The surprising chargeback prevention solution for merchants

Chargebacks have long been a thorn in the side of merchants, but as online shopping continues to grow, merchants are faced with increasing challenges protecting their bottom line. It’s projected that global chargeback transaction volumes will reach 337 million by 2026, amounting to a staggering $15.3 billion in losses. Despite the fact that 34% of these chargebacks are due to fraud, every incident can result in your business having to pay a $20 – $100 per transaction fee. This penalty is in addition to the lost profit from the sale, the processing fees, and the marketing capital invested to convince customers to make a purchase in the first place.

Over time, a high volume of chargebacks erodes trust in your brand, causing further revenue loss. To add insult to injury, card issuers require businesses that reach a threshold of disputed transactions to join fraud monitoring programs that often involve additional fees and the implementation of costly fraud-prevention measures.

Thankfully, there are steps businesses can take to prevent and reduce fraud-related chargebacks. Read on to learn more about preventing chargebacks, how they’re connected to account takeovers, and discover ways to protect your customers and your business.

Common chargeback prevention solutions

There are three main chargeback prevention solutions that businesses typically rely on to mitigate the threat of chargebacks:

Payment verification

• Payment verification systems are designed to ensure accurate processing. For instance, card verification value (CVV) checks are commonly implemented in eCommerce marketplaces. This is intended to check if the customer is in possession of the physical card at the time of a transaction. Secure payment gateways and address verification services (AVS) are other examples of these payment protection and verification processes. However, assessing risk only at the point of payment is not enough, as attackers have access to comprehensive data sets that belong together, such as names, addresses, phone numbers, and card details. This weakness can lead to false positives that cost you money and good customers, or false negatives that entail processing fees and chargebacks.

AI and ML capabilities

• Increasingly, solutions with AI and machine learning (ML) capabilities are being deployed on the front lines of the fight against fraudulent chargebacks. These tools can assess transactions in real time, using special algorithms to flag unusual patterns or anomalies in purchase behavior. However, depending on the source of the data in their models, these tools vary in efficacy. Many fall victim to the “garbage in, garbage out” problem and can return a large number of false positives.  They also suffer due to a lack of explainability or paper trail, making it difficult to prove to a credit card company that a transaction is fraudulent. What’s more, it can be challenging to integrate the feedback data required for the model to function properly. Another drawback of AI and ML solutions is that it takes time to retrain them on new fraud patterns, not ideal when fraudsters are continually changing their tactics. At best, you can count on these tools to do the wrong thing faster.

Identity verification tools

• Finally, teams rely on a variety of identity verification platforms to help prevent fraudulent transactions and chargebacks by verifying that their customers are indeed who they claim to be. However, a significant number of online identities are already under the control of attackers. Many play the long game, behaving like a good customer on your platforms while they allow their online identities to age and build up a good credit score, before they finally decide to cash in and commit fraud.

While these solutions can serve as effective last resorts to prevent the fraudulent transactions that lead to chargebacks, a smarter strategy for merchants is to dig deeper to uncover the root cause of the problem and take steps to address it proactively.

Account takeovers and their relationship to chargebacks

Account takeover (ATO) attacks are often the precursors to fraudulent chargebacks. These insidious attacks occur when bad actors use stolen credentials to compromise the accounts of legitimate customers. Once they gain access, they can exploit the pre-saved payment information to complete fraudulent transactions, launder money, or orchestrate even more elaborate schemes. For example, in the case of marketplaces, scammers may use stolen accounts to set up fake storefronts and defraud customers by selling non-existent merchandise that is never received.

Whatever deception the bad actors might pull, all of this dishonest activity results in more disputed transactions and more chargeback fees for your business.

Fighting back against chargebacks by preventing account takeovers

Consider a case where a scammer takes over a user’s account without their knowledge and uses the saved payment information to make unauthorized purchases. When the user discovers these transactions and disputes them, you’re left with more chargebacks to deal with.

However, by implementing real-time customer journey security protections that safeguard the accounts of legitimate users, you can thwart bad actors’ attempts to make fraudulent purchases, thereby reducing chargebacks and providing a more positive experience for your customers. Moreover, by minimizing ATOs and subsequent chargebacks, you shield your business from being subjected to costly fraud monitoring programs imposed by payment card services.

Strategies for reducing account takeovers

To effectively reduce account takeovers, it’s imperative that you can accurately distinguish legitimate users from bad actors. This can be achieved by implementing the following strategies:

Enforce robust authentication methods

• It’s critical to know exactly who is accessing your users’ accounts. Verifying the identity of an account user can be done using robust authentication methods such as multi-factor authentication (MFA). MFA adds an additional layer of security that goes beyond basic username and password verification. By adding an additional layer of identity verification such as by email or phone number authentication, you can significantly reduce the likelihood of an ATO. Other authentication methods have been developed that provide even stronger security, such as biometric verification using fingerprint scanners or facial recognition. By requiring the physical presence of the real user at the time of login, biometric verification makes it extremely difficult for hackers to compromise an account.

Educate customers on cybersecurity best practices

• One of the reasons why ATOs are so successful is because of password recycling. When users rely on the same password to access multiple sites, all it takes is for one of those sites to be compromised by hackers and every other account belonging to that user becomes vulnerable to an ATO, including any they might have with your company. Attackers can easily use bots or AI to test the stolen password against thousands of systems until they find the ones that grant them access.

• The first step to preventing ATOs is by teaching your customers some fundamental cybersecurity principles. Advise your customers that to create strong, secure passwords, they should employ a combination of uppercase and lowercase letters, numbers, and special characters, while avoiding easily guessable information such as birthdays or personal names. Additionally, share content with users that explains how phishing works so that they can identify your authentic communications and spot fake messages sent by scammers.

Monitor for unusual account activity

• In the fight against account takeover fraud, proactive monitoring of user account behavior is crucial. By analyzing all events throughout the customer journey, such as login attempts, purchasing patterns, and other interactions, merchants can identify suspicious activity and potential fraud before it causes significant damage. However, most conventional API-based fraud detection tools have limited access to the full spectrum of customer journey data, which can only be captured via the network, providing an incomplete view of user behavior.

• Spec addresses this challenge by offering merchants comprehensive visibility into the entire user journey, from the first click to the last. By collecting and analyzing data at every touchpoint, Spec enables you to build accurate signatures of legitimate customer behavior. This holistic approach empowers you to swiftly detect and respond to anomalies, effectively distinguishing between good users and potential fraudsters.

• When popular crowdfunding platform Indiegogo was struggling to cope with a fraud-related chargeback rate of 20%, it turned to Spec’s Customer Journey Security Platform and cut that rate to just 1%.

Utilize advanced fraud detection tools

• Many businesses think fraud detection tools with machine learning algorithms and behavior analytics offer sufficient protection against attacks. However, these AI and ML solutions are only as good as their inputs. They rely on pre-determined data models that can vary wildly in quality. What’s more, modern cybercriminals already know the kinds of data points that trigger these systems and have developed tactics to circumvent them. Another weak point is their inability to provide a full picture of the user, instead relying on probability to make guesses about the authenticity of different identities, often leading to false positives that add friction and degrade the user experience.

The superior approach is to leverage customer journey data captured in real time. Spec’s solution effectively uncovers more instances of fraud than other platforms because it does not rely on outdated techniques based on fixed inputs and API data. Instead, Spec stands guard in front of your site’s web applications and delivers 100% visibility into every interaction. Rather than validating users only at specific checkpoints, Spec’s platform offers unparalleled insight into customer behavior, providing access to 93% of customer journey data that remains hidden from traditional point-based APIs.

Solving the chargeback problem long-term

Chargebacks are, unfortunately, an inescapable part of eCommerce. But fraudulent chargebacks can quickly spiral into a significant problem if left unchecked. To effectively combat this issue, you must address a common root cause: account takeovers by cybercriminals. By focusing on preventing unauthorized access to customer accounts in the first place, you can reduce the incidence of chargebacks and safeguard your customers’ sensitive information.

Spec’s chargeback prevention solution offers unprecedented visibility into the entire customer journey. Spec monitors, detects, and automatically takes mitigating action against attacks like ATOs. As attack tactics evolve and change, the Spec platform enables fraud teams to adapt just as quickly, continuously protecting the business from disruption and loss. And because Spec deploys at the network edge and runs on a true no-code platform, fraud teams can build and deploy protections in minutes, all without engineering support.

Ready to learn more? See how Spec used journey data to help Indiegogo prevent chargeback losses by reducing the number of ATOs. Read the full Indiegogo case study now!