Ready to learn more?
The Good, the Bad, and the Ugly Fraud Trends of Summer 2022
Friendly Fraud, Amateur Fraud, Sophisticated Fraud
The pandemic induced seismic surge in eCommerce activity has attracted unprecedented fraud attacks from fraudsters of all ages, types and skill levels. The past few years have proven that no eCommerce business is too small or niche to be a target of fraud, and as Covid Relief dwindles, fraudsters are showing renewed ingenuity in their pursuits of new channels of income.
Awareness and prevention are the two most effective weapons of defense an eCommerce business can wield to protect themselves from fraud. Understanding who a fraudster is and how they commit their crimes can inform merchants as to what data to look out for and how to differentiate between a legitimate customer and a fraudster.
Let’s Meet the Fraudsters
Fraudsters can be categorized into three general categories: Friendly fraudsters, amateur fraudsters, and sophisticated fraudsters/fraud rings.
Friendly fraudsters are your average customer turned bad, or maybe they always were bad, but intentions are nearly impossible to infer from cold data. A friendly fraudster completes a purchase with their own, valid, identifying information, addresses, and payment details.
Friendly fraud, which is anything but, refers to fraud that is committed by a legitimate customer post transaction. The fraud would occur in the form of an undeserved chargeback initiated maliciously or in spite by the customer. The shopper may be trying to get away with keeping the merchandise for free out of complete disregard for the merchant or in response to a negative experience.
A chargeback could also be initiated innocently by a customer who simply forgot that they placed the order, or if the charge seems foreign on their financial statement.
Customers can also commit Return Fraud. A customer may attempt to return an old item disguised as their new purchase, or return something they needed only temporarily and no longer require.
Since the pandemic, Empathy Fraud, has been on the rise, as well. Empathy fraud describes a situation where a customer attempts to bypass a store’s return policy by claiming they were caring for a sick loved one, or they themselves were hospitalized with Covid19.
To Keep your customers friendly, eCommerce businesses should seek ways to improve their customer service and overall shopping experience. Providing your service or merchandise as advertised and managing customer expectations will reduce disappointment and negative responses. Informing customers of how the charge will appear on their financial statement will help prevent mistaken chargebacks.
If you anticipate fulfillment or shipping delays, reach out to your customer with an apology and order update. Always ensure that they can cancel or return an order without too much difficulty so that dissatisfaction can be addressed through a refund and doesn’t translate into a chargeback (read more about the true cost of chargebacks here). Responding quickly to customer concerns or inquiries will make customers feel valued and respected and less likely to act out of spite.
Preventative measures can be implemented to mitigate returns fraud or abuse. Smart labeling, that can’t be hidden and must be removed before use, can prevent customers from wearing or using your merchandise and then returning it when they are done with it. Clearly stating your standards for refund eligibility and examining items upon return can discourage returns fraud and abuse as well.
Amateurs can learn everything they need to know about committing eCommerce fraud on Youtube and TikTok, among other online social sharing sites. Popular fraud tactics tend to evolve into Bandwagon Fraud as a popular DIY fraud clip goes viral and more and more youngsters feel compelled to override their better judgment and jump on the new social trend.
First time or amateur fraudsters are easy to spot if you know what to look for. An amateur fraudster will attempt to make an order by impersonating the real cardholder. They will need some basic information about the cardholder, while simultaneously wanting to keep tabs on the order and ultimately receive it. Consequently, some of the information on the order will be legitimate, while other pieces of data may be their own (such as the fraudster’s personal email or shipping address), and some data may be randomly fabricated.
An amateur fraudster may acquire a batch of stolen credit cards without knowledge of which ones are still active or what their credit limit is. The fraudster will then attempt to complete a purchase trying one card after another. A telltale sign of an amateur fraudster would be multiple attempts, or multiple orders using various credit cards to ship a high value item to a specific address. A sophisticated fraudster would change the order details between card attempts.
Teenagers and youngsters may attempt to place orders using their parents’ credit card without permission. Conniving youths often swap credit card info with a buddy, each using the other’s parents’ payment info, so that when the unauthorized purchases are discovered, the adults will simply dispute it. In most cases, the chargeback will be awarded as the order never did arrive at the cardholder’s address, and a device not located at their address was used to place the order.
Referral Fraud is also a tactic commonly used by amateurs. Many eCommerce businesses offer a monetary reward for referrals. Hoping to cash in on the reward, an amateur fraudster may create many accounts where they are basically ‘referring themselves’ and posing as new customers. They will place low value orders with the many newly created accounts using stolen payment information. They often even use the cardholder’s real address, because they are after the referral money and not the actual purchase. Referral fraud, like Promotions Fraud which also tempts fraudsters to create multiple new accounts to take advantage of a promotional discount, will leave a trail of many new accounts popping up with seemingly random email addresses and patched together identities.
To identify amateur fraudsters, eCommerce businesses should be scrutinizing all data points on an order. If any of the order details seem incomplete or off, an attempt should be made to reach the real cardholder to validate the order.
A sophisticated fraudster will always attempt to mask their identity, location and device, perhaps using a proxy, a burner phone, gift cards, or VOIP. They create brand new personas and new email addresses so they can receive updates on orders. They may be working solo with a fraud ring and/or incentivize innocent third parties to ignorantly partake in a scheme
Alarmingly, the advances and availability of sophisticated fraud software is ever increasing. Career fraudsters can now rent botnets for Card Testing or other malicious purposes. The market for attack technology as-a-service is growing at an alarming rate. A number of major recent data breaches flooded the dark web with stolen login credentials that have fueled a major flare up in Account Takeover Fraud (ATO). Sophisticated fraud rings can purchase millions of logins and rent bots to identify the sites and individuals worth exploiting. The bots can also be used to test which cards are still active and what their credit limit is.
Reroute Fraud is often how fraudsters acquire stolen goods purchased via ATO fraud. They pose as a returning customer using a legitimate customer’s compromised information. Once the order is approved, they then attempt to reroute the shipment to a destination of their choice.
Triangulation Fraud and Mule Fraud require involving third and fourth party players. A sophisticated fraudster may set up a fake website or use a marketplace such as eBay or Amazon to pose as a seller of in-demand merchandise at steeply reduced prices. When a shopper attempts to make a purchase on the fraudulent site, the fraudster gathers their personal and payment information to make a purchase on a legitimate site. This scheme involves the fraudster, the shopper, and the legitimate merchant.
In the case of mule fraud, a fraud ring will offer incentives for shoppers to purchase items on their behalf using compromised payment information. Often they instruct the mule on how to open a new account using stolen information that the fraudsters provide the mule with, or through exploiting a loophole that the ring discovered in a financial institution or a credit card application process. The ‘secret shopper’ gets rewarded for their ‘service’ and the payment seems legitimate as it is linked to the mule and cannot be traced back to the fraud ring. The players involved are the fraudsters, the shopper, the merchant, and the victim of the identity theft.
It takes advanced fraud prevention expertise to identify the sophisticated fraudster. Merchants can be on alert for severe changes in customer behavior, new email addresses, changes to shipping addresses, and rerouting requests, but these precautions often prove insufficient in blocking sophisticated fraud tactics.
The strides fraudsters have made in recent years and their expanding interest into all regions, industries, sectors and verticals have eliminated the seasonality of fraud. Businesses should anticipate fraud attacks during every day of every season, not just around promotions and holiday shopping. Staying alert and cautious can go a long way in preventing fraud, however, the risk of rejecting legitimate orders due to suspicions of fraud can be just as damaging.
Often, the only way to identify sophisticated fraud tactics is to employ advanced fraud detection systems that can determine the longevity of an email address, has IP location and device recognition capabilities, has an awareness of emerging threats and a vested interest in protecting your business.
If manual review and detective work is not what you signed up for, consider outsourcing fraud liability entirely to a fully automated effective fraud prevention solution, such as NoFraud.
NoFraud is an eCommerce fraud prevention pioneer. The company provides online merchants with the most effective eCommerce card-not-present (CNP) fraud protection, virtually eliminating fraud, false positives, and chargebacks. See an immediate impact on your bottom line, without manual review or training. NoFraud is the price-performance leader, boasts the industry’s highest approval rates and offers a full financial guarantee and chargeback management service. Advanced machine learning, expert human oversight and an innovative Checkout set NoFraud apart. Visit www.nofraud.com for more information.