How Banks Investigate Fraud

The process banks use to evaluate and investigate claims of fraud can be obtuse and frustrating, both for cardholders and for merchants. For cardholders who've fallen victim to credit card fraud, it can seem like the bank is taking forever to actually close the investigation, even when the fraud seems completely obvious. For merchants, the number of highly dubious fraud claims that result in chargebacks can make them wonder if the bank actually investigates claims of fraud at all.

Some of the basic rules for investigating fraud are established by the major card networks, but individual banks have a lot of leeway when it comes to actually carrying out the process. Fortunately, banks have their own incentives to fight fraud, and there are some standard procedures for them to follow. When banks receive claims of credit card fraud, what do they actually do to investigate them?

  1. What Are the Different Types of Fraud?
  2. What Happens When a Bank Gets a Fraud Claim?
  3. How Do Banks Investigate Fraud?
  4. The Role of Technology in Fraud Detection and Prevention
  5. How Do Fraud Victims Get Their Money Back?
  6. Why Do Merchants Bear the Costs of Fraud?
  7. How Long Does a Bank Fraud Investigation Take?
  8. Do Banks Press Charges for Fraud?
  9. Do Banks Really Investigate Disputes?

Banks, customers, and merchants don’t always speak the same language when fraud is the subject of discussion. For customers, fraud can be a catch-all term that refers to a wide range of complaints or issues they may have with transactions, many of which might not fall under the legal definition of fraud. In the realm of merchant chargebacks, we talk about “true fraud” and “friendly fraud,” two very different things that aren’t as closely related as their names might suggest.

Untangling the many varieties of fraud can get complicated, especially when merchants are trying to make sense of their chargeback data for analytical purposes. It can be helpful to know how fraud claims are handled on the bank’s end, what sort of timeline to expect, and what actions they are likely to take.

What Are the Different Types of Fraud?

  • True fraud is when a third party uses stolen credit card information to make an unauthorized transaction.
  • Friendly fraud, also known as chargeback fraud or first-party misuse, is when a cardholder makes false or misleading dispute claims in order to obtain a chargeback.

A dispute is when a cardholder asks their bank for a chargeback on a transaction, claiming that they either didn't authorize the transaction or didn’t get what they paid for. True fraud is the most common reason behind legitimate disputes.

If the customer didn’t get what they paid for, they’re required to contact the merchant before disputing the charge, which will usually result in the merchant providing a refund or some other remedy. When a merchant refuses to provide a refund in accordance with their sales agreement, or violates card network rules when processing a transaction, the customer has a valid claim to file a dispute.

In cases of true fraud, both a cardholder and the merchant can be considered victims. The cardholder was the one whose information was stolen and used illegally, while the merchant will be the one bearing the cost. In cases of friendly fraud, however, the customer is actually defrauding the merchant.

True fraud can result from simple transactions involving the use of stolen card information, or may involve account takeover attacks that utilize stored payment credentials in the customers own account. For now, however, let’s focus on the big picture.

What Happens When a Bank Gets a Fraud Claim?

The first thing the bank will do is try to substantiate that fraud has actually occurred. They will ask the cardholder to provide additional details about the transaction and explain why they believe it to be fraudulent.

For cardholders who have been victimized by fraudsters, this can feel like a big ask. Oftentimes when a cardholder first notices fraud on their account, they discover that it’s been going on for quite some time.

Small, easily overlooked card testing purchases often accumulate before the fraudster goes for a big payout. These are low dollar amount transactions that let the fraudster know that the card hasn’t been reported stolen yet.

The Fair Credit Billing Act caps cardholder liability for credit card fraud at $50. As long as the fraud claim can be substantiated, the cardholder won’t be held responsible for more than that amount. Many banks even have policies dictating that the customer won't be held liable for any amount at all when fraud occurs.

Debit card fraud is governed by the Electronic Fund Transfer Act, which requires cardholders to notify banks about fraudulent charges within 60 days of the transaction—any later and the bank is not obligated to respond. In addition, cardholder liability for fraud is only limited to $50 if the bank is notified within two days of the transaction. However, most banks give their customers 120 days to dispute a fraudulent charge and have more generous liability policies than the law requires.

Once notified, the bank has 10 business days to investigate the claim and reach a decision. If they find that fraud did indeed occur, they are obligated to refund the cardholder.

If the bank needs more time to investigate, they can take up to 45 days, but they must at least temporarily return the funds to the cardholder’s account by the 10-day deadline. Many banks streamline this process by granting a provisional credit as soon as a dispute is filed.

How Do Banks Investigate Fraud?

Bank staff will usually start with the transaction data and look for likely indicators of fraud. Time stamps, location data, IP addresses, and other elements can be used to prove whether or not the cardholder was involved in the transaction.
 

Ideally, bank staff should identify intentional (and unintentional) friendly fraud when it occurs, since they're trained to identify common scenarios such as:

  • The customer let a free trial run into the paid billing period
  • An in-app purchase was made by an unsupervised child
  • The customer forgot about a recurring subscription charge
  • Buyer’s remorse

But as every merchant knows, this doesn’t always happen. Friendly fraud chargebacks are a huge problem for merchants, who have to take it upon themselves to provide evidence that refutes these claims.

If the bank is confident that fraud has occurred and feel the case is substantial enough to warrant it, the bank may notify law enforcement agencies such as the FBI. Of course, the decision on whether or not to open an investigation is up to the law enforcement agency involved.

The Role of Technology in Fraud Detection and Prevention

In today's digital age, the battle against credit card fraud has taken on a new dimension with the advent of sophisticated technologies designed to detect and prevent fraudulent activities. Banks and financial institutions are increasingly leveraging advanced tools and methodologies to enhance their fraud detection capabilities, ensuring a safer environment for cardholders and merchants alike. This section delves into some of the key technological innovations and strategies employed in the fight against fraud.

Machine Learning and Artificial Intelligence

Machine learning (ML) and artificial intelligence (AI) have become cornerstone technologies in the realm of fraud detection. These technologies allow banks to analyze vast amounts of transaction data quickly and accurately, identifying patterns and anomalies that may indicate fraudulent activity. Here’s how they work:

  • Pattern Recognition: AI systems can be trained to recognize spending patterns and flag transactions that deviate from the norm. For instance, a sudden spike in high-value purchases in a different geographic location from the cardholder's usual activity can trigger an alert.
  • Behavioral Analysis: Machine learning models can analyze behavioral biometrics such as typing speed, mouse movements, and even the way a smartphone is held. These metrics help create a unique user profile, making it harder for fraudsters to mimic legitimate users.
  • Real-time Monitoring: AI algorithms operate in real-time, enabling instant detection and response to suspicious transactions. This immediacy is crucial in preventing further fraudulent activities once an anomaly is detected.

Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide two or more verification factors to gain access to their accounts. The most common forms of MFA include:

- Something You Know: This could be a password or PIN.
- Something You Have: This might include a mobile phone or a hardware token.
- Something You Are: Biometrics such as fingerprints, facial recognition, or voice recognition.

By combining multiple factors, MFA significantly reduces the likelihood of unauthorized access, as a fraudster would need to compromise several authentication methods simultaneously.

Tokenization

Tokenization is a process that replaces sensitive card information with a unique identifier or token. This token has no exploitable value outside of a specific transaction context, thus reducing the risk of data breaches. Here’s how it works:

- Substitution: During a transaction, the actual card number is replaced with a token. This token is then used to process the payment without exposing the real card details.
- Limited Use: Tokens can be designed for single-use or limited-use scenarios, further minimizing the risk of data being compromised in future transactions.


How Do Fraud Victims Get Their Money Back?

When a transaction is disputed as fraudulent, the issuing bank immediately issues a provisional credit to that customer’s account. Once the chargeback process is completed and the funds have been taken back from the merchant account, the provisional credit is made permanent.

When a merchant is hit with a friendly fraud chargeback, things are a little more complicated. This type of fraud is harder to prove, and banks tend to side with the customer when in doubt. Even in the best-case scenario, recovering funds lost to friendly fraud will take some time.

If the merchant can prove to the issuing bank that the transaction is legitimate and the cardholder’s claims are false, they can get their money back. However, this process will generally take at least 30 days, and often longer.

The process for fighting friendly fraud is called chargeback representment. The merchant has to present the transaction to the issuer a second time, along with evidence that refutes the cardholder’s claims.

The evidentiary criteria for each chargeback reason code is determined by the card network, but the issuer is responsible for reviewing it and making a decision. In order to win the dispute, the merchant must provide evidence that the bank finds sufficiently convincing.

While the bank’s decision can be appealed through arbitration, the loser has to pay hundreds of dollars in additional fees. Unless you’re dealing with a high-value transaction and are certain the card network will side with you, it rarely makes sense to carry a dispute that far.

Why Do Merchants Bear the Costs of Fraud?

The rules of the chargeback process are defined by a combination of various federal laws and card network guidelines created over the course of decades—they don’t really add up to a cohesive, internally consistent whole that treats every stakeholder equally.

With merchants carrying the ultimate liability for the cost of chargebacks, banks aren’t really incentivized to investigate fraud in great depth or push back too hard against their customers’ claims. This might not be fair, but it highlights how important it is for merchants to take charge of their own defense when it comes to fraud and chargebacks.

Fighting chargebacks is a battle on two fronts. Not only do merchants have to preemptively defend themselves and their customers against true fraud, but they must also fight friendly fraud chargebacks after they’ve been filed by engaging in the representment process and supplying the banks with compelling evidence that proves they were wrong to take their customer’s claims at face value

 

Similar Posts

Ready to Start Reducing Chargebacks?