merchants for trends in chargebacks and first party fraud. They found that merchants who actively fight fist-party fraud are better at detecting it; their management solutions produce the data and reveal the patterns that differentiate from third-party fraud.
WHERE FRAUD ENTERS OUR ECOSYSTEM
It’s also important to know the contexts where fraud flourishes, because the difference is like night and day. A transaction occurs in one of two ways: where the card is present, and where it is not.
Card Present Transactions
These are transactions that are paid for with the actual physical card, typically through a payment terminal. Thanks to EMV smart chips, fraud is now negligible in this space. Prior to the EMV migration, fraudsters could obtain stolen payment card credentials, print a counterfeit card and use it everywhere they want to be. Now, the encryption in that little gold chip on cards prevents counterfeit cards from authenticating. As a result, since 2015, Visa reported an 76% decrease in card-present fraud.
Card-Not-Present (CNP)
While card present fraud dramatically decreased across all brands in the card-present space, overall fraud rates actually went up. The unforeseen consequence of the EMV migration was that fraud migrated to the card-not-present space, where it flourished.
CNP transactions are any where card is not needed to be swiped or read, as in eCommerce, basically removing EMV from the transaction equation. Going off chargeback data, the ratio of chargebacks in card-present vs. CNP transaction is close to 10:1, on average. Depending on the merchant, CNP fraud can be much higher. Digital products and subscriptions for example see much higher rates of fraud; fulfillment is instant and there are no physical delivery addresses, only the stolen billing address.
CONCLUSION
In banking and finance, we’re all familiar with the big-picture challenges posed by fraud. It’s also important to see the forest for the trees: the types of fraud merchants face, its perpetrators and its common points of entry into the payments ecosystem. This is by no means the complete story on fraud, but you’re already ahead of the game.
These simple concepts of first- vs. third-party fraud and card present vs. not present transactions, you’ll be able to connect the dots to understand the value of dispute management — with DisputeHelp, of course. Schedule some time with us, and we can show you how you can protect your merchants from fraud and create a nice revenue stream for your business in the process.