First-Party Fraud: Why Friendly Fraud Has Become the Largest Chargeback Category

The dominant narrative in payments fraud is third-party fraud — fraudsters using stolen card credentials to make purchases the cardholder did not authorise. The controls that address third-party fraud — 3DS2 authentication, device fingerprinting, velocity checks on unknown devices — have matured significantly over the past decade. Card-not-present fraud rates from stolen credentials have declined in well-monitored verticals as these controls have improved.

First-party fraud has moved in the opposite direction. Also called friendly fraud or chargeback fraud, first-party fraud occurs when the legitimate cardholder files a dispute on a transaction they actually authorised and received. The cardholder is the fraudster. The card credentials are authentic. The transaction is genuine. The claim is false.

This category now represents the majority of dispute volume for most e-commerce merchants in developed markets. Understanding who commits it, why, and how to build effective defences is the core chargeback management problem for 2026.

Who Commits First-Party Fraud

First-party fraud is not monolithic. There are distinct populations with different motivations and different patterns:

Opportunistic mis-rememberers: Cardholders who genuinely do not recognise a charge — subscription renewal from a product they forgot they subscribed to, a billing descriptor that does not match the merchant name, a family member’s purchase on a shared card. These cardholders file disputes not because they are committing fraud but because they cannot reconcile the charge. The solution is clearer billing descriptors, pre-renewal notifications for subscriptions, and proactive customer service before the dispute is filed.

Policy abusers: Cardholders who know the return or refund policy is unfavourable and use the chargeback mechanism as a workaround. “I returned the product but the merchant refused the return, so I filed a chargeback.” These disputes often have a legitimate grievance mixed with a fraudulent mechanism — the cardholder may have genuinely not liked the product but is using the chargeback rather than the merchant’s dispute resolution process.

Deliberate fraudsters: Cardholders who purchase and receive goods or services with the premeditated intent to dispute the charge. Common patterns: digital goods (software licences, game credits, digital subscriptions) where the goods are consumed before the dispute is filed; high-value purchases where the chargeback is premeditated before the purchase; and serial offenders who use chargeback abuse systematically across multiple merchants.

Economic-stress clawbacks: During periods of financial pressure, some cardholders use chargebacks to recover legitimate expenses. “I needed the money back.” This category grows during economic downturns and correlates with consumer credit stress indicators.

The distinction matters because the prevention strategy differs. Mis-rememberers are a UX and communication problem. Policy abusers are a customer service problem. Deliberate fraudsters require evidence-based chargeback response and blacklist management. Economic-stress clawbacks are partially a macro phenomenon merchants cannot fully control.

The Dispute Mechanism and Why It Favours Cardholders

The chargeback process is structurally weighted toward the cardholder. When a cardholder disputes a transaction, the issuing bank provisionally returns the funds and requests a response from the merchant through the acquirer. The merchant has a limited window (typically 20–30 days) to submit compelling evidence. If the merchant does not respond or the evidence is insufficient, the chargeback is upheld.

The structural problems for merchants:

Reason code gaming: Cardholders are not required to accurately characterise their dispute. A cardholder who simply did not want the product may file under reason code 10.4 (Other Fraud — Card-Absent Environment) rather than reason code 13.3 (Not as Described), because fraud claims receive more favourable treatment from issuers than “I changed my mind.” Merchants cannot directly challenge the reason code — they can only submit evidence addressing the stated reason.

Digital goods evidence gap: For physical goods, delivery confirmation — tracking numbers, signature confirmation — provides reasonable proof of delivery. For digital goods (software, streaming, API access, AI subscriptions), proof that the service was delivered requires application-level logs showing access and usage. Many merchants do not collect this data at the level of detail required for chargeback response.

Evidence submission asymmetry: The cardholder files the dispute in seconds through a mobile app. The merchant has days to collect, compile, and submit a structured evidence package through their PSP portal. The operational overhead of dispute response discourages merchants from contesting borderline disputes.

Issuer bias: Issuers profit from chargebacks (they collect fees from acquirers and retain cardholder relationships). While major issuers apply fraud analysis to dispute claims, smaller issuers apply less rigorous scrutiny. The dispute resolution process is not a neutral arbitration.

Building the Evidence Package

Effective chargeback defence requires evidence collected at transaction time, not at dispute time. The most common reason merchants lose winnable disputes is that evidence was not captured when the transaction occurred.

The baseline evidence set for all card-not-present transactions:

• Device fingerprint: A persistent device identifier (not cookie-based) linked to the transaction. Tools like ThreatMetrix, Kount, and device fingerprinting in Stripe Radar capture this.
• IP address: Recorded at the time of transaction, including the geolocation match to the billing/shipping address.
• Session metadata: Time spent on site, pages visited, interactions with the product — demonstrating user engagement.
• Authentication result: If 3DS2 was applied, the authentication transaction ID and result. This is the single most powerful evidence item because an authenticated transaction shifts liability to the issuer.
• Terms of service acceptance: Timestamp of checkbox click or explicit acceptance of terms, with the specific terms visible.
• Email and account creation: Account creation date, email address, previous order history under the same account.

For digital goods, add:

• First-use timestamp and usage logs (when the product was first accessed after purchase)
• IP address of access (compare to purchase IP for consistency)
• Feature or content accessed (demonstrates the goods were consumed)

For subscription billing, add:

• The notification sent before the renewal (email with timestamp and delivery confirmation)
• The customer’s acceptance of recurring billing terms at original subscription
• Full billing history showing prior renewals that were not disputed

Compelling Evidence 3.0

Visa’s CE 3.0 framework, implemented in 2023, created a formal mechanism for merchants to prevail in specific dispute categories by demonstrating prior relationship.

The mechanism: for disputes in reason code 10.4 (Other Fraud — Card-Absent), merchants can submit CE 3.0 evidence if they can show at least two prior undisputed transactions from the same cardholder credentials at the same device and IP address. The prior transactions must fall within a specific lookback window (typically 120 days before the dispute) and must not themselves have been disputed.

If CE 3.0 evidence is submitted and accepted, Visa rules in the merchant’s favour without requiring the cardholder to provide further documentation. The dispute is closed in the merchant’s favour and the funds are retained.

The operational requirement: CE 3.0 only works if the merchant has the transaction-level device and IP data from prior orders stored for 120+ days, linked to the same cardholder. Most fraud tools capture this data as part of their device intelligence; the gap is typically whether it is stored in a format accessible for chargeback response.

PSPs including Stripe, Chargebacks911, and Midigator have begun automating CE 3.0 evidence package construction — the merchant provides transaction records and the tool extracts the required prior-relationship evidence automatically.

The Blacklist Problem

One practical question: should merchants maintain and use blacklists of cardholders who have previously filed fraudulent disputes?

Yes, with important caveats. A cardholder who filed a fraudulent dispute at your merchant is a known-bad actor for your business. Blocking future purchases from the same payment credentials, email address, device fingerprint, or IP address is reasonable fraud prevention.

The caveats: blacklisting at the card level is less effective than blacklisting at the device/email level because fraudsters with chargeback intent cycle card credentials. Email and device fingerprint blacklisting is more durable. Cardholder blacklists must not discriminate on protected characteristics — a blacklist based on transaction and fraud behaviour is defensible; one that correlates with geographic or demographic patterns is not.

For high-volume e-commerce merchants, third-party chargeback intelligence networks — Verifi Order Insight, Ethoca Alerts, and similar services — allow some level of cross-merchant dispute intelligence, flagging cardholders with elevated dispute histories across the network before the transaction is processed.

The Decision Framework: Fight or Accept

Not every chargeback should be contested. The decision framework:

Fight if: The evidence clearly supports the merchant’s position (delivery confirmation, 3DS authentication result, device match). The dispute amount exceeds $50 and the evidence cost of response is manageable. CE 3.0 applies (prior undisputed transactions from the same credentials and device).

Accept if: The dispute amount is below $25–30 (response cost approaches or exceeds recovery value). The evidence is weak or absent. The cardholder is a high-LTV customer who may have a genuine grievance — a refund without a chargeback preserves the relationship and avoids the chargeback ratio impact. The dispute falls in a reason code category where merchant win rates are structurally low.

Prevent proactively: For subscription businesses, many first-party fraud disputes are from customers who forgot they subscribed and did not use the service. Pre-renewal email notifications at 7 days with an easy cancellation link, sent from a recognisable sender, convert many would-be disputes into cancellations — which cost nothing beyond the lost subscription versus chargebacks that cost $15–30 each plus ratio exposure.

The shift from managing chargebacks reactively to preventing them proactively — through better billing communication, clearer descriptors, and pre-dispute customer service — is the most cost-effective first-party fraud reduction strategy for most merchants. Evidence-based dispute response is essential for the disputes that reach the formal process, but prevention is cheaper than response.