Fraud Blacklists and Chargebacks
Getting the upper hand in the fight against chargebacks means using every tool at your disposal. The right tools, correctly applied, can make a dramatic difference to your chargeback rate, but using the wrong tool for the wrong job can actually make things worse.
Straightforward and easy to implement, fraud blacklists are used by many merchants who want a simple way to screen out likely fraud. Targeted blacklists may be able to stop repeat offenders, but cast too wide a net and you filter out legitimate customers. Are fraud blacklists really an effective tool to prevent chargebacks?
A fraud blacklist is a set of attributes associated with known fraudsters. If any incoming orders contain identifying information that matches the attributes on the blacklist, the transaction is rejected and the customer account is blocked from placing further orders.
In theory, fraud blacklists are an obvious solution. Why accept an order from a customer who is likely to be a fraudster? In practice, however, it’s difficult to create a blacklist that can be shared among different merchants that successfully blocks fraudsters without mistakenly blocking a large number of your real customers.
How Do Fraud Blacklists Work?
Fraud blacklists are built by analyzing cases of known fraud and identifying elements of customer data that can be reliably linked to fraud. This can include specific individual details, such as a fraudster’s name and aliases, or it can include whole blocks of network addresses or even entire countries.
These are the most commonly-used identifiers for fraud blacklists:
- IP address
- Email address
- Device fingerprint
- Customer geolocation
- Delivery location
There are various ways to implement a fraud blacklist, from manually checking orders against it to automating the process with your CRM.
However it functions, it’s important to remember that the blacklist has two important jobs to do. It has to block fraudulent orders, but it also has to let orders from legitimate customers through.
Creating a blacklist that balances these two tasks can be more challenging than it seems at first glance.
What Are Some Potential Problems with Fraud Blacklists?
The first problem with fraud blacklists is that fraudsters know exactly how they work and have all kinds of ways to get around them. Devices, IP addresses are easy to change, spoof, or hide with a proxy, and a new email address is always just a few clicks away. Proxies can also hide geolocation, and most experienced fraudsters will have multiple shipping addresses at their disposal.
The other problem with fraud blacklists can be even more dangerous to merchants. If you start using a fraud blacklist, you’ll start seeing orders getting blocked in real time—that’s proof that the blacklist is doing something. However, unless you closely examine each blocked transaction, you won’t know for sure if they were fraudsters or legitimate customers.
False positives are a huge drawback to fraud blacklists. Fraudsters use the same internet service providers as the rest of us, which makes IP blocking terribly inaccurate. Some countries and regions really do carry higher rates of fraud, but blocking those regions wholesale means cutting yourself off from all of the honest, good customers in those markets.
You might think that shipping addresses are specific enough to block safely, but fraudsters often request delivery to the same reshippers, office blocks, and apartment buildings as your regular customers.
Before implementing any fraud blacklist, you have to look at its filtering criteria and consider the potential impact it might have on your existing customer base.
Is There a Good Way to Use Fraud Blacklists?
The best use case for blacklists is when merchants create them based on experience with specific customers. Customers who hit you with friendly fraud chargebacks, for example, are great candidates for an internal blacklist.
Friendly fraudsters who get away with it once are likely to keep trying to get away with it, but they don’t tend to be as relentless as the fraudsters who commit card theft or account takeover attacks. Blocking these customers is usually the best way to get rid of them and avoid getting taken advantage of a second time.
Shared blacklists are much less reliable and far more likely to result in false positives that cause you to miss out on revenue and alienate shoppers who could have become loyal customers.
What about Whitelists?
If blacklists aren’t the ideal solution, what about taking the opposite tack—creating a list of known legitimate customer accounts and exempting them from your usual fraud screening and order review processes?
The big problem with this is that many of the most common forms of fraud—card theft and account takeover—will easily fool most whitelists. While they can indeed provide a more pleasant customer experience, this comes at the cost of making the merchant more vulnerable to fraud, not safer.
Merchants should always be on the lookout for tools, software solutions, and practices that will help them prevent disputes, reduce chargebacks, and keep their customers happy. We always advocate a multi-pronged approach to chargeback management, as it is a complex challenge that can come at you from many different directions and for a wide range of reasons. That means identifying the root causes of your chargebacks, tracing them to the specific vulnerabilities in your business operations, and addressing them with effective, targeted solutions.
Fraud blacklists are often the equivalent of using a ten-pound mallet where a precision instrument is needed. You might squash the fraud, but you’re going to have a negative impact on a lot of your real customers at the same time. With the right analytics, you can develop a chargeback management strategy that brings down your fraud and chargeback rates without causing collateral damage to legitimate orders.