Fraud comes in all shapes and sizes. It masquerades itself with synthetic identities while it uses traditional methods like phishing scams. If it’s still working, there’s still some use to it. And the aftermath can produce more damage than a merchant and a customer can bear. For instance, fraudsters target a handful of customers to steal their card information. They then use the information to authorize illegitimate transactions. Once the customer or merchant finds out about this activity, it will be too late. The fraudster gets away with stolen products, and the affected customers will file an array of fraud disputes. This puts you on the defensive, hoping that none of these disputes will issue a chargeback.
Fraud disputes are more virtuous in proving your innocence. That’s because there are higher standards for merchants to adopt the most robust methods in fraud prevention. Some of it also has to do with the liability shifts. Card networks such as Visa and MasterCard place more burden on merchants to secure and verify transactions. This applies to all merchants, whether it is the small businesses in Chester or the enterprises in London.
This is the part where I say there is hope to prevent these fraud disputes. But it will require some time to learn and apply new knowledge. Fortunately, Visa, MasterCard (Maestro; Cirrus), Discover and American Express have made their reason codes universal for cross-border transactions. So, whether your business relies on UK-US transactions, UK-Euro transactions, or UK-Global transactions, you’ll never be lost in transaction when it comes to dispute resolution.
Before I explain how to prevent fraud disputes, I want to first explain how you should respond to fraud disputes if they are filed to an issuing bank. It’s better to know what you could be facing in the worst case scenario. If you can prevent revenue loss from a chargeback, you’ll have a idea on what data can help you prevent fraud disputes.
The tables below explain all the fraud dispute reason codes you can expect from UK and US transactions. You can learn all the chargeback reason codes right here. Our guide lists the reason codes from the four major card networks: Visa, MasterCard, Discover and American Express. Here, we’re going to give you a sample of Visa and MasterCard’s fraud dispute reason codes. We’ll provide fraud prevention tips shortly afterwards.
Please note that ‘cardholders’ refer to customers who filed a fraud dispute to their issuing bank.
Visa Fraud Dispute Reason Codes
10.1 - EMV Liability Shift – Counterfeit Fraud
10.2 - EMV Liability Shift – Non-Counterfeit Fraud
10.3 - Other Fraud – Card-Present Environment
10.4 - Other Fraud – Card-Absent Environment
10.5 - Visa Fraud Monitoring Program
MasterCard Dispute Reason Codes
4837 No Cardholder Authorization
4840 Fraudulent Processing of Multiple Transactions
4849 Questionable Merchant Activity
4863 Cardholder Does Not Recognize – Potential Fraud
4870 Chip Liability Shift
4871 Chip/PIN Liability Shift
Keep in mind that dispute may issue a chargeback. But a chargeback is not an automatic loss. You can still defend your business with the advice above. The issuer will review your response and the customer’s dispute. If your response is valid, the issuer will reject the dispute or reverse the funds back to your merchant account.
Also, there are time limits to submit your response. The time limits start from the date you receive the dispute and chargeback.
How to Prevent Fraud Disputes
Now, we get into the good stuff: fraud prevention. How can merchants prevent these disputes from occurring in the first place? Here’s the first thing you should do:
Know Your Customers
You need to stay in-tune of their purchasing behaviours. What devices do they use to buy your products? Which cards place the order? How often do they place these order? These are three examples that help you understand your customer’s behaviors. And that brings you to three answers that distinguish their behaviour from potential fraudsters.
One way to understand your customer’s data is through a velocity check. This brings us to my second piece of advice.
Perform Velocity Checks for Fraud Prevention
We talked about velocity checks before on Our Blog. And its tips are timely for the 21st century. Velocity checks is when you monitor certain data elements that occur in certain intervals for a number of times. For me the element most useful is the timelyness, if a legitigate transaction was seen at 10 am in London and a second transaction was seen at 1 pm in New York, on the same day, it is clear that the genuine card holder could not physically move that quick, they could not cover that distance in 3 hours. Of course this only applies for card holder present transactions. Fraudsters commonly max out stolen cards as much as they can—and as quick as they can. But this behaviour may not immediately signal red flags. Instead, it may show purchasing behaviour that is strikingly different to the customers’ previous transactions. This should raise concerns when you see that deviation.
There is never one tool that can help you perform velocity checks. Focus Training & Solutions offers courses in risk management that are perfect for this task. And the Chargeback App can extract and aggregate transactional data for fraud analysis. It’ll be up to you to understand what problem you’re facing. And what tools you’ll use to achieve resolution swiftly and efficiently.
What Should I Be Looking For In Velocity Checks?
The data elements you’re monitoring should be regularly involved in transactions. Here are some common data elements for velocity checks:
- User ID
- IP address
- Email address
- Phone number
- Device ID / signature
- Credit card number / payment method
- Billing address
- Shipping address
- Physical distance between transaction
You’ll have more entries of some data elements over others. It depends on your business. But the goal is to monitor data elements that were involved in suspicious transactions. This includes customers who placed a large amount of orders and data elements that were shared across customer profiles.
How Should I Perform Velocity Checks?
Again, every business is different. And that means each business will have different encounters with some data elements. But every velocity check should include these variables as its framework: quantity, data element and timeframe. Here are some template research questions that frame your velocity check:
How many transactions has a customer completed in the last 24 hours?
- How much has a customer spent in the last 24 hours?
- How many transactions have originated from a single device in the last 24 hours?
- How many orders have been placed with the same credit card number in the last 24 hours? Has it differed with multiple shipping addresses?
- How many transactions have originated from one IP address in the last 24 hours?
- How often has it been used in within the last 30 days?
- What is the geographical spread of the transactions and, would it be possible to travel hat distance in that time?
The three variables may be framed differently, depending on your objective. But notice how:
- Velocity checks often start a question by asking ‘mow much’, ‘how many’ and ‘over what distance’. The research starts when you know the sum or volume of the data element(s).
- The sum of volume of the data element(s) is now under investigation. It may seem overwhelming at first. But you’ll know what to monitor after seeing an abnormality of shipping addresses, IP addresses, and the like.
- There’s always a specific time frame within a research question. This will help you identify suspicious activity that is being inserted by one customer. There may be multiple profiles in question. But the quantity of data elements may show an overlap between profiles. That may result in one person handling multiple profiles for fraudulent activity.
What Action Should I Take After the Velocity Checks?
You may take one action. You may take three. Here some examples that’ll help keep your business free from fraud disputes.
- There is a large amount of orders being shipped to a commercial address, not a residential address: Cancel shipments that have been shown to be fraudulent. Make sure you notify the customer about this suspicious activity and the action you’ll take.
- The customer recently purchased a lot of our products in the last 30 days. This is a contrast to her purchasing behaviors from the previous 30 days: Notify the customer via email or text, and inform her of this activity. If the customer has not authorized these transactions, refund him or her and delete the customer profile involved in the fraudulent transaction.
- The same IP address has appeared in different transactions over the last 30 days: Verify the customer’s frequent IP address. If it is different from the transactions in question, blacklist the IP address and refund the customer.
- As a rule of thumb, always have your payment gateway notify you of suspicious activities: It can take action to not approve designated data elements in designated time periods. That will prevent the transaction from being authorized.
The Chargeback App also helps merchants with post-transactional fraud. You’ll be able to refund customers who were fraud victims, prevent shipments and deactivate gift cards all in one place. It’s another useful to prevent fraud disputes. And if a fraud dispute has been filed, you’ll know how to respond with the tips above.
Alex Forbess is a content specialist for Chargeback.com, which specializes in automated dispute management and real-time resolution. The Chargeback App is designed for internal teams and partners to effectively prevent disputes from turning into chargebacks. And it has automated tools to help merchants draft compelling responses to prevent revenue loss.