First Party Fraud - New Visa Rules
The big problem with fraud is that it’s always changing forms. As soon as regulators and consumers get wise to a particular scheme and learn how to prevent it, the fraudsters come up with a new way to steal people’s money. Many forms of fraud involve exploiting the chargeback process, which is why the card networks keep handing down new mandates to get them under control. Next month, new Visa rules will be taking effect to deal with first party fraud. What is first party fraud, and what do merchants need to know about the changes Visa is making?
Merchants already know one of the more common forms of first party fraud, which we usually refer to as “friendly fraud.” In fact, they’re overlapping categories—friendly fraud can sometimes be the result of a genuine misunderstanding on the customer’s part, but first party fraud is understood to be intentional. The subset of friendly fraud that is committed knowingly—like when a customer regrets a purchase and disputes the charge by falsely claiming they made the purchase by accident, or that their child made the purchase without their permission—would be considered first party fraud.
This scenario might also be called “chargeback fraud,” but ultimately, first party fraud is any scenario where a cardholder disputes a legitimate transaction for the purpose of defrauding the merchant and keeping the goods they purchased. These chargebacks can be fought and beaten, but they take a lot of time and costs from the merchants and banks who have to contend with them.
What is Visa Doing about First Party Fraud?
Effective April 18, 2020, Visa will be enforcing new rules designed to stop first party fraud. These rules will primarily impact issuing banks and merchants.
Under the new rules, issuers will have to establish a process to substantiate cardholder dispute claims before they proceed to the chargeback stage. As things currently stand, customer service representatives at issuing banks may ask questions and attempt to dissuade customers from filing improper disputes, but policies and guidelines can vary from bank to bank.
Issuers will also have to create a formal review process for customers who submit excessive fraud claims. Customer accounts with more than 5 disputes filed under reason code 10 (fraud) within a twelve-month period will be subject to this process, which must involve assessing the claims and any related disputes in order to determine how future claims will be handled.
Card-not-present merchants who keep customers’ payment accounts on file will be required to establish transaction velocity limits, calculated based on their own fraud and dispute rates but not to exceed 25 daily transactions, in order to reduce instances of fraud. Transactions placed after the limit has been exceeded must be subject to additional authentication checks.
Merchants will also be required to stop engaging in transactions with customers they believe are committing first party fraud, and set up controls to prevent these customers from reopening accounts with them in the future. In cases where the first party fraud was the result of account takeover, the merchant must re-authenticate the customer before accepting orders from them again.
Visa will also start being more aggressive about enforcing the requirement that merchants put their contact information in the descriptor fields that are printed on cardholders’ account statements. This information is supposed to be added to the “merchant location” field so that cardholders have an easy way to contact the merchant when they’re reviewing their statements, giving them the chance to resolve any issues directly before getting the issuing bank involved. Visa will provide quarterly reports to acquiring banks to notify them about merchants with high dispute rates who are not complying with this rule. Fines and other penalties may be applied.
How can I prevent First Party Fraud?
It can always feel burdensome when the card networks start making up new rules for merchants to worry about, but remember the intent behind them. They’re trying to reduce fraud and chargeback rates, bring down the time and labor costs involved in dealing with them, and keep ecommerce flowing. When Visa tells you how you can help to accomplish these things, it’s good to follow their guidelines.
Merchants can also make use of tools like Visa Merchant Purchase Inquiry to provide real-time information about pending disputes, which is especially useful for stopping the kind of friendly fraud that comes about from genuine confusion. The more you can establish policies and procedures that reduce instances of “true” friendly fraud, the more resources you’ll be able to bring to bear on more sophisticated forms of fraud.
Merchants who deal with a lot of first party fraud, or who have difficulty determining whether they’re being impacted by malicious fraudsters or by erroneous acts of friendly fraud, may find it helpful to get assistance from a chargeback management firm that can really break down the data and run the analytics that reveal the true sources and root causes of chargebacks. This can help you clearly identify the changes you need to make and how to implement them in the most effective way.
Friendly fraud represents a significant problem for merchants. It’s typically the reason behind most of their chargebacks—as many as 60 to 70% in some industries. While first party fraud is only a subset of what merchants may categorize as friendly fraud disputes, it is a growing and pernicious problem, especially when a fraudster discovers a vulnerable merchant and keeps targeting them for as long as they can.
That’s why it matters when card networks take these problems seriously enough to revise their rules, and while it means more work for merchants, merchants stand to benefit greatly from any practices that make it harder for fraudsters to get away with their crimes. April isn’t far away, so make sure you’re ready to be in compliance with the new rules. Check with your payment processor to ensure that your customer service phone number is printed with your merchant descriptor, and verify that you’ll be able to put velocity controls in place when the time comes. Just remember that rules alone can’t stop all fraud, so be ready as well to fight back against illegitimate chargebacks when necessary—if you document the right evidence, you can win these fights.