First party fraud occurs when a cardholder seeks reimbursement or a credit for legitimately purchased goods and services, resulting in potential disputes and creating additional costs for all participants.
While not a major driver of fraud disputes in most sectors, first party fraud is nonetheless a growing issue that creates costs and poor performance across both issuer and merchant businesses. To control this issue, effective April 18, 2020, the Visa Rules will be modified as follows:
- Issuer base criteria for cardholder review: Issuers will be required to put in place basic controls over incoming fraud disputes to ensure that customer claims are properly substantiated. This must include a formal review where excess claims are received. An issuer whose cardholder has five or more separate Dispute Condition 10—Fraud disputes within a maximum period of 12 months must perform a formal review of the cardholder account and related disputes to determine if first-party fraud abuse is occurring.
During a formal review, the issuer will be required to assess the cardholder claims, related disputes, and consider future disputes treatment and the viability of the account relationship.
- Card-not-present (CNP) merchant requirement to validate cardholder approval: Merchants that operate account-on-file business practices that see high volumes of cardholder transactions during a single day will be required to set base-level daily cardholder velocity controls. Additional cardholder authentication must be carried out when an excess level of transaction activity has been recorded in a day. This limit should be set by the merchant to reflect its own fraud/dispute rates, but cannot exceed a maximum of 25 transactions.
All account-on-file merchants processing multiple daily transactions must deploy this control to help reduce third and first party fraud.
- Merchant withdrawal of services or assets following a fraud dispute: Merchants will be required to revoke provision of goods/services where practical after a fraud dispute (if the merchant believes its customer is disputing a legitimate transaction) and establish a process to prevent recurrence by the cardholder.
If the fraud is due to the merchant account being taken over, the merchant will be required to re-authenticate the cardholder prior to further transactions.
- Contact information in transaction details for high dispute merchants: CNP merchants are currently required to include dispute contact details in the merchant location field of the authorization message. This detail is typically used as line two on customer statements and bank reports and will allow cardholders to more easily raise disputes directly with the merchant, rather than the issuer.
Acquirers will be advised quarterly of CNP merchants with excessive dispute rates that are failing to provide this information. Visa enforcement rules for noncompliance will apply.
Visa also understands that first party fraud cases have become more difficult to identify and manage successfully within businesses, particularly in light of certain regulations requiring an immediate credit to a customer account when fraud is claimed, and the global move toward a zero-liability rule for all cards.
Visa plans to publish a merchant-focused risk best practices guide in the near future. This guide will provide a number of proven methodologies and recommendations for identifying and managing fraud losses and for improving business processes in order to address first party fraud. Specifically, these best practices will be designed to help:
- Reduce the costs of dispute management
- Reduce dispute volumes and associated fees
- Enhance customer satisfaction and increase transaction volumes