Chargeback 101: What’s the Difference between Friendly Fraud vs. Malicious Fraud?

When dealing with credit card fraud, there are two basic types: Friendly fraud and malicious fraud. And as a retail merchant accepting credit cards and other forms of digital payments, it’s important to understand both so you can combat them both in their own way.

Let’s start with malicious fraud.

Malicious fraud is basically the result of identity theft, whether it’s a stolen credit card or a stolen identity used to apply for a new credit card. Malicious fraud is where someone uses a non-authorized credit card to make a purchase.

When the fraud is found out, either by the cardholder reporting the fraudulent charge or the issuing bank detecting unusual card activity, the issuing bank refunds the money to the cardholder and/or cancels the stolen credit card. Then, either the bank recovers the money from the merchant, or it pays for it itself.

Whoever pays the refund depends on what kind of transaction it was, card present or card not present.

An illustrated example of credit card fraud: a small man wearing a mask over his eyes crawling out of a laptop. Two credit cards are nearby for him to steal.

  1. Card present (CP) transaction. This is when the customer hands the card to the merchant, and the merchant verifies it, such as with an EMV payment portal or by checking the shopper’s ID and signature. A purchase at a grocery store, restaurant, or brick-and-mortar retail store involves a CP transaction. Any refunds are given by the bank, because it was most likely a stolen card that was used.
  2. Card not present (CNP) transaction. This is usually an over-the-phone or online transaction. The merchant doesn’t have any of the verification methods of a CP transaction, which means they’re liable for allowing the fraudulent charge, which means they are required to pay the refund themselves.

Friendly fraud is usually anything but. It’s called “friendly” because the cardholder still has possession of the card. It happens when the cardholder issues the chargeback, either intentionally as a way to get something for free or because of an innocent misunderstanding.

Let’s say a consumer receives their credit card statement and there’s a charge they don’t recognize. They immediately call their bank and issue a chargeback, fearing they’ve been the victim of identity theft. The chargeback goes through and reaches the merchant account and the bank grants it. It was all an innocent misunderstanding, but that doesn’t make the financial pain for the merchant any less.

This is why Visa’s Rapid Dispute Resolution and Order Insights from Verifi are both helpful. They use artificial intelligence and human customer service reps to defuse a lot of these problems before they arise.

Friendly fraud is when the cardholder basically tries to steal from the merchant. Let’s say a customer orders $80 worth of food to be delivered to their house: pizzas, cheese bread, drinks, and so on. Then, they call their bank and say, “They forgot my cheesy bread!” and chargeback the entire order.

Because this was a CNP transaction, the merchant is on the hook for the entire order. What should have happened is the customer should have called the restaurant and complained. But chances are, the customer knew what they were doing — they probably even received the cheese bread — and deceived the bank in order to get their entire order for free. Sometimes, especially around college campuses, groups of friends will do this week after week, calling from a different person’s house in an effort to escape detection.

Another example is when a kid uses a parent’s credit card to make a lot of in-app purchases on a mobile video game, and the parent issues the chargeback as a way to get out of paying.

How to Prevent Chargebacks

The best way to prevent friendly fraud chargebacks is to resolve the credit card dispute before it becomes a chargeback. Chargebacks often start out as payment disputes. Merchants have a very small window of time to resolve it or defend against it before it becomes an actual chargeback.

Since chargebacks have enough fees that can make the final total up to 300% of the original charge, it’s often best to just give a refund and eat the loss rather than be required to pay what amounts to two more refunds.

There are AI-based systems that will detect patterns of friendly fraud like this before the merchants themselves ever could. So it always makes sense to analyze your data and take advantage of any services that provide this kind of analysis and fraud detection.

For example, analyzing the source of the friendly fraud orders may identify a social media coupon or special offer is the primary source. Canceling that advertising channel may be enough to put a stop to that friendly fraud.

Finally, remind customers that things like free trials are ending soon. A lot of friendly fraudsters are people who forgot to cancel their subscription before their free trial ended and so they issued the chargeback after they missed the deadline. As long as you have made an effort to notify the customer, in compliance with Visa and Mastercard’s rules, you have a valid defense that the customer should not be granted that refund.

You can fight friendly fraud and CNP chargebacks if you take these steps.

First, figure out which charges you should fight. It may not always be prudent to fight every charge. For one thing, you might challenge a legitimate chargeback, which can escalate and cause you a bigger headache. Plus, you might offend an otherwise-loyal customer who sees your challenge as a good reason to stop buying from you.

For another, not every fight is winnable, and you could invest more time and resources into cases that will return nothing anyway. You’ll lose more money than if you had done nothing.

Next, make sure you can fully defend yourself. Be sure you can show that you’ve done what you were supposed to do and that the fraudster actually did fall afoul of the rules.

If you offer a free trial as part of your subscription service, keep a copy of the email you send to everyone notifying them of the upcoming charge to their card. In fact, notify them twice and keep both copies. This way, you can show that you sent the emails (twice as many as required) and the customer ignored them.

In our above food example, implement a quality check by a manager, or attach photos of everyone’s order to their entry in your CRM database. Then, when someone claims they didn’t receive an item, you can include the photo that shows you did, in fact, include their cheesy bread.

There are more things you can do to fight friendly fraud and malicious fraud, and CB-Alerts can help. To learn more, please visit the CB Alert website.

Photo credit: Mohamed_hassan (Pixabay, Creative Commons 0)

Scroll to Top