Understanding Fraud 101

Where does fraud occur?

Fraud is much more common in online, or card-not-present, transactions. This also includes any phone orders or mail-in order forms for which you don't have a physical card to run the transaction.
In many cases, all that a bad actor needs to commit true fraud on many websites is the credit card number.

Types of Fraud

Friendly Fraud

This type of fraud happens when a legitimate customer makes a purchase, receives the product, and then files a chargeback with their bank to reverse the transaction while keeping the product(s) and/or service(s).

Accidental friendly fraud: A customer makes a purchase and requests a refund. This may occur because they do not recognize the transaction or they have forgotten that they purchased the service/good.

Solution:
Use clear *descriptors on bank statements. This will allow your customers to know what the purchase is tied to.
*This is the name that will show on a credit card statement

Intentional friendly fraud: An act of genuine and malicious fraud. In these cases, a customer makes a purchase and knowingly reports the transaction as fraud to their banking institution as a means to receive a refund.

Solution:
Educate your buyers of your Policy. This may often be referred to as a 'Refund Policy', 'Purchase Policy', 'Ticket Policy', etc.
This policy can be set in Spark under Commerce Settings. After you've updated your policy, you will be able to publish it and then make it required at checkout.

Resellers: Fake customers purchasing tickets on your website with the intention of selling them on another third party 'unauthorized' site. If the resellers can't sell all of the tickets, they often report their transaction as fraud to receive the funds back after selling the tickets - often at a higher face value than available on your site.
- Solution:
  Use Velocity filters to set thresholds for transactions per 24hrs on your Saffire website.

True Fraud

This type of fraud happens when a bad actor uses stolen credit card information to make a purchase, and then the legitimate cardholder files a chargeback because they did NOT authorize the transaction.

Solutions:

Saffire Velocity Filters by: #of transactions | $ amount | # gateway declines
- Per Email Address
- Per IP Address
- Per Credit Card (card type, last 4 digits and expiration)
Utilization of Blacklist Rules
Enable Captcha during checkout
Payment Gateway tooling
- CVV - this is the security code on cards that is not included in track data. Additional protection from individuals running transactions using lists of stolen track data.
- AVS - Address Verification check that the billing postal code matches the card.
- Gateway Velocity Filters - QTY of transactions that can be purchased within a limited time frame
  - NOTE: Beware of setting these volume velocity filters too low during peak sales periods - daily/hourly options will most likely be too low & will result in a sudden halt of ALL transactions. This isn't the best tool for the Event Industry.
+add on Accertify additional fraud protections (see more below)

Family Fraud

This type of fraud isn't as relevant in the Events industry, but can occur if an individual in a household makes a purchase using the credit card of another family member without prior approval. This can appear as True Fraud.

Add-on Fraud Protection Services

PRO

This service utilized AI and broad data across thousands of vendors to "score" purchase attempts and ultimately block likely fraud.
This submits the purchaser to a fraud check PRIOR to sending to the payment gateway.

CON

Increase blocks of real purchasers if they mistype their information and raises the risk score.
Much like insurance, this service has a cost per transaction.

Chargebacks and Disputes

Good Customer Service can reduce a lot of Chargeback Fraud. The first step we must understand is the Type of Fraud we are dealing with.

When you receive an open dispute, reach out to the customer (via email) and ask them if they recognize the purchase - Accidental Friendly Fraud.
Include as much information as you can in your initial communication. Include a copy of the receipt as an attachment. Some example language is:

{Customer Name],

You recently filed a dispute with your card issuer regarding the following charge:

{Organization Name}

{Dollar Amount}

{Tickets/Products Purchased}

We understand you may not recognize "{Org Bank Descriptor}" as someone you've done business with.

If you recognize this purchase, please kindly withdraw the dispute with your issuing bank.

If you have any questions or did not, in fact, purchase tickets for the above-referenced event on purpose, please contact me.

Thank You,

{Your Name}

The customer will often close the dispute, resulting in the chargeback process ending here.

If they don't recognize the purchase, then you likely have True Fraud or Family Fraud
If the customer acknowledges the purchase and informs you that they were unsatisfied with the 'product', then you have a few options to handle the situation.
- This gives you the opportunity to improve the customer's experience with your organization.
  Offer admission to another day, additional experience, etc.
- Hopefully your good customer service will result in the closure of the dispute outside of the chargeback process.
If the dissatisfaction results in the dispute remaining open, then your next steps are to gather "Compelling Evidence" to fight the wrongful chargeback.

Good News! Your email communication with the customer acknowledging the purchase is already one piece of compelling evidence for 'Proof of Digital Goods'.

Compelling Evidence

This is the stage of fighting a Chargeback that you will collect all of the proof to provide to your bank.

Some examples of Compelling Evidence are:

Download Date/Time
Purchaser IP Address
Device Location
Customer Name
Customer Email
ANY email communication with acknowledgement of purchase (see above section)
Proof of Ticket Use
CVV Match
AVS Match
Agreement to Terms that acknowledge Policy
3D Secure authorization