NoFraud
BlogMay 8, 2023

The Top 3 Subscription Fraud Trends

Automated subscription payments are an eCommerce dream. Once you’ve acquired a customer, they’re much more likely to repeatedly buy when subscribed. With customer acquisition costing up to five times more than retention plays, just a 5% boost in retention can yield a 25-95% increase in profits.

Extremely popular post-pandemic, subscription-based businesses are booming in practically every industry — from personal care products to specialty foods. It is estimated that as many as 75% of consumer brands will have a subscription-based offering in 2023. Unfortunately, subscription-based businesses are at an increased risk for fraud and chargebacks. Around 60% of subscription businesses have noticed an increase in online payment fraud in the past 12 months. And it’s not just traditional card-not-present fraud that’s on the rise — 56% of subscription merchants are seeing new threats emerge

In our latest webinar, we share the top three subscription fraud trends — what these fraud schemes look like and the resources available to stop them.

Triangulation Fraud

Triangulation fraud has been around for years, but within the last year, NoFraud has seen a 70% increase. Triangulation fraud involves three parties: the fraudster, the unsuspecting legitimate customer and the eCommerce store.

How it works:

  • An online storefront is created by the fraudster on an online marketplace.
  • The fraudster lists the goods for sale (that they don’t actually have on hand), usually at a 20-30% discount — low enough to be appealing to shoppers, but not so low that they suspect it’s counterfeit. 
  • Bargain hunters will find the fraudster’s storefront and buy from there.
  • When the fraudster receives an order, they will use a stolen card to make a purchase on the brand’s website and input the shipping address of the fraudster’s “customer.”

This type of fraud is very popular and appealing to fraudsters because it’s a clean transaction for them: no warehousing, shipping or ever touching the product required. Fraudsters are essentially using the brand’s website for free fulfillment of orders purchased through their illegitimate online storefront.

Some very sophisticated fraudster groups test brand sites for weeks — even months — in advance to really understand the merchant’s fraud defenses. They are trying to identify good targets, i.e. shops with vulnerabilities. Once fraudsters lock in on their target, they will hit the store with a high volume of orders in succession — a very popular tactic during Black Friday and Cyber Monday. BFCM is an especially hot time for fraudsters because they know fraud teams are more stressed and customer service teams are pressed for time, making them less likely to detect the fraud.

From the merchant’s perspective, all they see is an order with a different billing and shipping address; and it’s usually the only clue that could potentially be eyeballed by a team looking out for fraudulent orders. It can be really difficult to identify triangulation fraud, especially sophisticated attacks, without advanced tools like device fingerprinting and velocity checks. 

How to keep your business safe:

  • Triangulation fraud can usually be detected by linking orders together via IP address, device, and sometimes email address. When there is a large number of orders with only one data point connecting them together, triangulation fraud should always be suspected and a thorough review is necessary.
  • Sophisticated attacks are much harder to detect and usually need an AI-based solution that looks at nuanced data to detect subtle patterns connecting orders together. For example, if a shop receives multiple orders in a row that come from one bank, that would be very unusual and challenging for an individual to detect just by manual review.

Exploiting Technology Integration Loopholes

The subscription boom has introduced new technologies designed to enhance eCommerce platforms. With this, NoFraud is seeing a growing number of fraudsters exploit loopholes, or vulnerabilities, in the integrations between subscription and eCommerce platforms. Here are some of the trending issues NoFraud is noticing.

IP Addresses Not Passed Between Systems

A common issue with subscription integrations is that the tools might not pass along IP addresses. The IP address provides a lot of fraud clues and without it, it’s hard to make accurate fraud decisions. An IP address tells us where an order was created and fraud prevention software will look at the distance between the IP, billing and shipping addresses. 

IP Proxy is Being Used

When looking at an IP address, it’s important to see whether or not there is an IP proxy. It doesn’t always indicate fraud, but it can indicate the fraudster knows that fraud detection software is looking at IP addresses. If an IP is masked, merchants won’t be able to determine from where the order originated and there’s less visibility into the risk of the order.

Subscription Reactivation Isn’t Screened

Another vulnerability is when a subscription company allows for subscriptions to be reactivated. Fraudsters exploit this by reactivating a canceled subscription unbeknownst to the customer. A lot of merchants don’t have their fraud solution screening recurring orders so the next order ends up getting shipped out.

No Rebill Review  

Some subscription companies offer a “get another one now” button where customers can make another quick purchase if they run low on a subscribed product — before their next month’s delivery. While an important and valid button to have for legitimate customers, fraudsters have realized that many companies don’t have rebills screened. They’ll put one order through and hit the “get another one now” button multiple times in a row.

How to keep your business safe:

  • Make sure your subscription solution is addressing these loopholes and is compatible with your fraud prevention solution. 

Friendly Fraud

Friendly fraud is probably the unfriendliest experience for merchants because it happens when chargebacks are initiated by the cardholder who received the goods, but argues that they didn’t or that the order was fraudulent. When it comes to subscriptions, the two most common reasons for friendly fraud chargebacks are when customers don’t realize they’ve opted-in to a subscription or they don’t recognize the purchase on their bank or credit card statement. 

When customers don’t realize they’ve opted-in, it’s usually because the default option to purchase is a subscription and it’s unclear that they are opting into a subscription. Similarly, when a charge isn’t recognized on a customer’s bank or card statement, it’s because the merchant descriptor and the website name do not match.

How to keep your business safe: 

  • Make sure your website name and descriptor match as closely as possible, so it’s clear to customers when it shows up on their bank statement. 
  • If a customer is signing up for a subscription, it should be very obvious
  • Don’t make canceling subscriptions difficult for customers.

Join Our Newsletter

Subscribe to Our Newsletter for Exclusive Content

Ready to learn more?

Book a demo and see our accurate real-time fraud screening for eCommerce in action.

Ready to learn more?

Book a demo and see our accurate real-time fraud screening for eCommerce in action.

We offer Starter Plans for even the smallest sized businesses, including a free plan and plans that include chargeback protection for companies that process less than $50,000/month.

Businesses that process more than $50,000 in revenue/month qualify for custom pricing. Book a demo and see our accurate real-time fraud screening for eCommerce in action.

— or —
complete the form for us to reach out to you