ValueWalk’s Q&A session with Monica Eaton-Cardone, the COO, Co-Founder of Chargebacks911. In this interview, Monica answers questions on disputes and chargebacks, how consumers can be safe online, FTC’s and CFPB’s part in fighting e-commerce fraud, comparison of secure payment options, and which sectors suffer from fraud.
- Can you tell us about your background?
I first started as an eCommerce merchant in the early-2000s. I was selling products online at the time, but was increasingly seeing problems with chargebacks. I realized that I wasn’t alone in that predicament, and launched a chargeback consultancy service in 2009 to help other merchants deal with the problem. By 2011, my consulting business grew into Chargebacks911.
- Can you break down the common terms in e-commerce payments, including dispute, chargeback, friendly e-commerce fraud, etc.?
“Dispute” and “chargeback” are more-or-less synonymous terms. What typically happens is that the cardholder in question disputes the validity of a charge, and the bank overturns it on the cardholder’s behalf. The problems arise, however, when customers file disputes without the proper justification. This is what we refer to as “friendly e-commerce fraud;” based on our research, friendly fraud constitutes a majority of the chargebacks the average merchant faces.
- What are common mistakes consumers make that leave them open to fraud, including using mobile apps to order food, ordering online, loyalty programs, etc.?
I think the most common misstep is using weak passwords, or relying on the same password for multiple accounts. Beyond that, though, consumer trust is a big issue…specifically, having too much of it.
Phishing is one of the most common tactics employed by fraudsters to steal customer information. The fraudster could impersonate a trusted party and reach out to a consumer, or perhaps set up a dummy site designed to fool users into entering their login information. In either case, the goal is to trick the user into handing over their information to a bad actor.
Consumers should be more skeptical before divulging any personal information online, and should familiarize themselves with the telltale signs of online impostors.
- Is the FTC doing anything about e-commerce fraud?
The FTC has taken some action, such as setting up an online portal to report fraudulent attacks. They’ve been surprisingly laissez-fare regarding online e-commerce fraud overall, though.
Unsurprisingly, the card payment industry likes to avoid oversight and regulation wherever possible. This is what drove the EMV liability shift back in 2015. In dealing with friendly fraud, I’ve pushed for collaboration between banks, card schemes, and merchants to address the problem in order to avoid the need for FTC oversight.
- What about CFPB?
Much like the FTC, the CFPB hasn’t done as much to counter e-commerce fraud as you’d expect. That said, there’s not really a whole lot they could do anyway.
They engage in consumer education, but their ability to really fight online fraud is limited. Fraudsters employ a wide variety of tactics, and they’re typically not identified until some amount of damage has already been done.
- Are some payment sources more secure from a fraud perspective than others, i.e. Apple Pay vs. Visa?
Mobile wallet tools like Apple Pay and Samsung Pay actually offer significant fraud protections for users. These tools employ the same tokenization technology as EMV chip cards, which standard card-not-present transactions do not do. Plus, mobile wallets also utilize two-factor authentication; the user must unlock the device, then provide an additional identity verification to authorize the transaction.
- From a consumer point of view, American Express seems to offer the most protection. Do you think they are overdoing it?
It’s important to note that American Express is both a card brand, as well as its own card-issuing bank. As such, Amex has even more leeway than card schemes like Visa and Mastercard to determine e-commerce fraud protections. I wouldn’t say they necessarily “overdue it;” comprehensive fraud protection for cardholders isn’t a bad thing in a vacuum. The problem is that we don’t clarify or define customer expectations. Customers expect that they won’t be liable for fraud, which is one of the main contributing factors in the epidemic of friendly fraud.
- From a consumer perspective, do credit card schemes differ in how they handle disputes?
On the consumer’s end, there’s no meaningful difference. Behind the scenes, though, we have to acknowledge that brands which are both issuer and card scheme have a vested interest in keeping cardholders happy. It’s possible that customers could see better outcomes if that’s the case.
- What can be done to stop unethical buyers from taking advantage of small businesses?
What we really need is an overhaul of the chargeback process. It’s a long overdue notion, given that chargebacks were developed for a pre-eCommerce age, and aren’t adapted to the demands of a dynamic, online marketplace. Recent policy changes like Visa Claims Resolution and Mastercard Dispute Resolution are positive developments. However, they’re not enough on their own to contend with billions of dollars in annual losses due to chargeback abuse.
One idea I’ve proposed in the past is to establish a consumer “dispute credit score.” This would make it easier to identify and flag potential chargeback abuse at the card scheme level.
- What are Visa and MC doing with their dispute resolution initiatives? Do their approaches differ? If so, how?
Rollout of the Mastercard Dispute Resolution initiative is still ongoing, and the process is being refined as the rollout progresses. From what we know thus far, Mastercard are refining their reason code list, eliminating redundant or often-abused reason codes. There were other changes too, such as instructing issuers to check for refunds or reversals before filing a chargeback, so as to prevent unjust enrichment.
Visa Claims Resolution has thus far proven to be a bit more comprehensive. Visa’s goal was to speed up resolution times, while also promoting more accurate decisioning. This is achieved through use of the Visa Resolve Online system and the VMPI plugin. In theory, at least, this makes it possible to resolve many chargebacks instantaneously through automated decisioning.
- From a merchant perspective, do the credit card networks differ in handling what the merchant contends is a fraudulent dispute?
Again, the two do have different processes, at least initially, due to Visa’s use of the VMPI plugin. If the merchant contends that a dispute is friendly e-commerce fraud, though, the processes between two the card schemes remain largely the same. The challenge for merchants is navigating the rule sets imposed by each card scheme, which will vary in the finer details.
- Which sectors have the most e-commerce fraud and why?
Digital goods tend to be a very high-risk vertical, as are subscription-based models. In the case of the former, digital goods are intangibles, and are increasingly dominated by microtransactions. It’s easy for users to claim they never received an item when the item doesn’t physically exist. For the latter, consumers can often see chargebacks as an easy option to end an ongoing billing process, especially with free trial offers that rollover into subscriptions.
- How do the tech giants play into this issue?
We saw Facebook receive a lot of blowback earlier this year for recommending developers not try to prevent users from making in-game purchases that might devolve into chargebacks. While this looks bad, it’s not that unreasonable. Like other businesses, tech giants like Facebook and Google find themselves trying to maintain a difficult balance. Ease of use on their platform and due diligence come to be perceived as conflicting forces in that regard.
- What about big online processors like Paypal and Stripe?
Like the merchants they serve, processors are also subject to chargeback rules. We have to remember that processors and acquirers are ultimately liable for chargebacks involving the merchants with which they contract. So, when merchants receive too many disputes, processors have a vested interest. They have to choose whether to work with the merchant…or simply cut them loose.
- What trends are you seeing in e-commerce fraud?
Account takeover has been the hot topic in fraud for the last year or two. It’s still growing at a rapid rate, causing a lot of trouble for online merchants. In response, there’s a lot of interest in two-factor authentication. In Europe, for example, the new PSD2 regulation stipulates the need for two-factor authentication (2FA). The rule demands that businesses verify users based on at least two of three indicators: something the user knows, possesses, or inherently has, like a biometric scan. While this rule doesn’t necessarily apply to US merchants, I think it’s only a matter of time until 2FA becomes standard.
- Anything to add?
I want to stress the need for ongoing changes to the chargeback process. Policies like Visa Claims Resolution and Mastercard Dispute Resolution are a good starting point, but we’ll need a lot more if we’re going to achieve meaningful change. Chargebacks, as they exist now, simply aren’t designed to be responsive to the demands of a digital economy.
What we need before anything else is standardization. We need a collaborative effort involving merchant representatives, banks, and card schemes, who can develop fair and widely-applicable standards and procedures. Until we have more uniformity in the chargeback process, it’s going to remain a largely subjective and poorly-executed exercise.