In January 2019, the Center for Investigative Reporting published an article alleging that Facebook “duped” children and parents out of their money.
They looked at Facebook’s internal memos, emails, and other documents. In the end, the report concluded that Facebook enabled children to commit friendly fraud to boost revenue generated from games on their platform. One problem, though: the report suggested a misunderstanding of the concept of friendly fraud, as well as Facebook’s actions and intent.
We can look back on this now as an important case study. Merchants can look at Facebook’s situation, and take an important lesson on how to balance friction against the need to eliminate risk.
What is “Friendly Fraud”?
First, let’s explain what the term “friendly fraud” means.
Friendly fraud describes a situation in which a cardholder makes a purchase, but later files a chargeback to recover the funds. The individual contacts her bank, and the bank claws back the money on the customer’s behalf.
There are many potential friendly fraud triggers in the eCommerce market. Friendly fraud can result from children making unauthorized purchases on a parent’s payment card. It may also be the product of customers making a purchase, then forgetting about it and assuming the transaction is fraudulent. In other cases, simple buyer’s remorse is to blame.
This kind of chargeback abuse is often unintentional. From the merchant’s perspective, though, the result is no different from criminal fraud. When customers file chargebacks, it’s the merchant who loses sales revenue, pays fees to process the chargeback, and takes a hit to their long-term sustainability.
The allegations against Facebook stemmed from an internal memo circulated within the company titled Friendly Fraud – what it is, why it’s challenging, and why you shouldn’t try to block it. The Center for Investigative Reporting used this memo to claim that Facebook perpetrated a deliberate scam for years. They assert that the social network allowed—or even encouraged—children to make unauthorized purchases. The documents say the company went so far as to refuse to implement fixes to reduce the problem, all in the name of maximizing revenue.
Facebook’s actions didn’t reflect the kind of malicious intent everyone pointing to, though. In fact, as explained above, Facebook and the game developers on their platform are the victims of friendly fraud, not the perpetrators. Their actions reflect a calculated decision process every business in the digital space makes.
Fraud Vs. Friction
Everyone operating in the eCommerce market must account for two opposing forces: friction and risk.
eCommerce friction describes any force providing resistance during a transaction. When a customer needs to take an action to conduct a transaction, whether that’s filling out billing and shipping information, or providing authorization via email, it produces some degree of friction.
Merchants are usually advised to try and reduce friction. Common knowledge suggests that sellers try to minimize barriers between their customers and their products. However, they’re also told to keep up with best practices to reduce risk factors. They’re instructed to take multiple steps to verify customers’ identities and deploy antifraud tools during checkout.
This creates a situation where sellers must make a calculated gamble. It’s a delicate balance between providing an easy customer experience, and compliance with best practices.
Each additional step in the process represents more friction facing the customer. Too much friction could deter buyers, but merchants need to have some friction, or else bad actors can carry out attacks with impunity. The risk of both criminal fraud and friendly fraud skyrockets at the same time.
Separate Positive and Negative Friction
The memo shows that Facebook decided to error on the side of convenience. They advised developers to make their checkout process nearly frictionless in hopes that the sheer number of purchases would outbalance the increased chargebacks. As a result, some developers saw chargeback rates as high as 9% of total transactions!
What can we do? Well, the first step is to recognize that not all transaction friction is created equal.
The situation at Facebook speaks to a need to distinguish “positive” and “negative” friction. The former helps prevent fraudulent activity and other abuse while having minimal impact on the customer experience. The latter, on the other hand, places unnecessary obstacles between merchants and consumers.
Examples of Positive Friction:
• Optional account creation.
• Requiring complex, unique passwords for all accounts.
• Offering 3-D Secure 2.0 technology as an opt-in service.
• Asking buyers to verify an order before completion.
• Deploying back-end fraud technologies like geolocation and IP verification.
Examples of Negative Friction:
• Complicated or broken navigation.
• Excessive, redundant fields during checkout.
• Forcing customers to register for additional accounts before purchasing.
• Not displaying shipping information.
• Offering limited payment methods.
The goal for online sellers should be to eliminate negative friction points, while keeping as many positive points in place as possible.
Everyone Shares Responsibility
On top of other recent bad press directed at Facebook, it’s easy to point fingers at the company. However, they’re not the only ones who should accept some degree of responsibility. Everyone has a part to play in making the eCommerce space more secure, open, and transparent:
Individual consumers need to recognize how their actions impact the market in a broader sense. From the customer’s perspective, a chargeback and a refund are basically the same. Most can’t really connect the money they recover from a chargeback to any long-term harm done to the market. Consumers need to be educated about the role they play in perpetuating friendly fraud, and how it ultimately hurts them consumers by limiting options and driving up merchants’ costs.
The operative word is “compliance.” If we hope to have a fair, reliable process to resolve disputes, then we need institutions to operate according to card network regulations. This requires a lot of attention to detail, with careful oversight and review processes in every dispute case.
Of course, pushing for “compliance” is useless without having standards with which to comply. eCommerce developed in a very fragmented, erratic manner, and industry policies governing the marketplace haven’t caught up. We need to have the card brands themselves on board to develop widely-applicable, easy to interpret standards and practices for banks and merchants. Card networks like Visa and Mastercard can also help promote consumer education and responsible practices.
Standardization & Compliance are Key
Merchants can limit risk in the meantime. However, it will take a much more comprehensive overhaul to achieve the kind of change we need.
I’m talking about a synergistic approach across card brands. We need a coordinated push for standardization of chargeback rules and processes. We also need greater compliance throughout the payments space.
Getting everyone on the same page regarding chargeback processes is the key to meaningful change in the industry. Until we get that level of cooperation, problems like the one that confronting Facebook will only get worse for everyone.