Security & Fraud

Unfriending The Friendly Fraudster

dark web computer

When most people hear about online fraud, they tend to think about what Noa Kalechstain, Riskified’s head of chargeback recovery, calls “classic fraud,” she explained in a recent conversation with PYMNTS.

That classic fraud entails a thief swiping a card or buying a card number off of the Dark Web and using it to make a variety of online purchases. It has attained the status of “classic” because fraud using stolen financials is the most prevalent type.

While there is no “good” news about fraudsters taking shots at a merchant’s website, this type of fraud does have the benefit of being so prevalent that payments players have several tools at their disposal to mitigate it. Such a feat is possible because fraudsters have a persistent tendency to give themselves away by doing things that look “wrong” over the course of making the purchase, Kalechstain said.

Those “wrong” factors include the wrong IP address for the device from which the order is coming, the wrong shipping address or even the wrong order in the form of a customer suddenly spending a lot on a website he’s never visited before. All these things and a host of others go up like warning flares when firms like Riskified are reviewing transactions. But, what can be seen can be stopped, according to Kalechstain, and often before the fraudulent order is ever made and a chargeback is initiated by a disgruntled customer whose card has been stolen.

While classic fraud remains a common battle in the war on chargebacks, another fraud front is becoming more active. As it turns out, sometimes the customer is not the victim of a fraudster. Sometimes the customer is the fraudster.

Friendly Fraud: Mistakes and Liar Buyers 

Friendly fraud, Kalechstain explained, has two different settings.

The first is best known as unauthorized card use and can be categorized as unintentional. It is also the form of friendly fraud most familiar to any parent who has ever left his or her tablet unattended for too long, only to discover at the end of the month that a child purchased a few hundred dollars’ worth of gaming apps.

The more pernicious form of friendly fraud is the kind that involves the “liar buyer,” a consumer who orders an item, receives the package, uses the good and then calls to report the charge to her credit or debit card company as fraudulent. She keeps and enjoys the item while the retailer eats the cost.

“Unauthorized card use and friendly fraud look exactly the same,” Kalechstain emphasized. “Detecting this type of fraud before the purchase is made is nearly impossible because there is nothing wrong with the transaction — the transaction is good. It’s the buyer that’s bad.”

This doesn’t mean retailers should simply resign themselves to fraud, however. According to Riskified, it means they should focus more on fighting friendly fraud chargebacks when they happen.

Fighting the Bad Buys

Friendly fraudsters understand the chargeback system was designed to protect buyers and not sellers, according to Kalechstain, and have committed to exploiting that asymmetry. They know claiming fraud will often be enough to get a charge removed from their accounts simply because fighting customers would be a hassle.

“The process as a whole is tedious and requires collecting a lot of data,” Kalechstain said. “The merchant has to build a very cohesive story about the person who owns the card and prove that they placed the order and received the good. That means a lot of data points.”

Those data points do exist. Sometimes fraudsters themselves supply them to the world. One favorite case of Kalechstain’s involved a young man who called in to angrily report that concert tickets had been falsely ordered in his name and that he had received no such tickets — only to post a picture of himself at the concert on his social media accounts a few hours later.

No, Riskified didn’t hack his computer to see those photographs. The company simply observed the images this consumer chose to make public online.

“Friendly fraud can be challenging to prove, though fraudsters will often help us out by being incredibly stupid and reckless at times,” Kalechstain said. “They give us lots of evidence of their crime.”

But even when the evidence isn’t quite so damning, there’s still plenty of data on hand to push back against a bad charge.

The goal for Riskified, when it pursues a friendly fraud charge, is to connect the item purchased on a card to the consumer who owns the card. An order made from the “right” device — one with an IP address that matches previous valid offers — and sent to the “right” address is a good start, Kalechstain noted. From there, having determined that the customer has ordered and received a good, the goal is then to prove the customer is out in the world actually using it.

To get to that outcome, Riskified’s solution collects and analyzes dozens of data points for every transaction, laying the groundwork to successfully dispute chargebacks on behalf of its merchants and reducing both operational costs and resources spent on the tedious process of providing compelling evidence.

“We think it is really sad that there are people in the world that … [take] advantage of this system,” Kalechstain said. “This is a trust-based system, and we think it’s important to make sure it stays trustworthy.”

Fighting Friendly Fraud the Smart Way

There are some specific cases in which pursuing the chargeback fight might not be worth it, or might require a bit more finesse in the solution.

This is particularly true in cases where there has been an unauthorized use situation: A customer calls to report fraud, completely unaware his child has gone on a Candy Crush buying spree.

No retailer is benefited by liar buyers who, at their core, are the same types of players in the marketplace as the fraudster who swipes a card or buys a card number off the Dark Web. Both are thieves who want to exploit a system for their own benefit.

Firms have reason to fight them and to convince them that attempting to steal will not be easy or go unchallenged. It’s more work on the front end, Kalechstain explained, but it makes a better market on the back end.

“The end goal we want is to decrease fraud throughout the market, wherever it occurs and whoever is doing it,” she concluded.

For additional insights on how Riskified fights chargebacks, and the steps merchants can take to protect themselves, download Riskified’s Chargeback Dispute Guide.

——————————–

Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The May 2019 AML/KYC Tracker, provides an in-depth examination of current efforts to stop money laundering, fight fraud and improve customer identity authentication in the financial services space.

TRENDING RIGHT NOW

To Top