Can a Chargeback BlackList Prevent Post Transaction Fraud?
Chargeback blacklists are considered effective tools for fighting post-transactional fraud. With the dramatic growth in eCommerce—and the accompanying surge in chargebacks—card-not-present (CNP) merchants are looking for an easy way to cut off digital fraudsters for good.
The straightforwardness can be enticing. By banning anyone who commits fraud or chargeback abuse, you avoid being victimized again in the future. But are blacklists really the answer? Let’s find out.
Recommended reading
- Can You Make a "No Chargeback Agreement" With Buyers?
- The Top 30 Chargeback Risk Factors to Eliminate in 2024
- Chargeback Insurance: Choose the Best Protection in 2024
- What is a Business Continuity Plan? Tips, Guides & Examples
- How Stripe Chargeback Protection Defends Merchant Revenue
- Chargeback Protection: What are Your Options for 2024?
What is a Chargeback Blacklist?
- Chargeback Blacklist
A chargeback blacklist is a database containing details on persons, institutions, or locations that present a high chargeback risk to you as a merchant. Future transaction attempts submitted by blacklisted customers are blocked based on inclusion on the list.
[noun]/chahrj • bak • blak • list/
A chargeback blacklist isn’t a literal “list.” It could more accurately be described as a kind of database of accounts that are known to have been associated with fraud.
Blacklisting relies on data from previous fraudulent transactions. The aim is to identify risky accounts and block them from making future purchases.This should help prevent chargeback abuse without jeopardizing legitimate sales.
Retailers may create their own lists by manually checking orders. This is a work-intensive process, however, and could negatively impact the customer experience. Instead, merchants often invest in either external lists or fraud screening software that automatically monitors each transaction for blacklisted account information.
How do Chargeback Blacklists Work?
Some systems are designed to blacklist users based on a single factor. For example, you can automatically ban anyone who has filed an invalid chargeback (a practice known as friendly fraud). However, you can achieve more accurate results — thereby avoiding false declines — by using sophisticated filters that access multiple data points.
Single-Factor Blacklisting
Single-factor blacklisting relies on one specific criterion to determine whether to block a user. For example, whether the user in question had filed a chargeback at any point. This approach is simpler, but can very easily lead to false positives, meaning legitimate customers are banned by accident.
Intelligent Blacklisting
A recent PayPal breach impacted 35,000 accounts. The company has thus far not identified any unauthorized transactions. However, it was reported that the attack may have been carried out to use those thousands of compromised accounts in other schemes.
Blacklist decisioning can be based on a number of criteria. Some of the most commonly-used identifiers for fraud blacklists include:
- Customer location data
- Delivery location
- Device fingerprint
- Email address
- IP address
Specific blacklisted data points can vary, of course. However, they all represent triggers historically linked to fraud. Filters can be as granular as the ID of the device used for the transaction or as wide as a grouping of entire countries or regions.
Are Chargeback Blacklists Effective?
Blacklists work in the sense that they will stop some transactions from being processed. Whether they stop the right transactions is a different story.
Merchants who promote blacklists compare them to tools like spam filters. Once you mark an email as spam, you probably won’t get another email from that same source. The comparison is not totally accurate, though, for two key reasons.
First, spam filters work on very basic logic. One person (the user) makes a “yes or no” decision, primarily based on a single factor: do I recognize this email? Second, any issues that may arise are localized and easily undone. Neither of these circumstances applies to a chargeback blacklist. Accidentally blacklisting a legitimate customer means lost sales revenue and possible reputational damage among buyers.
Counting on blacklists as a primary fraud prevention device is problematic. For starters, fraudsters are already ahead of the game. They understand how blacklists work and have developed multiple tactics to thwart them. They may create new email accounts using multiple cards. They can also ship goods to post office boxes or use proxy servers. These are just a few examples.
We don’t recommend that you ban users based on a single data point. Of course, this means the decision to blacklist a buyer can be a highly complex one.
Chargeback Blacklists vs. Whitelists
In contrast to chargeback blacklists, some merchants choose to deploy whitelists instead.
Whitelists operate on the opposite principle of the blacklist. Instead of identifying and blocking potentially fraudulent users, a whitelist is a list of trusted users who are pre-approved for transactions. These users have a history of legitimate transactions and are less likely to be flagged for fraud.
Refer to this table for a quick comparison:
| Aspect | Blacklists | Whitelists |
| Definition | List of users flagged for suspicious activity or fraud | List of users pre-approved for transactions |
| Criteria | Single factor (e.g., chargeback) or multiple data points for intelligent blacklisting | Historical transaction legitimacy and trustworthiness |
| Risk | High risk of false positives with single-factor blacklisting; moderate risk with intelligent blacklisting | Risk of fraud only if whitelisted users' behavior changes or accounts are compromised |
| Customer Experience | Can lead to false declines, impacting legitimate customers negatively | Enhances experience for loyal customers by reducing false declines |
| Management Complexity | Requires ongoing updates and sophisticated algorithms for intelligent blacklisting | Requires monitoring to ensure whitelisted users remain trustworthy |
Whitelists help reduce the likelihood of false declines for frequent, loyal customers. However, relying solely on whitelists can be risky if not managed properly, too, as fraudulent activity can sometimes originate from seemingly trusted sources.
How to Implement a Chargeback Blacklist
Implementing and using chargeback blacklists and whitelists can significantly enhance your fraud prevention strategy. It's important to note that, while these tools are powerful, they should be part of a broader chargeback prevention plan. But, we’ll get into that further down.
For now, let’s look at what you’ll need to do to implement a blacklist as part of your strategy:
Step #1 | Data Collection
Gather data on chargeback triggers, such as fraudulent transactions, invalid chargebacks, and other suspicious activities. Collect identifiers like customer location data, delivery location, device fingerprint, email address, and IP address. This will be used to help train your decisioning.
Step #2 | Set Criteria
Define the criteria for adding a user to the blacklist. This can range from a single chargeback to multiple data points that indicate a pattern of fraudulent behavior. The criteria used are ultimately up to you.
Step #3 | Automation
Integrate your blacklist with your CRM or fraud detection software to automate the process. This ensures that suspicious transactions are flagged and reviewed in real-time, reducing the risk of fraud slipping through.
Step #4 | Regular Updates
Continuously update your blacklist based on new data and trends. Fraudsters often change tactics, so you’ll want to ensure you stay up-to-date to maintain the effectiveness of your blacklist.
Step #5 | Review Process
Implement a review process to periodically assess the accuracy of your blacklist. This helps in minimizing false positives and ensures legitimate customers are not unfairly blacklisted.
How to Implement a Chargeback Whitelist
We’ve explained how to set up a blacklist. Now, here’s how to get started with putting together a chargeback whitelist:
Step #1 | Identify Trusted Customers
Use historical transaction data to identify customers with a consistent record of legitimate transactions. These are the customers that you’d add to your pending whitelist.
Step #2 | Set Criteria
Define the criteria for maintaining a user on the whitelist. Regular updates are necessary to ensure that previously trusted users have not changed their behavior or had their accounts compromised.
Step #3 | Automation
Automate the whitelisting process to streamline and expedite approvals for trusted customers. This can enhance the customer experience by reducing the chances of false declines.
Step #4 | Ongoing Monitoring
Even if they’re verified and trusted, you should still monitor transactions involving whitelisted users to detect any unusual behavior that might indicate fraud. Adjust the whitelist accordingly.
False Declines & Machine Learning
Remember: blacklists and whitelists both rely heavily on machine learning algorithms to function at their full capacity.
As we established earlier, some of the factors used for comparisons are generic enough that they can lead to false declines with a chargeback blacklist. Furthermore, failing to conduct due diligence with whitelists can result in fraudulent charges resulting from account takeover or other scams that go undetected.
You need to establish a multilayered fraud and chargeback prevention strategy that moves beyond computer programming. This is the only way to really combat this issue and protect your bottom line.
No Single Tool Can Prevent Fraud
Chargeback blacklists can be useful to stop known fraudsters from attacking multiple times. Like most individual fraud tools, though, they promise much more than they can deliver. Blacklists appear to be a quick and easy fix to a serious problem, but ultimately, they are oversimplified solutions that can cost you more than you’re already losing to chargebacks.
Keep in mind that while chargeback blacklists are designed to offer protection against criminal fraud, as few as 10% of chargebacks may actually be criminal fraud cases. The vast majority of chargebacks stem from merchant error and friendly fraud.
Automated chargeback management isn’t nearly as effective as a personal approach. Universally banning potential fraudsters means you also ban potential customers. So, rather than relying on a list—or any other single tool—consider a multipoint strategy that addresses every stage of the chargeback cycle.
You need a chargeback management plan tailored to your specific business to offer better protection and long-term results. Ready to take a more customized approach to chargeback prevention? Contact Chargebacks911® today to see how much ROI you can expect with our services.
FAQs
Can you get banned for a chargeback?
Yes, you can get banned for a chargeback, especially if it’s deemed invalid or fraudulent. Many systems automatically blacklist users who file chargebacks without valid reasons.
Can you get in trouble for a chargeback?
Yes, you can face consequences for a chargeback if it's deemed invalid or fraudulent. This can include being blacklisted by the merchant, which may prevent you from making future purchases with them.
What does it mean when your order has been blacklisted?
If your order has been blacklisted, it means the transaction has been flagged as suspicious or fraudulent, preventing it from being processed. As a result, you may be blocked from making future purchases with that merchant.
How bad is being blacklisted?
Being blacklisted is quite serious as it means your transactions are flagged as suspicious or fraudulent, preventing you from making purchases with the merchant. This can damage your reputation and limit your ability to buy from other vendors who share blacklist data. It may take significant effort to resolve the issue and restore your purchasing privileges.
How long does being blacklisted last?
The duration of being blacklisted varies depending on the merchant's policies. It can last indefinitely until the issue is resolved or the merchant decides to remove you from the blacklist.
