Can Distributed Ledger Technology Prevent Friendly Fraud?
You know how the old saying goes: give a person a Bitcoin and they might realize some short-term investment gains for a day; teach them how the blockchain works and they’ll understand a technology with a lifetime of potentially useful applications. Something like that, anyway. The real prize of the cryptocurrency boom may well prove to be the concept of the blockchain itself, or as many now prefer to call it, distributed ledger technology. As with any new technology, sorting out the genuinely good ideas from the hype can be difficult. Some companies are promising that DLT could be a solution for excessive chargebacks and friendly fraud, but is this a real answer or just more blockchain boosterism?
To give this question its due consideration, we have to take a few steps back and look at the history of credit card fraud and the payments industry’s attempts to fight it. When the EMV chip was introduced, it struck a major blow to the use of stolen cards in card-present environments, making it much harder for fraudsters to spend other people’s money at retail stores and other brick-and-mortar locations.
Not surprisingly, credit card fraud shifted heavily toward the card-not-present environment: the world of ecommerce. Unable to rely on physical EMV chips to screen out fraudulent transactions, online merchants and consumers were faced with a growing problem of low-risk, high-reward credit card fraud carried out over the internet.
The industry could see that ecommerce needed its own equivalent to the EMV chip, but turning an obvious idea into a usable product isn’t always a simple or straightforward process.
Where Does Anti-Fraud Technology Fall Short?
To stop card-not-present fraud in ecommerce, anti-fraud software was created that inserts itself into the checkout process and asks for additional verifying information from the consumer, such as a PIN or password or some other authenticating information that wouldn’t be stored with card and customer data. Verified by Visa and 3-D Secure were two of the most notable anti-fraud tools in this category, and they worked quite well at stopping low-effort fraudsters.
The problem was that consumers hated them. They slowed down the checkout process, demanded additional information from the consumer that they didn’t always have at hand, and they led to complaints, confusion, and abandoned shopping carts.
Faced with a choice between losing real customers and stopping hypothetical fraudsters, many merchants sided with their customers and disabled these anti-fraud tools.
Banks and card networks haven’t been quite so willing to give up on anti-fraud technology, and these tools have undergone improvements and revisions that make them less obnoxious to consumers. They’re also making them mandatory in some cases, or at least incentivizing their use.
In some regions, they have the power of the state behind them. In the EU, the revised Payments Services Directive is taking effect, and it requires merchants to use “strong customer authentication” for online payments. For most merchants, the easiest way to comply with this mandate is to use tools like 3-D Secure 2.0.
So, the solution may be less elegant than a single embedded chip, but ecommerce may have found its answer to EMV. Does that mean the fraudsters are out of options and will wither up and vanish? Not a chance, unfortunately.
Where Will the Fraudsters Turn?
We don’t like to pay compliments to fraudsters, but let’s face facts: they are resilient, they are persistent, and some of them are very clever. When one pathway to fraud is closed off to them, they find an alternate route. If online card-not-present fraud becomes too difficult to be worth their efforts, they’ll turn to a target that’s less regulated and less well-understood. Merchants are already dealing with this kind of fraud, some of it intentional, some not: chargeback fraud, better known by the deceptively innocuous term “friendly fraud.”
Chargebacks are easy to request, and most banks aren’t doing enough to screen customer disputes and verify that the customer has thoroughly investigated the transaction and contacted the merchant about it directly before pushing a claim through to the chargeback stage. Some consumers with otherwise good intentions engage in friendly fraud out of impatience, frustration, or confusion, but others do it on purpose, knowing how much easier it is to obtain a chargeback than it is for merchants to fight back and succeed in representing the charge.
Right now, friendly fraud isn’t the quickest, easiest, or most lucrative scheme for ambitious fraudsters, but as purchasing security improves, that may change, and we may begin to see much more organized and elaborate schemes for stealing money by manipulating the chargeback process.
How Can Distributed Ledger Technology Solve This?
And now we’re back to the big idea that launched this history lesson: the potential for DLT to prevent friendly fraud.
When cryptocurrencies were first introduced, users needed a way to record and validate transactions without having to rely on a centralized authority. The solution they came up with was the blockchain, an encrypted ledger of every transaction made with its associated cryptocurrency, updated in real time, with every user retaining their own copy. Unwieldy, perhaps, but it worked.
What some security experts are envisioning is a distributed ledger of “friendly” fraudsters who have abused the chargeback process. In this scenario, the blockchain effectively becomes a blacklist that merchants could refer to in order to preemptively stop known fraudsters from purchasing from them.
In order to be effective, widespread adoption of the ledger would be required, and to protect individual privacy it might be necessary to have a trusted entity involved in anonymizing and tokenizing customer data.
The hurdles to implementing this idea are not insignificant, but in order to make any real progress against reducing chargeback fraud, nothing less than big, bold ideas like this will suffice. Any merchant that has taken the time to analyze their chargebacks (and we strongly advise that every merchant do so) will know what a pervasive and costly problem friendly fraud has become, and right now there is little merchants can do about it but assiduously fight every friendly fraud chargeback that comes their way.
We would love to see a solution like this emerge and drive away the friendly fraudsters, but for nor we’re still very much in the conceptual phase. In the meantime, merchants should adopt the underlying premise and create their own in-house blacklist of friendly fraudsters—most of them will repeatedly target the same merchants over and over until their schemes stop working, so there is absolutely no reason to ever accept their business a second time.