Visa: Compelling Evidence 3.0 Will Blunt ‘Friendly’ Fraud

Transaction disputes are massing across digital channels.

Mike Lemberger, head of risk for North America at Visa, told PYMNTS that friendly fraud, also known as first-party fraud, accounts for as much as 16% of fraud disputes, as estimated by Merchant Risk Council.

With a nod to how fraud has been evolving, Lemberger said, “The term first-party fraud came out years ago” and initially referred to parents finding out that their kids, or other relatives, had charged items to their elders’ cards — and the items showed up (surprise!) on the monthly billing statement.

But now, he said, fraudsters have been looking at the way the commerce ecosystem has protections in place — where networks such as Visa have zero liability policies. Those policies represent a guarantee by the card issuer that cardholders are not responsible for unauthorized charges processed on the network.

“If the transaction is not authorized, you have a right to dispute it and get the funds back,” he said.

Getting Away With the Disputes

What about the bad actors or even just the customers who suddenly have buyer’s remorse? Well, they’ve been busy finding ways to game the system — disputing legitimate transactions, keeping their ill-gotten gains, and getting the payments reversed.

The best lines of defense against those attempts — and against genuine confusion from legitimate, good customers — said Lemberger, can be built only if “everybody’s clear on what was purchased, when it was purchased, how much it was purchased for.”

All too often, he said, it’s hard to pin down exactly what happened. Online statements are less than clear, sometimes without explicit merchant identifiers or other hallmarks that can dispel any ambiguity. Starting and pursuing a dispute has a knock-on effect, as financial institutions (FIs) and merchants wind up incurring costs — in terms of time and money — to investigate the dispute.

“Each one of those disputes may have different outcomes, but at the end of the day, it is our job as an ecosystem to try and make the experience as best as possible and close either loopholes on one side, or put clarity on the other side so that we are eliminating the real fraud as well as lowering the cost of transacting,” he told PYMNTS.

To that end, he said, Visa’s “Compelling Evidence 3.0” (CE 3.0) — a change to its dispute program that is now in effect — can help streamline and improve those processes.

The company has said that merchants need to show two key pieces of information: an established historical footprint between the cardholder and the merchant, and key identifying fields that match across the historical transactions and the transaction being disputed. The key fields include user ID, device ID, IP address, or shipping address on at least two nonfraud transactions occurring between 120 to 365 days prior to help prove the historic connection to the cardholder and the newer transaction that is being called into question.

Lemberger told PYMNTS that merchants have rich data on hand, gleaned from strong relationships with consumers that in turn can be shared with issuers to make sure the right dispute decision is made. Operational costs can be increasingly taken out of the equation as more processes become automated with enriched data.

“We also can [with this collaboration], start to build a practice that understands when fraudsters are coming into the network, and we know that they are coming in and trying to game the system,” he said. “If we’re properly sharing that data, we can start to catch them, and we can then start to turn it back ‘onto’ them and say, ‘Hey, wait a minute. We know you were here; we know you made this purchase.’”

CE 3.0 makes it possible — at the point the dispute is lodged — to turn it down, to show that the compelling evidence is so overwhelming that the transaction cannot be in contention, he said. The reasons can be displayed to the cardholder in an issuer’s banking app or over the phone by an issuer representative (which in turn lowers the operational costs). Therefore, the transaction would remain on the cardholder’s statement and intact for the merchant.

Looking ahead to the embrace of CE 3.0, Lemberger said that merchants have been working with their acquiring partners to collect the data and information that needs to be available across the ecosystem.

“We’ve spent the better part of a year working with the industry to make sure they are ready for the April 15 deadline,” he told PYMNTS.

At-scale friendly-fraud dispute prevention won’t happen all at once — and there will be a gradual rollout as merchants increasingly share historical nonfraud transaction data, he said. As time goes on, there will be CE 4.0 and 5.0 as the payments and commerce systems evolve.

No matter which iteration of compelling evidence Visa updates, “it will always be about securely sharing data to verify that transactions were initiated at the right places by the right people,” Lemberger said. “And the fraudsters will know that their chances of getting away with something diminish with the way that we’re passing data” between merchants and issuers.