As Michael Corleone said in the “Godfather II” movie: “Keep your friends close and your enemies closer.” As it turns out, those words were not only prescient for the Corleones, but they’re also relevant for the far more modern world of payment fraud. Because sometimes, what can appear to be a friendly customer is actually an enemy in disguise. Such is the ever-expanding world of friendly fraud.
As Kount Vice President and Senior Customer Experience Leader Rich Stuppy told PYMNTS in a recent conversation, friendly fraud is another burden in an unusually difficult year. As consumers moved to digitally pivot and merchants upped their digital game by adding features like online ordering, delivery and curbside pickup, fraudsters proved to be willing and enthusiastic to go along for the ride.
“There are now multiple attack vectors going on here,” Stuppy said. There are simple, old-school fraud methods, but lately, it gets a lot more complicated. One of the unique scams Kount follows is the “pizza plug,” wherein a consumer is offered the ability to buy $100 worth of food for a much smaller charge, usually on a social media platform like Facebook or Twitter. Whether the buyers consciously realize it or not, noted Stuppy, they are part of a fraud in progress.
“And what happens is, they’ll pay the money and place the order. And then the charge goes either to an account that was taken over or to a new account that was created with a stolen card – it happens a lot of different ways,” he explained.
No matter how it goes, the restaurant‘s outcome is always the same: They are on the hook for the bad sale, out the product and the money. But among all the fraud vectors out there, said Stuppy, friendly fraud in all its myriad forms is often the most insidious and the hardest to combat. When a customer calls up and says they never got a package they did receive or that their order was incomplete or charges on their card they don’t recognize, that will end in a refund or a chargeback. It’s a great solution if the claim is legitimate — but it’s a major source of loss for retailers when consumers are taking advantage of the customer-friendly chargeback process in an attempt to get something for free.
And friendly fraudsters, once they get away with it once, tend to try it again and again.
The good news, said Stuppy, is that they can be stopped — but it does require more work. On the issuer end, that can mean better post-dispute resolution services. Stuppy mentioned “conscience API (application programming interface)” to help remind consumers that friendly fraud can be pinpointed by looking carefully at the data — it’s not quite the invisible crime it has historically been.
“Better post-dispute data allows the issuers to ask the consumer some questions, like ‘we show that it came to this location, is that your address?’” Stuppy said. “When the customer says yes, it can then be pointed out that this address matches your account and that the order was made with a matching email and phone number. I jokingly call it conscience in an API because suddenly people remember that they did in fact order that thing, and they are not going to get away with it because somebody’s got their eyes open.”
But not everyone goes to the issuer to report a chargeback, he noted — in a lot of cases, the friendly fraudster goes back to the merchant to demand a refund for their “incomplete” or “incorrect” order, knowing that the old “customer is always right” attitude means they probably won’t get a lot of pushback from a merchant trying to optimize the consumer experience.
But that can also be managed by keeping track of customers’ usage behaviors, said Stuppy. Anyone can legitimately have an order go wrong or not show up, but when it happens multiple times to the same customer, the smart play might be to add a bit more friction to the process in a way that subtly encourages them to not try again.
“In sort of a policy engine, there should be rules that say we’ll allow one or two refunds, but after that, we’re going to do something else,” he said. “That ‘something else’ might be an extra step before concluding the transaction that makes the customer confirm their intention to complete the order successfully. That tends to put a memory marker in people’s heads that tells them the merchant is serious and is watching how often the customer is asking for refunds and makes them think it’s a better idea to handle this in a legit way.”
These solutions aren’t magic bullets that will stop all friendly fraud in its tracks. But these kinds of macro-steps do have the benefit of discouraging friendly fraud and preventing it once it’s already in action because they convince the potential fraudster that their efforts likely won’t succeed.
According to Stuppy, the key to battling fraud in all of its forms, friendly and otherwise, is data. When one really understands the customer journey, he said, it is possible to start “plumbing in” controls and collecting relevant signals to guide customers’ experience based on their relative risk or safety. It is only through collecting that data and reading those signals that the good guys have any chance of getting ahead of fraudsters in the ongoing game of cat-and-mouse that defines today’s digital security ecosystem.
“ I like to let the restaurant owners know that I feel for them and that we’re trying to do what we can do to help them,” said Stuppy. “People need to understand that this stuff is a crime and it’s wrong, and we need to stop it.”