Card not present (CNP) fraud is on the rise. Fraudsters are adept and adapting to the paths of least resistance when it comes to scamming merchants, issuers and consumers. But there’s also a danger tied to “friendly fraud,” a $331 billion problem decimating revenues and trust in the eCommerce ecosystem, as Ethoca CMO Keith Briscoe tells PYMNTS.
In war, as in love, beware “friendly fire.” Or, in the case of eCommerce, beware “friendly fraud.”
The payments landscape is changing, moving ever more toward eCommerce and setting the stage for multiple forms of fraud.
In an interview with PYMNTS, Ethoca CMO Keith Briscoe said card-not-present (CNP) payments represent a “path of least resistance” for fraudsters. The shift in years past to Europay, Mastercard and Visa (EMV) cards with chips has eliminated many of the vulnerabilities from counterfeit cards presented by hackers at the register.
“The metaphor of fraud being like a balloon is often used,” Briscoe said, as “when one vector is shut down, it is going to bulge out in another area. Fraud does not completely disappear from the ecosystem” because one problem at one end of the spectrum has been addressed.
As real fraud is on the rise, so too are false declines, a casualty of merchant and issuer efforts to tamp down fraud in whatever form it may take. False declines lead to lost revenue — an estimated $331 billion problem. Some industry estimates suggest that for every $1 of confirmed CNP fraud, $13 in good transactions are falsely rejected. Other estimates are dramatically higher than that.
Transactions can be stopped for a variety of reasons, said Briscoe. When talking about a false decline, transactions can erroneously be rejected due to “the potential risk of fraud.” Maintaining a balance between letting a purchase go through or stopping it cold can be tough when merchants and issuers must make decisions about transactions “in isolation.”
Further complicating the issue is that “friendly fraud” — instances when consumers falsely claim a transaction is fraud when it is actually a legitimate purchase — creates noise in fraud detection platforms and results in more false declines. Ultimately, this leads to the primary concern for both card issuer and merchant: poor customer experience.
According to Briscoe, the industry conversation has shifted from the impact of fraud losses to customer acceptance and creating a frictionless experience for cardholders.
There’s another issue afoot, he said, and it includes catching real fraud before it happens. Consider the fact that when it comes to fraudulent transactions, 58 percent of the time merchants are not aware they are being duped, according to Ethoca. Merchants have a blind spot when it comes to the data and intelligence an issuer sees, Briscoe explained, and, “similarly, the merchant is doing all the same things — using a different set of fraud tools and technologies” than the issuer.
On the merchant side, in 19 percent of the cases in which the merchant has detected the fraud, the issuer was not aware of the nature of those transactions. Thus, communication is key between merchants and issuers, and yet, communication is lacking.
The chargeback process — the pipeline of communication between those stakeholders — was never meant to be a data-sharing mechanism, said Briscoe. It was, and still is, meant to manage liability and recovery of losses. Its inherent latency makes it highly ineffective for exchanging timely information that could actually be effective in stopping fraud and chargebacks. Through the traditional chargeback process, a merchant may have to wait four to six weeks to get that information. Through Ethoca’s real-time intelligence sharing, the merchant can instead obtain what it needs in minutes or hours.
Turning back to false declines and their impact on the consumer-merchant relationship, Briscoe noted customers usually have no idea why they have been declined.
When consumers are proverbially left in the dark, they are going to do one of two things: choose an alternative merchant website through which to buy the product they sought or — believing it was the payment card at issue — choose to transact with a rival bank’s card. This is particularly problematic as research shows 39 percent of cardholders will abandon a card after it is declined. Ultimately, consumers may look to cancel a card, setting in motion the friction of having a new card issued and possibly damaging the relationship in place with that bank.
Briscoe maintained that addressing false declines is about making sure revenue opportunities are not lost and customer experience is preserved.
Unfortunately, though, another problem is growing in scale and complexity via friendly fraud. He offered an example in which a cardholder’s son or daughter is making a purchase on that account, but the cardholder is unaware of just who is making the transaction. The child buys a game on a digital platform, it appears on the cardholder’s statement and the cardholder makes a call to the issuer because there is confusion about the purchase.
“In a lot of cases, it is just simple confusion, and [the account holder] does not recognize a transaction as [his or her] own,” Briscoe said.
Perhaps they simply might not be able to decipher the merchant descriptor. There are also nefarious actors who can exploit the chargeback system, which offers credits quickly once a complaint is made to the card issuer. Briscoe said friendly fraud can then run the gamut from the benign to the “more hostile end of that spectrum.”
The numbers are sobering. Of the fraud seen by these stakeholders in the eCommerce spectrum, up to 70 to 90 percent is friendly fraud, in some cases, with the remainder being genuine fraud. The merchant who feels it has sufficient evidence to reverse the chargeback and recapture the lost revenue can do so by initiating a representment. The evidence — from digital receipts to device-specific info, defined by Briscoe as “rich data” — is given back to the issuer through traditional payments rails. The downside of this process is that the damage of the chargeback still occurs and, if not managed responsibly, can create considerable operational pain for card issuers.
Ethoca seeks to bring that compelling evidence upstream to be presented the moment a cardholder is first on the phone with the issuer, Briscoe explained. Sharing of rich data at the moment when it’s most useful is the next step to recapturing the billions of dollars lost to false declines every year and ensuring the best possible customer experience. He noted that more of this capability will increasingly be available via digital channels — on a bank’s mobile banking app, for example — so a cardholder is always just a click away from potentially having more clarity on a transaction in question.
Fraud is likely to evolve along with all the data that is on the loose from innumerable breaches. Identity theft is going to be on the increase, Briscoe said, and he does not “see CNP fraud going away anytime soon. The fraudsters are adept at adapting — including, in some cases, the friendly fraudsters.”