Can a Chargeback Blacklist Help Prevent Fraud & Other Abuse?
Chargeback blacklists are considered effective tools for fighting post-transactional fraud. With the dramatic growth in eCommerce—and the accompanying surge in chargebacks—card-not-present (CNP) merchants are looking for an easy way to cut off digital fraudsters for good. You may be drawn to the straightforward concept: by banning anyone who commits fraud or chargeback abuse, you avoid being victimized again in the future.
But, are blacklists really the answer? In this post, we’ll explain chargeback blacklists and how you can create them. We’ll also see how well they work for chargeback prevention.
- Chargeback Blacklist
A chargeback blacklist is a database containing details on persons, institutions, or locations that present a high chargeback risk to you as a merchant. Future transaction attempts submitted by blacklisted customers are blocked, based on inclusion on the list.
[noun]/* chahrj•bak•blak•list /
What is a Chargeback Blacklist?
A chargeback blacklist isn’t a literal list. It could more accurately be called a “chargeback abuse database.”
Blacklisting relies on data from previous fraudulent transactions to identify and ban future fraud. The aim is to prevent chargeback abuse without jeopardizing legitimate sales.
Retailers may create their own list by manually checking orders. This is a work-intensive process, however, and could negatively impact the customer experience. More commonly, merchants invest in either external lists, or fraud screening software that automatically monitors each transaction.
Chargeback Blacklists Can Cost More Than They Save.
A customized, multi-tier approach can resolve more issues and up your ROI. Click to learn more.
Some systems are designed to blacklist users based on a single factor. For example, you can automatically ban anyone who has filed an invalid chargeback (a practice known as friendly fraud). However, you can achieve more accurate results—thereby avoiding false declines—using sophisticated filters that access multiple data points.
With more intelligent blacklisting, you can compare new orders against recognized chargeback triggers, or against data from a known fraudulent sale. If too many comparison points match, you can stop the transaction and automatically reject any future purchases from the same source.
The specific blacklisted data points can vary, of course. However, they all represent triggers historically linked to post-transactional fraud. Filters can be as granular as the ID of the device used for the transaction, or as wide as a grouping of entire countries or regions.
Do Blacklists Work?
Blacklists work in the sense that they will stop some transactions from being processed. Whether they stop the right transactions is a different story.
Merchants who promote blacklists compare them to spam filters. Once you mark an email as spam, you probably won’t get another email from that same source. The comparison is not totally accurate, though, for two key reasons.
- Spam filters work on very basic logic. One person (the user) makes a yes-or-no decision, primarily based on a single factor: do I recognize or want this email?
- If the user is wrong, and the email was not spam, there are few negative ramifications. Any issues that may arise are localized and easily undone.
Neither of these circumstances applies to a chargeback blacklist. Any legitimate customer you blacklist translates to lost sales revenue and possible reputational damage among buyers.
Counting on blacklists as your primary fraud prevention device is problematic. For starters, fraudsters are already ahead of the game. They understand how blacklists work and have developed multiple tactics to thwart them. They may create new email accounts using multiple cards. They can also ship goods to post office boxes or use proxy servers. These are just a few examples.
Unless you ban users based on a single data point (which is not recommended), the decision to blacklist buyers can be a highly complex one.
Chargeback Blacklists Can be Unreliable
We already noted that a number of different factors can be used for automated decisioning. Did the order come from a recognized location? Is it out of character for this buyer, based on previous purchases? Are there multiple orders for the same item or in quick succession? These questions are relevant, but the presence of one or more risk factors does not inherently indicate actual fraud.
For example, take an order that was placed from Venezuela, a country where roughly 33% of the online transactions are suspected fraud. If your fraud filter is heavily weighted toward the location, there’s a good chance the order will be marked as fraud, and its originating address blacklisted regardless of other factors. What if the order was placed by a long-standing customer who recently began traveling to Venezuela on a regular basis, though? You just cut off a legitimate customer based on an easily explained anomaly.
That’s the problem: as eCommerce continues to grow, anomalies of this sort get more and more common. Individual data points are less reliable as fraud indicators. Many people may use the same physical address, such as an apartment building or mail center. Dynamic IP addresses are used by multiple people on business premises. Personal data is stolen and used for fraudulent purposes.
One fraud attempt based on any one of these factors—or even a combination—doesn’t automatically mean you should block everyone with similar origin points.
Blacklisting customers for the most basic reasons can backfire. The contract to join Sony’s PlayStation Network, for example, states that any gamer disputing a charge on their PlayStation account is automatically banned from the network, and forfeits any games they‘ve already paid for. Sony’s logic seems to make sense in terms of stopping repeat offenders. However, this tactic impacts all its users—even those with legitimate reasons for filing a dispute.
A chargeback abuse database built on a single factor will not be effective. An algorithm that draws from many data points to create a composite risk model should solve the problem. Unfortunately, inaccurate information will still be an issue.
False Declines & Machine Learning
A simple blacklist filter works by recording key information from any order that results in an illegitimate chargeback. This information gets added to the database, so when a new order comes in with matching data, the chargeback blacklist automatically rejects the transaction.
More sophisticated programs identify and factor in additional information, such as the type of building (business, residence, dorm) at a given address. This extra input gets fed to an algorithm designed to improve future fraud detection.
Essentially, your blacklist system is learning. Each new bit of data helps fine-tune the decisioning and increase accuracy. That sounds ideal…except there’s a good chance the incoming data is wrong.
The 2021 Chargeback Field Report
The 2021 Chargeback Field Report is now available. Based on a survey of over 400 US and UK merchants, the report presents a comprehensive, cross-vertical look at the current state of chargebacks and chargeback management.Free Download
A blacklist is only as good as the algorithms used to build it, and those algorithms are only as good as their data. As we established earlier, some of the factors used for comparisons are generic enough that they can lead to false declines.
That’s a troubling thought on its own. If your software “learns” from each encounter, though, a false decline means your algorithm now includes bad information. In other words, more and more decisions get made based on flawed input. The system believes that criteria from a valid transaction actually came from a fraudulent one.
It gets worse, too. Bad data itself could cause another false decline, which introduces additional inaccurate data to the blacklist algorithm. The problem snowballs. It doesn’t take long until your decisioning completely derails, and your chargeback blacklist is useless.
Whitelists: Reversing the Problem
A whitelist tackles fraud the same way a blacklist does but in reverse. You build a database of “approved” customers based on common fraud data points.
A blacklist might automatically ban all orders from high-risk countries, for example. In contrast, whitelists can be set to automatically approve orders coming only from countries that present low risk.
However, the same factors that make blacklists problematic also apply to white lists. Basing your white list on a sophisticated algorithm will still produce false declines and contaminate your database. At the same time, accepting all orders under certain criteria—past legitimate orders, for instance—can still allow fraud to get through. A whitelist would be useless if a fraudster uses a credit card stolen from an already-approved customer. The buyer gets automatic approval, but you end up with a chargeback.
No Single Tool Can Prevent Fraud
Chargeback blacklists can be useful to stop known fraudsters from attacking multiple times. Like most individual fraud tools, though, they promise much more than they can deliver. Blacklists appear to be a quick and easy fix to a serious problem, but ultimately, they are oversimplified solutions that can cost you more than you’re already losing to chargebacks.
Keep in mind that while chargeback blacklists are designed to offer protection against criminal fraud, as few as 10% of chargebacks may actually be criminal fraud cases. The vast majority of chargebacks stem from merchant error and friendly fraud.
Automated chargeback management isn’t nearly as effective as a personal approach. Universally banning potential fraudsters means you also ban potential customers. So, rather than relying on a list—or any other single tool—consider a multipoint strategy that addresses every stage of the chargeback cycle.
You need a chargeback management plan tailored to your specific business to offer better protection and long-term results. Ready to take a more customized approach to chargeback prevention? Contact Chargebacks911® today to see how much ROI you can expect with our services.
What is a customer blacklist?
A chargeback blacklist is a database containing details on parties identified as representing a high chargeback risk. Future transaction attempts can be blocked, based on inclusion.
Can you block chargebacks?
To some degree, yes. A chargeback blacklist lets you block known fraudsters to prevent future criminal fraud and friendly fraud chargebacks.
Can a blacklist prevent fraud?
It may prevent some cases, in some situations. Even so, you’re likely to lose some revenue to false declines by using a blacklist.
What is a chargeback whitelist?
A chargeback whitelist is like a blacklist but in reverse. Instead of banning certain parties, the whitelist only allows approved customers to make transactions.
Is it legal to blacklist a customer?
Absolutely. You are well within your rights as a merchant to add customers to a blacklist and refuse to do business with them.