The New Year Threat: Revamped Refund Fraud

The New Year Threat: Revamped Refund Fraud

January 28, 2021

By Uri Arad, co-founder and VP Product, Identiq

CNP inFocus Logo

A new year has begun, and we’re all hoping for one that’s easier and less chaotic than the previous one. But for many merchants, the early months of the new year come with some serious refund stress, as customers rush to swap the gifts they’ve received for items, cash or credit they actually want. Some will also be making sure they’re not out of pocket after suffering from porch piracy.

Unfortunately, many refund demands, claiming that the item never arrived, was broken on delivery, or wasn’t as described, won’t be legitimate—and fraudulent refunds are more likely than ever this year. The combination of pandemic economic pressure with newly sophisticated and available refund-as-a-service fraudsters at scale, is likely to result in unprecedented refund fraud volume.

Pressure from the Pandemic

Fraud levels rise in times of economic distress, according to 80 percent of Certified Fraud Examiners. Many consumers are experiencing distressing levels of economic uncertainty or restriction that would have seemed impossible only a year ago. A number of these still want to make the purchases to which they feel entitled, and which would have been affordable until recently—especially for the holiday season, when the temptation to try and make things as normal as possible was particularly great. Refund fraud is the obvious answer.

And refund fraud is easier now, thanks to Covid-19 and its consequences. There are three elements here, all working together in favor of refund fraud:

  • The sheer scale of online shopping, which has grown so much over the last year, it has left many merchants struggling to keep up. It’s a good problem to have, of course, but it does make it harder to catch customers who are abusing the system. Refunding fraud is especially challenging to identify, because catching it requires different departments to be working together and syncing their information—difficult at any time, but particularly tricky at a time when people are working remotely and continually having to adjust to changing circumstances.
  • Delivery vulnerabilities have developed in response to the current situation. Merchants have largely been very sensitive about adapting their delivery policies to protect high-risk, shielding or quarantined individuals, which is fantastic from the customer experience angle and it’s hard to see what the alternative could be. But the fact that many consumers are no longer comfortable opening the door or signing for packages means that it’s far easier for refund fraudsters to claim that a package never arrived, or that they weren’t the ones who received it. There’s no proof of delivery.
  • Just as the delivery process has new weaknesses, so does the returns process itself. Many companies have worked hard to streamline it this year, waiving the need for previously essential elements such as box or shipping label. Some companies, including Amazon and Walmart, have said publicly that they don’t want items returned at all—consumers can do what they want with unwanted gifts. Again, that’s wonderful for customer experience. But it makes life very easy for refunding fraudsters. 

Refunding Fraudsters: Refund-as-a-Service, at Scale

The pressure from the pandemic combines with another trend merchants are just beginning to explore: the professionalization of refund fraud. Once the province of the occasional amateur, refund fraud is now driven by sophisticated malicious actors.

Professional refunding fraudsters invest time and research into sussing out merchants’ policies and returns processes. They even get to know individual customer support agents, working out their typical responses to certain stories or claims. All this makes cheating a retailer easy—they know just what to say to get the refund.

What’s interesting is that these fraudsters aren’t directly carrying out the fraud for themselves. Rather, they run this line of business as a service: refund-as-a-service. Consumers can find them quickly, using basic search terms, on apps like Telegram or Reddit, or even ordinary social media. The fraudster will ask the consumer to buy items as they normally would, so all the data will match that customer’s recognizable patterns, making it almost impossible to stop at the time of transaction.

After that, it’s simple for the fraudster to use their knowledge of the weak points in the retailer’s processes and policies to get a refund. The customer gets to keep the goods, pays the merchant nothing, and only pays the fraudster a fraction of the cost of the item—somewhere between 5 and 40 percent, though more typically in the 15-30 percent range. Everyone wins. Except the merchant.

To find out more about this worrying trend, check out this article and webinar on Card Not Present.

Crush the Threat with Collaboration

The combination of the pandemic and newly industrialized refund fraud makes this problem very difficult, if not impossible, for fraud-fighting teams to face alone. Apart from anything else, it’s not susceptible to the kinds of fraud detection methods that work against other kinds of fraud, because the initial purchase is carried out by the real customer using their own funding source.

There are three levels of collaboration that will help fraud prevention teams get on top of this threat.

  1. Work with other departments, and probably upper management, to determine the divisions your company feels are appropriate between abuse and fraud—what’s acceptable, and what’s not? Fraud fighters need to know this, but it’s not entirely a fraud decision.
  2. Work closely with the customer support and returns departments so you have the data you need to map out the scale of the problem as it relates to your business, and so you can identify cases of refund abuse when they happen or have happened.
  3. Work with fraud fighters in other companies. Professional refund fraudsters advise their “clients” not to attempt fraudulent refunds too often with any single merchant. But customers who want to try it against your business will frequently have a history elsewhere of the same behavior. If you can leverage other companies’ knowledge, you’ll be far better able to protect your business. Privacy doesn’t have to be a concern—you can use Privacy Enhancing Computation (a Gartner Top Strategic Trend of 2021) to ensure that as part of this process, no personal user data is ever shared with any other company.

If the economic crisis of 2008 and 2009 gave us the term “friendly fraud,” then the coronavirus pandemic seems set to gift the industry with a new twist on refund fraud. It’s a knotty problem, but one that can be tackled effectively—as long as you’re working closely with your own team, the rest of your company, and the wider fraud fighting community.

Previous-Article-CNP  Next-Article-CNP

Learn More...

New call-to-action

 

  • Share this Article:
Uri Arad

Lastest Fraud News