How banks and fintechs can better identify and prevent friendly fraud

Picture this: In North Carolina, a cardholder claims one of their charges is an unauthorized transaction. Naturally, the dispute seems like an isolated event. But, before you know it, the culmination of many tiny incidents like this can result in a $25.3 billion industry loss. That's the underestimated cost of friendly fraud.

Beyond being underestimated, friendly fraud is also incredibly prevalent. A study by Sift revealed that 23% of consumers who submitted a dispute knowingly initiated false fraud claims on purchases they actually made. And unfortunately, friendly fraud doesn’t only affect merchants. Banks and fintechs also feel the pinch — losing revenue, valuable resources, their hard-earned credibility, and even customers.

So, what is the main challenge when it comes to friendly fraud prevention? It can be difficult to pinpoint if a customer genuinely made a transaction, or if it was unauthorized. As a result, banks and fintechs often send refunds without further investigation to avoid a lengthy dispute process that costs time and resources.

The best way to prevent occurrences of friendly fraud is through a strong fraud prevention system — like an Identity Risk Solution — that enables better fraud detection at origination and proactive ongoing monitoring.

Explore the nuances of friendly fraud below, then learn how fraud solutions can use more advanced AI tools to improve behavioral analysis and make it more difficult for consumers to commit friendly fraud.

What is friendly fraud?

Friendly fraud, also known as chargeback fraud, occurs when a customer disputes a charge on their card, citing a billing error, defective or missing goods, fraudulent charge, or an unauthorized transaction — even if they know the transaction is legitimate.

This type of fraud is called “friendly” because the customer’s claims seem believable and genuine, but they are misrepresenting their intent to pay. Ultimately, the cardholder committing friendly fraud intends to keep the purchase and their money.

Dig into the impact of different fraud types in Alloy's guide to common financial fraud

Individual reasons for committing friendly fraud could include:

• The consumer regrets making the purchase and wants to recoup their cost.

• The consumer is dissatisfied with the purchase, but they could not get a refund from the merchant, so they dispute the charge.

• The consumer simply wants to own goods and purchase services without paying for them.

Is all friendly fraud committed on purpose?

No, not all friendly fraud is initially committed on purpose. Sometimes, a cardholder will claim a transaction is unauthorized when, unbeknownst to them, someone else in their home made the purchase. Children even use voice purchasing features to buy themselves expensive gifts when adults are not in the room. (“Alexa, get me the PS5 from Amazon.”)

The cardholder could also simply forget that they made the purchase. Or, maybe they bought a sweater from an online retailer, and the package was delayed. They disputed the charge and got a refund, but then the sweater showed up on their doorstep a week later. (Would you report that mistake to your bank? Maybe not!)

In all cases — whether it’s accidental friendly fraud or not — banks and fintechs are hit hard, from the direct loss of funds to the added strain of allocating resources to investigate and recover these damages. The amounts accumulate quickly. According to Alloy's State of Fraud Benchmark Report, 70% of respondents lost over $500,000 through fraud in 2022. 27% of respondents lost over $1 million. This underscores the pressing need for fintechs and banks to adopt stronger fraud prevention strategies.

Download Alloy's State of Fraud Benchmark Report

How common is friendly fraud?

Unfortunately, friendly fraud is more common than you think. It happens across various industries such as travel, retail, and even gaming. It’s a particularly frequent occurrence in e-commerce. Globally, 40% of e-commerce merchants have been victims of friendly fraud. In the US, about 31% of all losses from online fraud were from friendly fraud.

Who suffers the cost of friendly fraud?

Friendly fraud affects merchants, issuers, and cardholders alike. Every time a merchant faces a chargeback, they don’t just lose money from the sale; they also pay a chargeback fee to the bank or fintech, enabling their payment processing. Additionally, if merchants have too many chargebacks, some payment processors might penalize them with a higher processing fee or drop them altogether.

Depending on the agreement between the merchant and the issuer, the merchant could pay up to $100 for each chargeback, and that doesn’t even cover the expenses the bank or fintech spends on these claims. So, not only do they dedicate significant resources to investigate the disputes, they risk losing small business customers as a result of this friction. If the chargeback process gets too frustrating for merchants, they might just go looking for a different payment processor.

Take, for instance, how Chicago restaurants fell prey to this scheme in 2022. Malicious diners enjoyed their meals, then turned around and contacted their banks, claiming those charges were unauthorized. These amounts don't seem significant individually, but if left unchecked, they quickly add up for the merchants, as well as the issuing bank or fintech. These restaurants may not have the manpower to dispute the customers' claims. So, the chargebacks, along with the fine charged by the payment processor, eat into the restaurant’s bottom line.

Finally, cardholders can also face the brunt of friendly fraud. Legitimate disputes can undergo lengthy, detailed scrutiny, and they might have to wait a long time to get their money back — or not get it back at all.

Why do banks and fintechs struggle to prevent friendly fraud?

Many banks and fintechs face the costly task of managing a multitude of card disputes. They are navigating complex operating systems, lacking efficient triage, and dealing with less-than-ideal quality assurance, among other issues.

For instance, there’s a lack of clarity in most banks’ operating models about which team is responsible for customer experience. This lack of coordination causes problems for customers and slows down dispute resolutions and credit processing.

Different departments — like the call center, dispute research team, and back office — do have opportunities for better collaboration. But if they are using disparate systems, they could each be maintaining their own data sets, or even creating different risk profiles of the same customer. As a result, they wind up locked within data silos that impede data sharing and analysis.

The law shields consumers

Although the Fair Credit Billing Act (FCBA) — the law that prevents unfair billing practices in the United States — was intended to protect consumers from unauthorized and fraudulent charges, many individuals misuse this trust and abuse issuers' zero liability policies. Banks and fintechs struggle to figure out precisely what happened in the aftermath of a disputed transaction, only having access to the limited information provided by the individual or business.

According to PYMNTS, "Online statements are less than clear, sometimes without explicit merchant identifiers or other hallmarks that can dispel any ambiguity. Starting and pursuing a dispute has a knock-on effect, as financial institutions…and merchants wind up incurring costs — in terms of time and money — to investigate the dispute."

However, some card regulations that prioritize consumer protection also provide guidance that can help banks and fintechs navigate the dispute process:

• Regulation E, which implements the Electronic Fund Transfer Act (EFTA), outlines the consumer responsibilities of reporting any unauthorized electronic funds transfers (EFTs).

• Regulation Z, which implements the Truth in Lending Act (TILA), requires lenders to resolve disputes in a timely manner, provide monthly billing statements to borrowers, and proactively notify borrowers any time their lending terms change.

When claims teams are more prepared to address disputes, they are also more prepared to spot outliers in consumer behavior. These guidelines help banks and fintechs to:

• Set consumer expectations

• Handle disputes with more consistency

• Set a baseline for how disputes should be resolved

• Potentially identify more indicators of friendly fraud in the process

Existing fraud models are flawed

Most fraud models are broken. When banks and fintechs only examine fraud at the transaction level, it puts them in a reactive position rather than proactively identifying and stopping friendly fraud. In the long run, this approach can result in losing merchant trust, credibility, and funds. Instead, they should focus on getting to know the person behind the transaction:

• Is the person's identity authentic?

• Are they using someone else's account?

• Have they committed, or are they planning to commit fraud?

• Historically, have they filed a large number of credit disputes?

Overall, this deeply flawed dispute cycle contributes to the rise in friendly fraud nationwide.

Why identity should be at the center of your fraud prevention strategies

How can banks and fintechs defend themselves against friendly fraud?

Friendly fraud prevention can be a real struggle. Some banks are adopting claims abuse procedures to keep track of the number of disputes filed for each customer, but they still get overwhelmed by the volume of disputes.

Again, the challenge of data silos comes up. When teams work in separate systems, they fail to see the complete customer profile. For instance, if a customer were to dispute a mere $150, the claims team handling the dispute might not notice that the fraud team also put a hold on a recent deposit due to suspicious activity. Likewise, if a customer filed a large number of disputes, and that information is tracked in the dispute claim system, fraud teams might not have access to those records.

This happens at banks and fintechs every day. The onboarding workflow determines a customer is low risk, while an ongoing monitoring workflow later picks up on suspicious behavior. When data insights are not shared, it gets in the way of catching friendly fraud. When claims and fraud teams have better context and access to customer data, they set better standards of normal customer behavior and spot red flags much faster.

The solution? Continuous and rigorous monitoring throughout the customer lifecycle

Thanks to modern identity risk solutions, you can now get a holistic view of your customer’s behavior. By blending biometric verification, behavioral analytics, fraud risk scoring, and historical fraud data analysis, these end-to-end platforms handle everything — from identity verification and fraud detection to credit assessment and compliance risk management.

What are the benefits of an Identity Risk Solution?

But it’s not always easy for banks and fintechs to integrate modern fraud prevention solutions into their existing tech stack. With Alloy’s Identity Risk Solution, there is no need to rip and replace, and you don’t have to be concerned about major overhauls.

For example, with Alloy Ongoing Monitoring, you can create a dynamic customer profile that continues to evolve with the customer journey. Combine the information you get during onboarding with continuous insights into their account activity.

That’s not all. Alloy also uses multiple data sources — both traditional data like personally identifiable information (PII) and newer data sources like cash flow data — to give a fuller and more precise view of each customer. Considering how many banks and fintechs struggle with data integration, Alloy’s Identity Risk Solution can be vital to increased efficiency, better allocation of time and resources, and greater customer experiences.

Proactively tackle fraud attacks using real-time actions like step-up verification or automated interdiction to hold payments, freeze accounts or payments, and block logins. Alloy’s experts are also available to help you analyze fraud attacks and refine your processes.