Blog
Guides

Friendly fraud: How should FinTechs view the risks?

December 2022
One of the most common types of fraud FinTechs will experience is “friendly fraud” – when adept and resourceful fraudsters masquerade as customers and submit chargeback disputes. Read our CCO's blog for three key areas to mitigate this risk.
Blog
Guides

Friendly fraud: How should FinTechs view the risks?

December 2022
One of the most common types of fraud FinTechs will experience is “friendly fraud” – when adept and resourceful fraudsters masquerade as customers and submit chargeback disputes. Read our CCO's blog for three key areas to mitigate this risk.
Sarah Mirsky-Terranova
Chief Compliance Officer

Sara works closely with FinTechs and their sponsor banks, mentoring and guiding them on compliance requirements prior to going live.

I’m fortunate to work in a role where I can help plan, execute, and assist FinTech builders with compliance and risk. When I mention fraud mitigation efforts, oftentimes developers think fraud is conducted by a shadowy group of information brokers and state-backed hackers operating on the dark web.

The reality is quite different.

One of the most common types of fraud FinTechs will experience is “friendly fraud” – when adept and resourceful fraudsters masquerade as customers and submit chargeback disputes. It might sound benign given the euphemistic phrasing. But friendly fraud is not nice at all to a company’s bottom line or reputation. 

Friendly fraud isn’t going away either. According to data from last year, nearly 80% of merchants surveyed admitted to experiencing an increase in friendly fraud attacks over the past three years, with 68% stating that the pandemic has caused a growth in their chargeback rates.

What is friendly fraud? How does friendly fraud affect FinTechs today?

Friendly fraud occurs when an onboarded customer fraudulently claims there is a charge on their account they didn’t make. Part of what makes friendly fraud tricky to deal with are rules around what financial institutions have to do when customers escalate issues. Regulation E, a CFPB rule that protects consumers when they use electronic funds and remittance transfers, dictates that a FinTech has ten (10) days to provide a customer with provisional credit after submitting a dispute.

Some FinTechs investigate disputes on their own and determine whether or not to provide provisional credit to the customer. Other more seasoned FinTechs will provide provisional credit for disputes that are under a certain threshold, e.g., $20. If that dispute is higher than the designated threshold, a FinTech will escalate the dispute to their payment processor to determine whether or not it’s authentic. 

But the problems don’t typically stop there. If an investigation isn’t complete within 10 days, a FinTech has to provide provisional credit to their customer, advising them that an investigation is ongoing. If the dispute is fraudulent, the FinTech will attempt to claw the funds back from the customer. But what happens if the customer spent the money? It’s gone, without a way to get it back.

Many FinTechs assume their Sponsor Bank covers fraud losses—even those associated with friendly fraud. While the Bank still needs to be made aware of fraud (and file a Suspicious Activity Report if certain thresholds are met), a FinTech is ultimately responsible for all financial fraud losses. While $20 here and there may not seem like much, losses resulting from friendly fraud can add up quickly. 

Friendly fraud can also affect what money can’t buy: reputation. Occasionally, fraudsters will file disputes and then threaten to post negative online reviews about the company or disparaging comments on social media if they don’t receive a provisional credit. Alternatively, they might threaten to report the company to the FDIC or Better Business Bureau. A bad comment or tweet may not seem material, but every opinion matters when operating in increasingly competitive markets.

Any of these approaches could put FinTechs in a difficult position, and many might choose to offer a provisional credit to appease the customer before conducting any investigation into the dispute. This is especially true for FinTech startups trying to build a customer base. But a better, more long-term option to protect capital and reputation should be prioritizing fraud mitigation.

Caution! Friendly fraud = not friendly

Three key focus areas to mitigate friendly fraud risk

When setting up compliance and risk programs to combat friendly fraud, I advise FinTechs to cover three key areas:

  1. Creating records and paper trails
  2. Having a team of specialists to help
  3. Setting up rules and procedures on how to react to customer disputes.

Create detailed records and paper trails

FinTechs should keep a log of all detected fraudulent activity in order to better identify future fraud. When a customer submits a dispute, flag their account and risk-rate them. Even if the dispute turns out to be valid, flagging the account can be a helpful step. Keep organized documentation to immediately identify that it’s a repeat case if the customer submits another dispute down the road. Every few months, teams should conduct due diligence on the customers they’ve rated as higher risk.

Have specialists on standby to monitor odd transactions

Fintech startups should consider having a dedicated compliance team, whether it’s internal or outsourced. Many fraudsters know that the fee for an investigation is $20 and FinTech companies will typically just pay off any disputes for lower amounts. People committing fraud often start with amounts under $20 and, if they get away with it, then file disputes for larger and larger amounts. That’s why it’s important to flag these customers early, so their behavior can be monitored to prevent future fraud.

Determine your boundary between customer support and being a pushover

Many FinTech startups want their platform to be entirely customer-friendly, sometimes at the expense of fraud mitigation. And while customer-friendliness is an important consideration, you should still take proper precautions to prevent fraud. For example, what if a customer lives in Texas and is making charges from Lithuania? It may not be consumer-friendly to decline the transactions, but it’s better for the FinTech company and customer experience.

Final thoughts

FinTech founders today have exciting products they can’t wait to introduce to the public. But what often gets lost in the development phase is the compliance and fraud aspects that builders will inevitably face. 

While fraud might not be top of mind for early-stage FinTechs who want to foster financial inclusion, help people save money, or “lend” a helping hand, it’s crucial to understand their role in fraud prevention, detection, and mitigation.

Early startups should be devoting all of their capital to developing and promoting their products, not paying fraud disputes. It’s easy to lose a lot of money to false fraud claims, so putting processes in place to prevent false disputes is pivotal. Even in the developmental stage, FinTech companies should ensure they’re giving appropriate attention to compliance and fraud mitigation in order to protect their customers, reputation, and capital. 

Fraud might not seem like a top priority when you’re trying to get a FinTech company off the ground, but it can be the difference between your ultimate success and failure.

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

By subscribing you agree to with our Privacy Policy.
Oops! Something went wrong while submitting the form.

Great FinTech apps get built and scaled on Synctera’s end-to-end platform.

Create an account to explore our platform and start building