First Party Fraud - New Visa Rules

Table of Contents

1. What is first-party fraud?
2. What is Visa doing about first-party fraud?
3. How can I prevent first-party fraud?
4. How do you fight chargeback fraud?
5. Who is liable for chargebacks?
6. Do companies get charged for chargebacks?

One of the major problems with fraud is that it’s always changing forms. As soon as regulators, businesses, and cardholders get wise to a particular scheme and learn how to prevent it, the fraudsters come up with a new way to steal people’s money. Many forms of fraud involve exploiting the chargeback process, which is why the card networks keep handing down new mandates to get them under control. In 2020, new Visa rules took effect to deal with first-party fraud. What is first-party fraud, and what do merchants need to know about the changes Visa made?

Note that the term first-party fraud is also sometimes used for cases where a fraudster obtains credit from a bank using false information such as a stolen or synthetic identity, with no intention of paying back the money they spend. That's not how Visa is using the term, however.

While the terms first-party fraud, chargeback fraud, and friendly fraud are often used interchangeably, there is sometimes a distinction drawn between the latter two terms:

• Chargeback fraud is when a cardholder willfully attempts to defraud a merchant by making a purchase with a credit card and then disputing the purchase through their issuing bank. This tactic is often successful because many merchants don't fight chargebacks.
• Friendly fraud is often used to describe cases where the illegitimate chargeback is born of ignorance rather than malice. Perhaps a child accidentally made a purchase through an app, and rather than seek a refund through the merchant, the cardholder went to their bank. In other cases, the cardholder might not recognize a legitimate charge on their account statement, or might have forgotten about a recurring transaction they agreed to.

Since any illegitimate chargeback will have a reason code that doesn't align with the actual reason the customer filed the chargeback, it can be difficult to distinguish between these types of fraud. It takes work to effectively analyze the root causes of chargebacks to help prevent future ones.

Fortunately, you don't need to know the exact reason an illegitimate chargeback was filed in order to fight it, so long as you can provide evidence proving it's illegitimate. That evidence should be tailored to the reason code of the chargeback rather than its root cause.

What is Visa doing about first-party fraud?

Effective April 18, 2020, Visa began enforcing new rules designed to stop first-party fraud. These rules primarily impact issuing banks and merchants.

Under the new rules, issuing banks had to establish a process to substantiate cardholder dispute claims before they proceed to the chargeback stage.

Previously, customer service representatives at issuing banks could ask questions and attempt to dissuade cardholders from filing improper disputes, but policies and guidelines varied from bank to bank, and some banks accepted disputes with no evidence or investigation.

Now, all banks are required to make some attempt to determine a dispute's legitimacy before accepting it. While this doesn't mean illegitimate chargebacks will never go through, it should at least reduce their number a bit, especially in cases of friendly fraud.

Issuers also had to create a formal review process for cardholders who submit excessive fraud claims. Customer accounts with more than 5 disputes filed under reason code 10 (fraud) within a twelve-month period are subject to this process, which must involve assessing the claims and any related disputes in order to determine how future claims will be handled.

Cardholders who are found to have filed several illegitimate chargebacks may face a more thorough investigation of any future disputes they attempt before those disputes are approved. They can't be blacklisted from disputing charges entirely, however, since that right is enshrined into federal law.

Card-not-present merchants who keep customers’ payment accounts on file must establish transaction velocity limits, calculated based on their own fraud and dispute rates but not to exceed 25 daily transactions, in order to reduce instances of fraud.

Transactions placed after the limit has been exceeded must be subject to additional authentication checks.

Merchants are also required to stop engaging in transactions with customers they believe are committing first-party fraud and set up controls to prevent these customers from reopening accounts with them in the future. In cases where the first party fraud was the result of account takeover, the merchant must re-authenticate the customer before accepting orders from them again.

Visa has also started being more aggressive about enforcing the requirement that merchants put their contact information in the merchant descriptor that shows up on cardholders’ account statements. This information is supposed to be added to the “merchant location” field so that cardholders have an easy way to contact the merchant when they’re reviewing their statements, giving them the chance to resolve any issues directly before getting the issuing bank involved.

Visa will provide quarterly reports to acquiring banks to notify them about merchants with high dispute rates who are not complying with this rule. Fines and other penalties may be applied.

It can always feel burdensome when the card networks start making up new rules for merchants to worry about, but remember the intent behind them. They’re trying to reduce fraud and chargeback rates, bring down the time and labor costs involved in dealing with them, and keep eCommerce flowing. When Visa tells you how you can help to accomplish these things, it’s good to follow their guidelines.

Merchants can also make use of tools like Order Insight to provide real-time information about pending disputes, which is especially useful for stopping the kind of friendly fraud that comes about from genuine confusion. The more you can reduce friendly fraud, the more you can focus on other types.

Merchants who deal with a lot of first-party fraud, or who have difficulty determining whether they’re being impacted by malicious fraudsters or by acts of friendly fraud, may find it helpful to get assistance from a chargeback management firm that can really break down the data and run the analytics that reveal the true sources and root causes of chargebacks. This can help you clearly identify the changes you need to make and how to implement them in the most effective way.

Friendly fraud represents a significant problem for merchants. It’s typically the reason behind most of their chargebacks — as many as 60 to 70% in some industries.

Chargeback fraud is a growing and pernicious problem, especially when a fraudster discovers a vulnerable merchant and keeps targeting them for as long as they can.

That’s why it matters when card networks take these problems seriously enough to revise their rules. While it means more work for merchants, merchants stand to benefit greatly from any practices that make it harder for fraudsters to get away with their crimes.

Check with your payment processor to ensure that your customer service phone number is printed with your merchant descriptor, and verify that you have velocity controls in place. Just remember that rules alone can’t stop all fraud, so be ready to fight back against illegitimate chargebacks when necessary. If you have the right evidence, you can win these fights.

FAQ

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions, or requests for advice to: win@chargebackgurus.com