Fraud prevention

Sellers beware: Getting to the bottom of first-party fraud

March 18, 2024 | By Christine Gibson

Business was booming for a well-known gourmet food vendor. The internet was bringing in customers from around the world — but it was also fueling a growing problem.  

The company was increasingly fielding requests from customers’ banks, demanding their money back. Their complaints had nothing to do with the food. Instead, the banks were upset about fraud. These callers insisted their credit card number had been stolen, and some thief had placed — and received — the order.  

At first, the company was happy to issue return payments. But when certain people made the same claim over and over, the vendor realized the supposedly stolen goods had gone straight into the cardholders’ stomachs — bypassing their wallets.   

When cardholders challenge genuine transactions, it’s called first-party misuse or “friendly” fraud, setting it apart from third-party fraud, in which a criminal pilfers a cardholder’s identity to make purchases for their own gain. Sometimes, first-party misuse is an honest mistake: The cardholder legitimately forgot about the purchase, or the merchant billed the charge under an unfamiliar name, leading to confusion. In other cases, the cardholder was unaware their child used their card without their permission.  

But sometimes the customer is intentionally trying to get credit for a transaction they authorized — perhaps regretting an impulse buy, or simply trying to get something for free.  

The damages add up. For example, a 2020 survey of merchants reported that 75% of disputes for subscriptions and digital goods, like e-books and online games, are first-party misuse. These disputes often result in chargebacks, the term for a charge being credited back on someone’s payment card. Even when a merchant avoids a chargeback at the end of a dispute, these situations are costly and time-consuming for them to fight.

“Businesses have the burden to prove the chargeback is not a legitimate dispute,” says Jeff Hallenbeck, head of payments at Forter, a fraud detection platform that makes instant, accurate decisions about chargeback legitimacy for its customers. “For most businesses, fighting the increasing number of first-party fraud chargebacks is both manual and expensive, especially for businesses with low margins.” 

Fees, penalties, lost revenue from the transaction and the merchandise, and the operational costs of reviewing, gathering evidence and responding to a chargeback can total more than twice as much as the actual transaction amount, Hallenbeck says.  

“Merchants have limited defenses in these disputes today, which leaves them vulnerable and exposed, ultimately undermining trust in e-commerce transactions,” says Dennis Gamiello, executive vice president of identity products and innovation at Mastercard. 

To further complicate matters, first-party misuse is very difficult to detect. Merchants have effectively combatted identity fraud with authentication solutions that spot potentially problematic transactions.  

But with first-party misuse, nothing untoward is happening — the customer is using their own card on their own device. It’s only later, when they dispute the charge, that red flags start to pop up. As it stands now, a merchant’s sole recourse is to blacklist repeat offenders.  

Businesses must respond to these disputes because for remote transactions — such as online purchases, phone orders and automatic billing — the burden of proof lies with the merchant. “It's a huge strain,” Gamiello says. 

Now Mastercard is working to combat this problem by launching the First Party Trust program, an AI-powered service where merchants can share information to prevent first-party misuse. Developed in collaboration with merchant industry groups, the program creates greater transaction transparency, optimizes approval rates and simplifies the dispute process by activating retailers’ most powerful protection against first-party misuse: data. 

Merchants have plenty of transaction information that is used to help recognize genuine purchases — geographic locations, account names, device specs and behavioral and physical biometrics — but lack simple ways to share data amongst each other and get protection from fraudulent disputes.   

The First-Party Trust program provides merchants with a secure channel for submitting pertinent information as part of a Mastercard transaction. Combined with Mastercard’s network-level analytics, this data will uncover insights into a cardholder’s purchase history and behavior that could indicate first-party misuse.  

Merchants can submit this information at the time of purchase or once a dispute arises. During the transaction, Mastercard’s advanced AI and risk modeling will use the data to enhance the detection of true third-party fraud — and bolster the case against dishonest chargebacks later on.  

By confirming the absence of any of the usual hallmarks of identity theft, the First-Party Trust program can expose first-party misuse.  

“The program gives issuers the data and confidence to have that sort of conversation with the cardholder. And we can spare the merchant, who has been overburdened with the cost of friendly fraud to date.” 
Sandy Condellire

By automatically collecting, organizing and parsing this data, the First-Party Trust program streamlines the chargeback process. When a customer contests a charge, Mastercard can use the information to make quicker liability decisions — without further demands on the merchant. If the analysis suggests first-party misuse, the issuer can also present that data to the customer to see if they want to cancel their claim.  

“The program gives issuers the data and confidence to have that sort of conversation with the cardholder,” says Sandy Condellire, Mastercard’s senior vice president for Cyber & Intelligence Solutions. “And we can spare the merchant, who has been overburdened with the cost of friendly fraud to date.” 

The program will launch in the U.S. later this year, and then expand to other markets around the world. The program is optional; if a merchant chooses to participate, they transmit the data using existing channels. Forter and Kount, an Equifax company, were among the first companies to sign on. 

The best way for merchants to manage first-party misuse, says Equifax’s Robert Painter, director, chargeback management sales for the digital solutions team, is with a well-rounded plan that includes clear and simple return policies, access to order and customer data, and advanced tech to assess disputes quickly. The new program, he adds, “is going to help us provide even greater value to merchants.” 

“We’re offering merchants flexibility, and enhanced security without adding friction,” Mastercard’s Gamiello says. “The program aims to eliminate this type of fraud from the ecosystem and create a more equitable and balanced system for everyone.” 

Christine Gibson, contributor