As eCommerce continues to gain market share, the ongoing liability battle between issuers and acquirers regarding who is responsible for card-not-present (CNP) fraud remains intense. From a merchant’s point of view, most of the historical chargeback protections do not exist in the online realm. For example, there is no true equivalent to a “signed receipt”. Furthermore, with digital goods, there is no “shipment” to a delivery address that may match the card holder’s billing address. If a chargeback later comes from the issuer claiming fraud, these traditional arrows have already been taken out of the online merchant’s quiver, so to speak.
Card associations can ill afford to ignore the situation, as an issuer-only focus doesn’t work very well in the long term. So what is one to do? In the case of friendly fraud, how can an online merchant provide proof of customer engagement? Are there mechanisms that could provide chargeback protection, similar to the tools used by brick-and-mortar businesses?
The following concepts might show customer engagement:
- Identical customer credentials/order history. If a merchant can show that a customer signed up under a particular email address, has made approved orders where confirmations have been sent to that email address, and is now suddenly claiming fraud for a transaction made with the same email address then there may be room to question the customer’s word. Other tools/credentials such as device identification would also fit into this scenario.
- Charge verification. Some issuers provide charge verification services, where they can reach out to the customer on behalf of the merchant to verify that the customer is aware of the transaction. If this verification was tied to an online order, surely it would indicate customer engagement in the transaction.
- Post-sale communication. Some purchases require customers to click on a link in an email, or provide some kind of confirmation/response. If a merchant can get this, it may show that the customer has puposely engaged in the transaction.
Online merchants routinely struggle to fight chargebacks where they feel they have evidence of customer engagement. The core dillemma seems to be – as absurd as it may sound 16 years after the first buy button – that the card association guidelines haven’t caught up to eCommerce yet. A savvy, careful online merchant may show an issuer compelling evidence including geo-IP information, device fingerprint, email address confirmation, and so on, but issuers can simply lean on the existing policy to turn away most of these pleas.
The news isn’t entirely gloomy. With physical goods purchased online, there have been some policy changes that offer merchants protection. For example, if the shipping address matches the billing address and the merchant received an address verification match from the issuer then the merchant may have some protection from certain types of chargebacks. However, this provides little solace for merchants selling digital goods. There is still some catching up required to address the growing digital economy.
What are your thoughts regarding this challenge?
What, in your experience, constitutes strong evidence of customer engagement?
How can digital merchants address the unique challenges they face in this area?