Friendly Fraud
On this page
Before addressing friendly fraud, understand:
- Compelling Evidence requirements for fighting disputes
- Descriptors and communication to prevent confusion
- Difference from first-party fraud and third-party fraud
- Chargeback lifecycle and dispute timing
- Friendly fraud = Legitimate cardholder disputing a valid transaction they actually made
- 60-80% of chargebacks are friendly fraud, not true fraud
- Win with Compelling Evidence 3.0: device match, IP geolocation, post-purchase login
- Prevent with clear descriptors, easy refunds, and purchase confirmations
- A subset of first-party fraud (customer = fraudster). Different from third-party fraud (stolen identity)
Friendly fraud is >50% of SMB chargebacks, but the solution is usually operational, not technical. Ask yourself: "Do I have a fraud problem, or a policy problem?" If customers dispute because they can't find how to cancel, your billing descriptor is confusing, or your refund process is slow, fix those first. They're free and more effective than any fraud tool. See Refund Policy and Descriptors.
What Friendly Fraud Actually Looks Like
If you're not sure whether you're dealing with friendly fraud, here are the most common scenarios SMBs encounter:
Scenario 1 - Digital goods abuse: Customer buys a course or digital product, accesses it 10 times over 60 days, then disputes as "unauthorized." They got the value and want their money back too.
Scenario 2 - Subscription amnesia: Customer signs up for a subscription, forgets about it, sees the charge 3 months later on their statement, and disputes instead of contacting you.
Scenario 3 - Delivery lie: Physical item delivered with tracking confirmation, but customer claims "not received." Carrier shows delivered to their address.
The strongest signal: The customer was silent for more than 7 days after delivery or access. If they didn't complain to you first, they're probably lying to their bank. Legitimate complaints go to the merchant. Fraudulent ones go straight to the issuer.
For most SMBs under $1M, friendly fraud is 60-80% of all chargebacks. If that describes you, skip the third-party fraud tools and focus here. Your solution is operational - better descriptors, easier refunds, clearer communication - not technical.
Your customer bought it. Used it. Then called their bank and said they didn't.
The Issuer's Reality
When a cardholder calls their bank to dispute, I don't see your beautiful evidence PDF yet. I see a transaction line item and a frustrated customer on the phone. If your descriptor is vague ("PAY*ACME" instead of "ACME WIDGETS"), you've already lost ground. The agent has 3 minutes to handle this call.
The bank's incentive: We want to keep the cardholder happy. They pay us interchange on every future purchase. You're a stranger who might never transact again. If you want to win a dispute, you have to make it impossible for me to side with my customer without breaking network rules.
That's the game. Now let's talk about how to play it.
See also Fraud vs. Friendly Fraud in the Chargebacks section.
Why Customers Do This
Intentional Abuse
- Buyer's remorse disguised as fraud claim
- "Cyber shoplifting" – get goods and money back
- Exploiting merchant fear of chargeback ratios
- Testing what they can get away with (see refund fraud)
Unintentional/Gray Area
- Forgot about subscription renewal
- Didn't recognize merchant name on statement (see descriptors)
- Family member made purchase (but knew them)
- Genuinely confused but not malicious
Scale of the Problem
| Statistic | Source |
|---|---|
| 60-80% of chargebacks are friendly fraud | Industry estimates |
| 40% of consumers who commit friendly fraud will do it again within 60 days | Chargebacks911 |
| Average merchant loses 1.3-1.5% of revenue to all fraud types | Industry estimates |
Detection Indicators
Strong Signals (Tier 1 Indicators)
Use these in your evidence framework:
| Indicator | Suggests Friendly Fraud |
|---|---|
| Delivery confirmed to billing address | ✅ Strong (CE 3.0) |
| Digital product accessed post-purchase | ✅ Strong |
| Customer contacted support before dispute | ✅ Strong |
| Device matches prior purchases | ✅ Strong (CE 3.0) |
| Customer logged in after purchase | ✅ Strong |
Supporting Signals (Tier 2 Indicators)
| Indicator | Notes |
|---|---|
| Repeat customer | Established relationship |
| Multiple prior successful transactions | Pattern of legitimate use (CE 3.0 requires 2+) |
| IP matches billing location | Cardholder present (see AVS) |
| No velocity indicators | Not part of fraud attack |
Fighting Friendly Fraud
What I See on My Screen (Issuer Perspective)
When representment comes in, I'm scanning for reasons to uphold your chargeback reversal. Here's what actually makes me pause:
- Visa CE 3.0 device match – If the device that disputed is the same device that made 3+ prior purchases with no disputes, that's hard to ignore.
- IP geolocation to billing address – Cardholder claims fraud, but IP was 2 miles from their billing address? That's awkward for them.
- Post-purchase login/access – For digital goods: if they logged in and used the product after the purchase date, they're lying.
- Support ticket before dispute – They contacted you about a problem, you offered a refund, they said "no thanks," then disputed? Document that.
What doesn't help: 15-page PDFs, screenshots of your TOS, generic delivery confirmations. I have 4 minutes to review your case.
Pre-Dispute Prevention
- Clear merchant descriptors – "ACME INC" not "PAY*ACME". When the cardholder looks at their statement and doesn't recognize it, they call us. By then, you're already behind.
- Purchase confirmations – Email/SMS with line items. Make it obvious what they bought.
- Delivery confirmation – Photos work for physical goods. But Visa CE 3.0 credential matching is stronger than a photo.
- Easy refund path – Every customer who gets a refund from you is a dispute you never see.
Blacklisting Considerations
Blacklisting friendly fraud abusers protects you, but:
- False positives damage customer relationships
- May violate network rules if too aggressive
- Document evidence before blacklisting
Blacklist Criteria Suggestions
Consider blacklisting after:
- 2+ lost disputes from same customer
- Clear evidence of abuse pattern
- Customer admitted abuse (support recordings)
Next Steps
Seeing friendly fraud chargebacks?
- Review Compelling Evidence 3.0 - Know what wins disputes
- Check your descriptors - Reduce "I don't recognize" claims
- Set up alerts - Resolve before they become chargebacks
Want to prevent friendly fraud losses?
- Defend against fraud losses - Full strategy: 3DS, CE 3.0, evidence collection
- Implement device fingerprinting - Build CE 3.0 evidence
- Make refunds easy - Refund is cheaper than chargeback
Ratio getting too high?
- Follow the playbook - Crisis response
- Understand network thresholds - Know the limits
- Consider blacklisting repeat abusers - Protect yourself
Related Topics
- Chargeback Fundamentals - Dispute basics
- First-Party Fraud - The umbrella category (friendly fraud is a subset)
- Third-Party Fraud - Stolen card/identity fraud
- Representment - How to fight disputes
- Compelling Evidence - Visa CE 3.0 and Mastercard requirements
- Reduce Chargebacks Playbook - Systematic reduction
- Chargeback Metrics - Tracking friendly fraud impact
- Device Fingerprinting - Device-based evidence
- Chargeback Lifecycle - Dispute timeline
- Network Programs - VAMP, ECM thresholds
- Chargeback Alerts - Pre-dispute resolution
- Refund Fraud - Related abuse patterns