Have You Heard of “Friendly Fraud”?
In payments and e-commerce industry, "friendly fraud" is a scenario where someone from the “friends and family” circle of the "victim" gains access to their device, passwords or email account, and can initiate transactions or access financial services appearing as a true owner. The most typical known case is where teenagers would use parents’ phone and/or credit card and purchase a computer game or similar. It's extremely difficult to differentiate scenarios when the victim is really the victim and where the victim and the fraudster colluded in order to "game the system".
Why is friendly fraud so harmful to small businesses?
All businesses are monitored for their fraud rates, dispute rates and chargeback rates by their payment providers. If performance deteriorates, payments provider can and probably will do the following:
- require risk reserves (fixed or rolling);
- hold reserves longer (some revenues won't be accessible to a small business for up to 3-6 months);
- charge higher processing fees; or even
- refuse to continue the relationship.
Also, SMEs are not super important for payments processing companies (unlike airlines or large retailers), so the decision to decline them is easier. SMEs just don't have the same bargaining power.
What steps can SMEs take to prevent friendly fraud?
- really read carefully your contracts with payments providers and understand what happens in cases of fraud claims and disputes.
- some payment providers offer "seller protection" for SMEs (e.g. PayPal) - so there is a way to pay to your payments partner for handling this risk
- insist on strong authentication to be enacted by your customers (but it may impact your conversions) combined with instant notification to the owner, so that they are immediately notified when a transaction happens
- it could be pricy, but there are fraud management tools that are able to detect unusual behavior of customers (e.g. how they move their mouse or type - and block the transaction before it happens, if there is a high indication of risk) - Kount, Simility, Sift.
If you are looking to enhance your risk and fraud management policy framework, consider using my Risk Management Bundle that includes Risk Management Policy, sample documentation of the company's risk appetite and risk acceptance decisions, SWOT analysis and Enterprise Risk Assessment template.