Is Your Ice Cream Too Cold? Lessons in Fighting Friendly Fraud

In mid-December, a story went viral on Twitter across the pond about a customer being refunded by a food delivery service after complaining that the “four milkshakes, a cheesecake and an ice cream” they had ordered from a Manchester restaurant were “too cold”, as reported by Manchester Evening News. The restaurant owner turned to the media as he felt he had to speak up against the “spate of suspicious refunds” he had been experiencing, with seemingly legitimate customers ordering online through portals and apps to then claim bad food quality or bad service and demand their money back. This trend has been noted across the world and more often than not, these requests are satisfied, and it is the restaurant who’s footing the bill. 

As it happens online, some defended the hapless manager and others disagreed. But what this story made clear even for those with no insider knowledge of our sector is the fact that friendly fraud and chargebacks have become a major concern for the F&B industry too, these days. And, with many restaurateurs and bar managers being newcomers to card-not-present transactions – be they for food and drink prepared for on-site pickup in BOPUS set-ups, or for delivery by the restaurant’s or affiliated drivers – people in this industry are less aware of the dangers this payment model entails.

Liability and Friendly Fraud

A milestone in shaping this admittedly problematic landscape came in 2015, when the EMV liability shift took place, as Pay Junction’s EMV article explains. This was when credit and debit card issuers shifted legal responsibility to businesses for any fraud enabled by the incorrect processing of cards that use chips, as well as when magnetic stripe cards are used. Coming as a result of improvements in card chip technology, this was ostensibly meant to encourage merchants to step up at the point of sale and ensure they are doing their part to safeguard transactions where the card is present. However, one of the outcomes was that fraudsters started focusing their effort on CNP (card not present) schemes, and increasingly moving online. 

Chargebacks have long been a concern for merchants, starting from the e-commerce sector, where credit and debit card issuers are quick to please customers at the detriment of the merchant. Meanwhile, friendly fraud describes situations where it is the cardholder who’s committing fraud rather than a professional criminal who has stolen their card details, as per SEON’s guide to friendly fraud. This can be in the form of a chargeback or not, while a chargeback request itself can be legitimate or not. In simple terms, friendly chargeback fraud is when the cardholder will claim something has gone wrong with a payment and demand a chargeback despite knowing that this is not true. 

What’s in a Chargeback?

A merchant typically has 45 days to dispute a chargeback and even when they do, they need to have kept meticulous records about the condition of the merchandise, the transaction itself as well as the delivery method, often including pictures. All this is to be provided to the issuer bank and the merchant’s bank, in the hopes of proving the merchant has been thorough and there is no need for chargeback. Of course, such documentation and evidence is not likely to be available for restaurants, which are an already hectic environment where delivery is not the main means of serving the customer, nor are online payments their most common method. 

A more frequent phenomenon in card-not-present transactions, chargebacks see a cardholder contact their bank to claim that a payment that has already gone through should be returned. It should be noted that a customer will provide various reasons for this, from claims their card was stolen and used by a criminal to never receiving their products or receiving damaged goods – or even clerical error. According to an infographic by Invesp, research points to the majority of justification provided by the cardholder being:

• cybercrime at 57.9 percent

• recurring billing cancellations at 18.6 percent

• faulty/non-satisfactory products and services at 18.3 percent

Given that 86 percent of all chargebacks have been estimated by Global Risk Technologies to be cases of friendly fraud, it goes to show that merchants need to stay vigilant and take solid steps to prevent this.

What’s more, the example from Manchester, UK introduces a middleman into the equation. An online ordering service can be an app or website such as Grubhub, Postmates or DoorDash or even UberEats, and offer in-store pickup (BOPUS) and/or delivery. Importantly, in order to stay on credit card issuers’ good side, these platforms are eager to refund the customer almost without question rather than risk having the customer complain to their bank, which would trigger the chargeback process in earnest. Why? Because a chargeback is not merely a refund but much more damaging.

Too many chargebacks resolved in favor of customers result in higher chargeback rates for the merchant or middleman – which in turn entails higher bank fees in general as well as the potential to get blacklisted. What’s more, every $1 of products lost to chargebacks costs restaurants at least $2.40, according to payments partner Prommt, as it means lost products, administration and processing fees, as well as resources required to deal with the request. 

Post-Pandemic Vigilance Advised

In the post-pandemic era, restaurants are still dealing with extreme fluctuations in demand because of local increases in cases and changes in legislation. Ghost kitchens, having acquired new customers despite their lack of physical premises during lockdowns, have become real contenders and continue to compete with bricks-and-mortar eateries. Almost without exception, food delivery platforms have reported increases in their profits across the pandemic, with Grubhub announcing 48 percent year-on-year growth in March, for example.

With the landscape still unclear at the moment, it is imperative for those businesses that want to stay online to be able to continue doing so without risking friendly fraud and chargebacks. Doing so is a concerted effort, but it does not have to be complicated. 

For instance, some eateries have already opted for their own ordering websites and apps, which removes the middleman and the fees associated with them. Restaurant-owned ordering platforms also allow you to control the process better, deploying anti-fraud measures from the moment the customer accesses the website, by creating their risk profile and treating them accordingly.

Keep in mind that while payment processors have default anti-fraud measures built-in, these are sometimes not sufficient. Adding your own anti-fraud boost will up your defenses without taking up your time. A good anti-fraud solution will create each customer/transaction’s risk profile behind the scenes by gathering data from online sources and by examining the customer’s device configuration, automatically blocking very high risk customers (if you so wish) or asking for additional verification. For those who are so inclined, these steps are taken transparently and can be adjusted and fine-tuned.

From the moment the customer signs on, IP analysis and device fingerprinting protocols will check to see who they are and whether they are accessing from a reasonable location that matches their cardholder data, as well as previous activity on their account. By asking them to sign up with a personal account, you are creating a baseline against which to compare future orders – which can also be useful for velocity checks. For instance, the fact they are based in a specific city or region, or that they usually pay with a certain method.

Importantly, what this does is not outright ban a customer, but introduce a series of failsafes that ensure this is a legitimate ordering session by the actual cardholder. For instance, a medium risk score could mean that the customer is asked for their password a second time. For businesses with a lower risk appetite, it could trigger a manual review, where one of the staff calls the customer on the phone to ensure everything is as expected. 

Those who continue to work with food ordering platforms can work alongside these partners to take full advantage of any anti-fraud tools they might be using, or subscribe to chargeback guarantee schemes, which can be a good solution for some businesses. As is often the case with online crime, keeping up to speed with developments and enabling some basic defenses can deter most fraudsters.

In 2022 and beyond, many among us have decided that the future of their F&B business is also online. They, as well as colleagues who are considering embracing this type of online ordering, ought to have at their disposal solutions that make sense both financially and in terms of customer satisfaction, too.