Fraud is everywhere, from retail stores to digital marketplaces. Shoplifters alone account for 27 million (1 in 11) crimes in the United States. Large and small retailers deal with it, and so do you as a game developer. Because, frankly, it goes far beyond your typical petty thievery, doesn’t it?
These days, especially with the digital nature of our games, refund theft and chargeback fraud are two of the most common ways that developers are being hurt.
Refunds seem harmless enough, costing nothing and normally initiated by the game developer himself/herself, but it’s turned into a bit of a nightmare. Return fraud involves returning games (or DLC) that are ineligible for refund to a retailer in exchange for money or other goods. This can even mean refunding games that have been acquired illegally.
On the other hand, chargebacks cost $15 for each transaction and can put a company into a very special Visa Monitoring Program, which identifies merchants who have exceeded the Visa chargeback thresholds. This is a hassle and one that means the developer is regulated and forced to create a plan of action to prevent further setbacks.
Furthermore, it means that the cost of every chargeback from thereon will be subject to a $50-250 fee based on certain rules, regardless of chargeback amount. This is a very serious setback for many businesses, including game development, and can lead to Visa putting companies/studios on a global blacklist, which means they can no longer accept any debit and credit cards.
Let’s dive into each of these two forms of fraud and analyze how to best solve the problem before it becomes a greater issue.
Also known as return fraud, refund scam, or whitehouse scam, these types of fraud are becoming increasingly popular due to how easy it is to get away with. It involves illegally obtaining a game or game related product, like DLC or a collectible, and then getting a refund, which in turn costs the developers money. Products do not always have to be illegally obtained, however, since items ineligible for refund can also be used in these frauds.
For instance, coupon and sales websites such as SlickDeals are commonly used to obtain game keys/codes, which many have taken to selling on the likes of eBay, or even getting refunds for at GameStop. Another trick is to switch labels on items “to purchase them at a lower price and then returning them for their original value.”
Due to the traditionally digital nature of indie games, which are predominantly sold on marketplaces like Steam and GOG, certain types of return fraud, such as those involving physical items, are not realistic. In these cases, stolen indie game keys can turn a quick profit, either by selling them through controversial key resellers with poor security, or by returning them to marketplaces after completing them.
For instance, Steam has a refund policy in which they refund games for any reason. However, this is bad news for indie developers who put out short games, like those two-hour-long art games. Steam refunds players for the full amount of the game, which means the developer gets absolutely nothing but the player enjoys the game for free. Also, when a refund occurs, the money is given back to the player in the Steam Wallet, unless otherwise indicated. If it goes back into the Wallet, the money is then used on other games, meaning Steam loses nothing in the process.
Just last year, Ludeon Studios stopped issuing keys for new purchases of their game, Rimworld, due to concerns of credit card fraud. The studio had been doing well for a while, and so they opted to create a Steam code generator so players could “add the game to their Steam library at no additional charge,” according to Polygon writer Charlie Hall. But things quickly went south: a mere few hours later, the website was hit with fraudulent charges, which the team decided not to hold off on. In an effort to avoid the chargebacks, the developers manually refunded transactions and began revoking related keys on Steam.
But that didn’t exactly solve the underlying issue: the damage that fraud can do is widespread, and impossible to remedy after only a few minutes. According to Polygon, Rimworld is available on the secondary market for only $15, even though it’s available for $30 from Ludeon Studios.
So, if stopping chargebacks is essentially doable through methods like those adopted by Ludeon Studios, why does the problem not go away in the long run? Because the codes are still out there, and it’s impossible to catch every single fraudulent charge. As long as there are codes out there that haven’t been revoked, there is someone selling them.
And as for the chargebacks themselves, they commonly occur when purchases are made with stolen credit cards. Once the rightful owner of a credit card realizes the issue, they will contact their bank and explain the situation, which will result in a new card, if not an entirely new account—and what is hopefully an increase in protection. This also results in all those illegitimate purchases being reversed. That includes food and drinks, clothing, services, and anything else, including video games. This is bad news for the developers behind the games, since they essentially end up giving away the game copies to undeserving people.
As stated previously, too many chargebacks and the developers are subject to monitoring by the Visa Monitoring Program. The reason being that Visa’s brand is threatened when there are excessive chargeback levels. They like to monitor merchants and take action whenever things are looking suspicious.
To control the situation, Visa sends in acquirers, who help merchants reduce their chargeback levels while assessing fraud controls and reviewing the environment. That means they will survey the marketplace, or retail store depending on the merchant, and alter things as necessary. They can change the way you conduct business, where you choose to sell your games, and even review things like your refund policies.
In other words, even though these acquirers are sent in to help businesses develop a chargeback management system that helps to identify triggers and prevention methods, they are essentially there to do damage control, because the business owners are not managing payments as they should.
On occasion, if the situation is dire, Visa will require that merchants submit unusual activity reports. This helps them deduce if there is a reoccurring problem. Usually, the information is reviewed daily. It is mandatory that these reports be filed no more than two days after suspicious activity occurs.
Two of the most common reasons why these reports may be required are as follows:
Visa’s Chargeback Monitoring Programs will look at business activity and utilize what’s referred to as a chargeback-to-transaction ratio to determine the gravity of the situation. The ratio tallies the month’s chargebacks and then divides them by the number of the month’s transactions.
An example would be 50 chargebacks in a month divided by 300 transactions, which results in a ratio of 2% after rounding up.
For international sales, monitoring goes through the Global Merchant Chargeback Monitoring Program, which includes a workout period. This is a grace period given to merchants to get their affairs in order, or else Visa serves the right to withdraw, meaning the merchant would no longer be able to take Visa cards. No more Visa card payments, no more association with the brand whatsoever.
On the other hand, U.S. merchants are eligible for the Merchant Chargeback Monitoring Program, which requires that merchants have at least a 1% chargeback ratio (a minimum of 100 chargebacks and 100 transactions in a month). Merchants who enter the program will be given 10 days to notify the acquirer.
For domestic merchants, Visa’s threshold is at least $10k in reported fraud and a chargeback-to-transaction ratio of 1%. For interregional, it’s at least 25 reported fraudulent transactions, with at least $25k in reported fraud. The ratio must be 2.5% or higher. Finally, excessive interregional has a threshold of $250,000 reported fraud with a ratio of 2.5% or higher.
Casinos, gambling, and gaming are among some of the top high-risk merchants. Telemarketing, pharmaceuticals, travel, attorneys, dating services, magazine subscriptions, e-cigarettes, software, hardware, or copyright protected downloads, as well as autographed collectibles, are a few other high-risk products and services that are subject to chargebacks.
Notice, most of these industries have a few common characteristics, such as accepting recurring payments, dealing with international customers, processing multiple currencies, and managing seasonal or sporadic sales.
When creating your return policy, ensure that you require a receipt for cash returns. Only refund in the same form of currency used, and make sure that you offer store credit to eliminate, or at least limit cash refunds. Try limiting returns to 30 days or less, and provide gift receipts to increase customer satisfaction. That way, if someone is gifted a game from your store that they dislike, they don’t try to return it for full price even if it’s a sale item. Be consistent in enforcing your policies year round.
If you’re selling copies directly from your official website, add the return policy to the ordering area of the website, and consider including it on the invoice/email. That way customers see it when they get notified of their order through email, as well as when they’re checking out online.
Finally, expect there to be an increase in potential refund fraud after the holidays. This is when customers return items they dislike. Offer exchanges if you can, but otherwise, consider requiring identity verification. According to the IRS, a lot of return fraud is a result of identity theft.
There are many ways to both prevent and limit chargebacks from hurting your business. For one thing, dispute friendly fraud—that is fraud committed by legitimate customers. Research shows that together with chargeback fraud (normally not conducted by loyal customers, hence the term criminal fraud), friendly fraud accounts for 71 percent of merchant losses to fraud. Not doing anything about chargeback fraud makes it seem like consumers can get away with it, and will even encourage it from happening again and again. Merchants must take a stand and challenge friendly fraud every time.
Furthermore, eliminating automation is key. While cost-effective and capable of streamlining payments, automatic payments are subject to error and without proper monitoring, they can respond with a dispute that doesn’t follow suit with the brand’s ideal actions. This misrepresentation is terrible for developers who then have to explain themselves to the public.
Unlike AAA, where the attention is directed to the company as a whole, with indie developers, it’s a more personal scandal.
Finally, there are four common merchant errors to avoid at all costs: faulty return authorization policies, defective merchandise terms, soft descriptor errors (what appears on the statement while the transaction is in the authorization stage versus what appears once the transaction is finalized), and not matching chargebacks to sales transactions.
Game developers would be wise to work in tandem with a fraud protection service. On average, $4.79 out of every $100 worth of sales are at risk these days, so trouble is inevitable, whether it’s a brick-and-mortar storefront, or a digital one.
Using a protection service can help share, or even eliminate, the burden of having to manage fraud, so you can go back to doing what you do best—making games and talking to your community. These services ensure legitimate orders are approved, while decreasing the number of orders held for manual review. They also accumulate knowledge of fraud trends, hence knowing what signs to look for all the time.
One such fraud protection service provider is Radial. The company has processed $6 billion dollars worth of orders and boasts a 99.7% order approval rate. Customers can choose a service that fits their needs, such as payment, tax and fraud protection (full-service), fraud zero (fraud focused only), and fraud insight (basic). Each package features simple integration with extensions and APIs, as well as an improved customer experience.
Another fraud protection service is actually one delivered by the popular game service provider Xsolla. Their Anti-Fraud System is a scalable tool that starts operating from the first transaction without any additional maintenance. It works specifically with game traffic and analyzes and responds to any fluctuations that may occur from bundle sales and influence marketing surges.
Furthermore, the company acts as a Merchant of Record to help generate online business on a global scale, which means it acts as a seller of digital products. They account for local sales tax, establish terms and conditions of sale, and handle all chargebacks and refund issues. They also act as Merchant of Record, making them liable for any and all credit and debit card payments.
Fraud is a problem that isn’t going away. Whether it’s in the form of return fraud, or chargebacks, the result is the same: businesses hurt by the financial loss. Despite not being subject to the traditional forms of fraud that a physical retail store has, digital marketplaces still have not solved the problem. And they won’t, ever. If anything, they simply showcase a new outlet where fraud can occur in other creative ways.
The best thing you can do as a game developer—and entrepreneur—is stay safe. Understand that chargebacks and return fraud is inevitable, yet manageable. To avoid surpassing a Visa threshold and being subject to excessive monitoring, use safe practices, such as requiring a receipt with every return, or updating your policies. Match all chargebacks to sales transactions and ensure you remain stern in your policies year round, despite the holidays.
And if you do go global, ensure you have an anti-fraud solution in place. Otherwise, you won’t know until it is too late and your company is placed into the Visa Monitoring Program. Even if you have a small chargeback ratio in your local country/region, don’t forget about your international sales.
While services like returns and chargebacks are essential for legitimate customer needs, such as unsatisfied customers, or genuine victims of credit card theft, they should not encroach on your business. Maintain vigilant, and consider working with a fraud protection service provider. After all, you’re not Superman or Wonder Woman.
If you’ve enjoyed this article, don’t hesitate to retweet it! We love making friends here at Black Shell Media, so don’t be a stranger.