Back to blog

How to prevent friendly fraud with device evidence

Friendly fraud: a real customer completes a purchase, then disputes the charge as fraud, while the device behind both the purchase and the account stays the same

Last updated on July 1, 2026 · 9 min read

Mastercard reports that the global cost of chargebacks to merchants is forecast to reach $42 billion by 2028, with nearly half reported as fraudulent. A large share of that is friendly fraud: a real customer who made a purchase, then disputes the charge with their bank as if it never happened. The card is genuine, the buyer is the account holder, and on paper nothing looks wrong, which is exactly why it is so hard to fight.

Friendly fraud is different from the abuse that rings of fake accounts run, and it is different from a stolen card. It is first-party: the person disputing the charge is the person who made it. This guide explains what friendly fraud is, why it is so hard to prove, the honest playbook for reducing it, and how the device behind the purchase becomes evidence when you contest the dispute.

Key takeaways

  • Friendly fraud is a first-party dispute: a real customer buys something, then charges it back as unauthorized or "never received," recovering the money while keeping the goods.
  • It is hard to prove because the card, the billing details, and the buyer are all genuine. The bank sees a valid cardholder disputing a valid charge.
  • Prevention is mostly operational: clear billing descriptors, easy refunds and support, delivery and usage records, and card checks at purchase reduce the disputes that start in the first place.
  • When a dispute does come, the strongest evidence is the link between the purchase and the account's own device. A returning device tied to the account's history says the buyer is the account holder, not an impostor.

What is friendly fraud?

Friendly fraud is when a legitimate cardholder makes a purchase and later disputes it with their bank as fraudulent or unauthorized, then keeps the product or service while the money is returned. The term is a little ironic: there is nothing friendly about it for the merchant, who loses the sale, the goods, and often a chargeback fee on top.

It goes by a few names. The card networks increasingly call it first-party fraud, because the fraud comes from the first party to the transaction, the customer, rather than a third-party thief. The common types:

  • Forgotten or unrecognized charges. A shopper does not recognize a renewal or a cryptic descriptor and disputes it instead of asking.
  • Household or authorized use. A family member used the card, and the account holder disputes a charge they did not personally make.
  • Item not received or not as described. A buyer claims a delivered order never arrived, or was wrong, to get the money back.
  • Deliberate abuse. Someone buys with the full intention of charging it back later to keep the goods for free.

That range matters, because friendly fraud is a spectrum from honest confusion to intentional abuse. A customer who genuinely does not recognize a charge is not the same as one who games the dispute process on purpose, and the response to each is different. What they share is the mechanism: a real cardholder, a real card, and a dispute the bank has little reason to question.

Why friendly fraud is so hard to prove

Friendly fraud is hard to prove because every signal a fraud system normally relies on comes back clean. The card is valid, the billing address matches, the CVV checks out, and the person filing the dispute is the actual account holder. There is no stolen credential to flag and no mismatch to catch, so the tools built to stop third-party fraud have nothing to grab onto.

The dispute process itself leans toward the cardholder. When a customer tells their bank they did not authorize a charge, the bank generally issues a provisional refund and asks the merchant to prove otherwise. The burden of proof lands on the business, and it lands after the fact, once the goods have shipped or the service has been used. Friendly fraud is growing for the same reason: Juniper Research expects friendly fraud to make up 28% of all chargebacks globally by 2031, up from 22% in 2026, as more consumers learn how easy the dispute path is.

The result is a gap. A business can do everything right at checkout and still lose the dispute, because "the payment was valid" is not the same as "the cardholder authorized it and received what they paid for." Closing that gap means holding evidence that ties the specific purchase to the specific customer, which is where the account's own device comes in.

The honest playbook: reducing friendly fraud before it starts

Most friendly fraud is prevented operationally, not by a detection model, and the first-party ones especially respond to plain good practice. The disputes you never receive are the cheapest to win. The measures that actually move the number:

  • Clear billing descriptors. A large share of "I don't recognize this charge" disputes come from a cryptic name on the statement. Make the descriptor match your brand so customers recognize their own purchase.
  • Easy refunds and responsive support. Many customers dispute because charging back felt easier than reaching you. A visible refund path and fast support redirect those cases before they become chargebacks.
  • Delivery and usage records. Keep proof of delivery, tracking, login and usage timestamps, and IP and device records tied to the order. This is the evidence you submit if a dispute is filed.
  • Card and identity checks at purchase. AVS and CVV matching, and 3-D Secure where it fits, confirm the card details at the moment of sale and shift some liability, though they do nothing once a genuine cardholder decides to dispute.
  • Set expectations on subscriptions. Renewal reminders, clear cancellation, and pre-billing notices cut the "I forgot I was subscribed" disputes that make up a big slice of first-party fraud.

None of these catch the deliberate abuser who buys intending to charge back. For that, and for winning the disputes that do come, you need something the operational measures do not provide: proof of who was behind the purchase.

The device is the evidence a valid card cannot give you

Here is the part that separates friendly fraud from every other kind. The problem is not a fake identity; it is a real one denying its own action. So the useful question is not "is this card stolen" but "is the device disputing the charge the same device that has used this account all along."

A persistent device identifier answers that. When a returning customer signs in and buys from the same handful of devices they have always used, and one of those devices made the disputed purchase, that is a strong, specific record that the account holder authorized the charge. It is the difference between "a valid payment happened" and "this customer's own device completed this order," which is the evidence a representment actually needs.

It cuts the other way too, and that is what keeps it honest. If a purchase came from a device the account had never used, over an anonymized connection, the dispute may be genuine third-party fraud rather than friendly fraud, and the customer deserves the refund. The device record does not assume guilt. It tells you which story the evidence supports, so you contest the disputes you can prove and refund the ones you cannot.

A purchase from the account's own familiar device supports contesting the dispute; a purchase from a device the account never used points to genuine fraud and a refund

Read at the moment of purchase, the same signals also help you sort the spectrum. A checkout from a device seen across many unrelated accounts, or behind an anti-detect browser, looks less like an honest customer who will forget a renewal and more like organized abuse. That read informs how much friction or review a high-value order deserves before it ships, not an automatic block.

Preventing friendly fraud with ShieldLabs

ShieldLabs gives your team the device evidence that a valid card cannot. You add one JavaScript snippet to your checkout and account pages, tie it to your customer and order IDs, and each visit returns a persistent device identifier plus a risk score from 0 to 100 with the named signals behind it. The identifier links a purchase back to the account's own returning device even after cleared cookies and a rotated IP, so when a customer disputes a charge their device made, you hold the record that the buyer was the account holder.

The same read at checkout surfaces the anonymity signals, a VPN, proxy, or anti-detect browser, and a device seen across many accounts, that separate an ordinary customer from deliberate abuse before a high-value order ships. ShieldLabs scores the session and names the evidence; it does not resolve the chargeback or guarantee the outcome, and it is not a payment or dispute-management layer. You read the risk score and named signals through the API and webhooks and decide, by your own rules, which orders to hold for review and which disputes to contest, so the verdict stays in your application. The free tier covers your first 5,000 identifications.

Frequently asked questions

What is an example of friendly fraud?
A common example is a subscription renewal. A customer signed up months ago, forgets about it, sees the renewal on their statement, does not recognize it, and disputes it with their bank as an unauthorized charge instead of asking for a refund. Other examples are a buyer who claims an item never arrived when tracking shows it did, or a household member using the card without the account holder's knowledge. In each case a real cardholder disputes a charge they or their household actually made.
Is friendly fraud illegal?
Deliberately disputing a charge you know is valid to keep both the money and the goods is a form of fraud and can be treated as such, though banks and merchants rarely pursue small cases and much friendly fraud is honest confusion rather than intent. In practice it is handled as a payment dispute between the customer, the bank, and the merchant far more often than as a criminal matter, which is part of why it is so common.
How is friendly fraud different from a stolen card?
With a stolen card, a third party uses credentials the real owner never authorized, so the goal is to catch the impostor. With friendly fraud, the genuine cardholder made the purchase and later disputes it, so there is no impostor to catch. The card checks all pass either way; what separates them is whether the device and history behind the purchase belong to the account holder or to someone else.
Can you prevent friendly fraud entirely?
No, because you cannot stop a real customer from filing a dispute with their bank. What you can do is reduce how many disputes start, with clear billing descriptors, easy refunds, and delivery records, and hold evidence that ties each purchase to the account's own device so you can contest the disputes that are not genuine. Prevention here means fewer disputes and stronger evidence, not a guarantee.
Does ShieldLabs stop chargebacks?
No. ShieldLabs is the device-evidence layer, not a chargeback or dispute-management service. It gives every purchase a persistent device identifier and a risk score with the named signals, so your team can tell an account's own device from an unfamiliar one and decide which disputes to contest. Your rules and your representment process act on that evidence, and the free tier covers your first 5,000 identifications.

Related articles