Promo abuse and refund abuse are among the fraud trends that have surged during the pandemic. Could you please elaborate on how these types of fraudulent activities occur and how prevalent are they now in the ecommerce space?
Promo abuse is all about customers taking advantage of a business’s discount codes, sign-up bonuses, and referral bonuses online, while refund abuse occurs when a customer uses the returns policy of a merchant so much that it becomes unprofitable. Both these types of ‘abuses’ have indeed shot up during the pandemic. Our recent research found that 49% of ecommerce businesses have experienced a rise in promo abuse, and 51% have experienced a rise in refund abuse since mid-2020.
It’s easy to see why this has happened amid the pandemic. During various lockdowns, customers have flocked to online merchants in place of physical shops, while merchants have scrambled to attract new customers online and offer simple returns policies involving longer returns periods and contactless delivery.
One way we’ve seen promo abuse happening a lot is through the creation of multiple accounts, so a customer repeatedly receives a free trial. Multi-accounting ranges from something as basic as a customer logging out of one account and signing into another, to fraudsters creating fresh IP addresses or synthetic IDs. We’ve also seen promotion abuse evolve into more organised reselling schemes, where fraudsters take advantage of product promos to amass merchandise to sell on at a higher price.
Where refund abuse is concerned, we’ve noticed a considerable rise in the trend of ‘wardrobing’, where someone orders an item of clothing, wears it once for the purposes of taking pictures for social media, and then returns the item. Merchants have a tricky balance to strike here though. Make returns policies lenient and this kind of thing may keep happening. But making return policies stricter might scare off customers, as 83% of shoppers will only buy from platforms with return policies they like.
Moreover, what is the difference between refund fraud and friendly fraud, as they seem to have similar meanings?
Refund abuse isn’t always fraud for a start – it’s usually the exploitation of a return policy. It can be fraud in some cases, for example when people claim for a train fare after having taken their journey (and we worked with our client Trainline on a solution for this specific issue). But for the most part, it’s not fraud – it’s a dispute directly between the consumer and the merchant.
Friendly fraud, however, is a claim from a customer that they purchased goods using their own card, but those goods were somehow not delivered or delivered broken or damaged. In this case, the dispute is handled through the cardholder’s bank via a chargeback that is then taken from the merchant’s account.
What ecommerce verticals have been more affected or targeted by fraud in the last 12 months? And are there any specific attacks according to the type of industry? How does fraud look in retail and travel?
The pandemic has had a hugely disproportionate effect on the levels and types of fraud affecting verticals – even within specific verticals. But account takeover has been one of the most notable attacks that we’ve seen grow significantly within the past year for all verticals.
For example, when it comes to retail, it’s obvious that fraud is increasing across the entire industry. But the boom online grocery merchants have experienced over the last 12 months has made them particularly attractive targets for fraudsters – especially with account takeover attacks. Grocery merchants saw over five account takeover attacks per month, which is more than any other type of retailer. Huge spikes in transactions and stretched teams also made fraud easier to slip under the radar.
The travel industry was obviously hit hard by the pandemic, with several travel brands facing huge levels of chargebacks due to global travel restrictions. Attackers targeted the weakened industry, and account takeovers increased for 48% of travel merchants mid-pandemic, the last thing they needed. Thankfully the industry seems to be getting back into stride.
It seems like account takeover is something that merchants should pay more attention to. How does it tend to happen?
It certainly is something merchants should pay more attention to. Account takeover can happen in several ways. One method that’s proved effective for fraudsters is with basic scripting tools that hammer a login with credentials to try and find a combination that works. This obviously would never be legitimate customer behaviour, so a login limit will stop the most obvious attacks.
That said, fraudsters are cunning, and will often use scripts that mimic human speeds and behaviours, which can trick systems into believing that a genuine human is attempting a login.
How can Ravelin help merchants protect themselves from fraudsters given all the issues mentioned above?
Unlike other companies that sell off-the-shelf fraud detection systems, Ravelin works with each client to understand its unique business model, operations, and pain points before building a specific fraud detection technology solution tailored specifically for that customer.
Because we put the work in to tailor our solution to each client, our technology distinguishes between genuine and fraudulent payments within milliseconds, identifies suspicious credit and debit card chargebacks at speed, and continually monitors customer accounts for suspicious activity, alerting teams quickly to problems so they can mitigate them.
The AI techniques we use in our technology represent the best-in-class available for processing transactional data and customer account data. That said, we can’t overstate the vital role that humans play in fraud detection. The most effective fraud detection ecosystems comprise a combination of data and human insight and oversight because technology is only as good as the instructions it is given.
About Mairtin O’Riada
Mairtin is the CIO at Ravelin, which provides fraud protection for online businesses. The ‘I’ in CIO stands for ‘Intelligence’, and Mairtin runs the Data Science and Investigations team at Ravelin, responsible for the machine learning and graph network models at the heart of Ravelin’s detection engine. He was previously the Head of Fraud at the taxi app Hailo, where he honed his fraudster frustrating skills. He is an internationally experienced intelligence analyst, with stints in Scotland Yard, the United Nations, and elsewhere.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now