Retail Fraud: Advice from the Experts
It’s beginning to look a lot like that time of year when retailers make the bulk of their profits, and nobody is more aware of this than the cybercriminal community. Online fraud hits hard over the holidays, taking advantage of increased transaction volume, inexperienced consumers, and the likelihood that many merchants will be too busy to look carefully at suspicious activity.
Fraud may be inevitable, but there is a lot merchants can do to minimize their exposure and fight back against card thieves and cyber-shoplifters. With another holiday shopping season about to kick off, what advice do retail fraud experts have for merchants?
- Know Your Liability
- Beware of Spear Phishing and Account Takeover
- Be as Smart as the Fraudsters
- Get Serious About Friendly Fraud
- Make Chargebacks Have Consequences
- Be Ready to Fight Back
Just as they are for merchants, Black Friday and Cyber Monday are some of the most important days of the year for fraudsters. As many as 18% of all online transactions that take place between these two days may be fraudulent, and that percentage just keeps rising from year to year. The impact of fraud on merchants is dire: according to LexisNexis Risk Solutions, every $1 worth of fraud turns into $3.75 in losses to the merchant.
The reason fraud hurts merchants is because nearly every instance of fraud will turn into a chargeback. Chargebacks themselves can be fraudulent when consumers file them under false pretenses—a practice known as “friendly fraud” or cyber-shoplifting.
The good news for merchants is that they can avail themselves of tested and proven advice from retail fraud experts who have years of experience in dealing with these situations.
Know Your Liability
Many merchants suffer avoidable chargebacks simply because they don’t know how their transaction handling procedures can affect their fraud liability. The card network mandates that revise liability rules are not always communicated well to retailers.
The basic rule for fraud liability is that whichever party is using the strongest security features gets to pass off liability onto the party that is neglecting available security features.
The clearest example of this rule has to do with the EMV chip. If the merchant has an EMV chip reader and the customer has a chip-enabled card, the merchant is shielded from liability if they process the transaction by authenticating via the EMV chip.
If the cardholder swipes their card through the magnetic stripe reader despite the EMV chip option being available, the merchant will be liable for any subsequent fraud claims. Fraudsters know this, and will try to talk merchants into letting them swipe their card, fully intending to dispute the transaction later.
Beware of Spear Phishing and Account Takeover
Through the use of artificial intelligence, anti-fraud tools keep getting better at detecting and blocking online credit card fraud. Instead of trying to outsmart them, many fraudsters are looking for backdoors and stealing money through account takeover attacks.
Spear phishing usually precedes account takeover. The fraudster sends their victim an email that looks important and official, the victim opens it and enters their account credentials into a fake web page, and now the fraudster has everything they need to hijack the cardholder’s account and spend their money.
Multi-factor authentication can be a good way to prevent account takeover, and it can be helpful to educate customers about spear phishing attacks, especially when you know they’re going around.
Be as Smart as the Fraudsters
As the previous example shows, fraudsters are often aware of vulnerabilities that new merchants haven’t yet had to deal with.
Many fraudsters share cyber-shoplifting tips on social media sites like TikTok and Reddit, identifying vulnerable merchants by name.
Some cybercriminals are even brazen enough to offer fraud-as-a-service. Billing themselves as “professional refunders,” they share tips and tricks with customers who agree to split the chargeback money with them.
Merchants who offer BOPIS services are particularly vulnerable, as it is very common for people to walk in, grab a waiting order, and walk out without being verified by an employee. Fraudsters love to exploit this casual level of trust, falsely claiming that somebody else stole their order before they could pick it up.
Friendly fraud is difficult to prevent, but knowing how prevalent it is, and what forms it takes, is the first step toward addressing the problem.
Get Serious About Friendly Fraud
Fraudulent chargebacks can be difficult to track and quantify across industries, but Chargeback Gurus gets a firsthand look at the problem every day. Our data has shown friendly fraud to be the number one cause of chargebacks, more common than true fraud involving stolen payment card data.
Looking at your actual customers as a potential source of fraud puts merchants in a difficult position. Screening orders and implementing restrictive terms of sale can generate too much checkout friction for your good customers, which means that many merchants are stuck dealing with friendly fraud after the fact.
Make Chargebacks Have Consequences
Shoppers who get away with friendly fraud once will often try to get away with it again. Too many merchants fail to track the friendly fraudsters who target them, and end up getting victimized many times over.
The easiest thing to do is to use your CRM to block customers who file fraudulent chargebacks. However, some merchants can get more creative about dealing with customers who dispute their purchases but keep using the product. If you’re running a subscription site or cloud-based software, make sure your policies clearly state that you reserve the right to terminate the accounts of customers who file chargebacks—and do just that.
We know of one instance where a merchant sold high-tech drones to a customer who fraudulently disputed the purchase. The merchant was able to reprogram the drones remotely and fly them right off the customer’s property so they could be repossessed.
Be Ready to Fight Back
Merchants can challenge friendly fraud chargebacks and recover their revenue by representing the charge and sending the issuer documented evidence disproving the cardholder’s claims. To do this effectively, you need to understand where your chargebacks are coming from, and what needs to be documented in order to substantiate a successful representment.
Every authentication layer you add increases the chances that you can prove that the cardholder actually made the purchase they’re claiming was fraud, but here again, tight security can add undesirable levels of friction. At the very least, it’s important to verify the customer’s identity when they’re picking up a BOPIS purchase.
If high rates of fraud get you down this holiday season, just remind yourself that fraudsters target successful businesses with a high sales volume. So you must be doing something right, and with the right knowledge and support you can figure out how to get fraudsters off your back, too.
We often say that every chargeback tells a story, and understanding those stories will show you where your vulnerabilities are and what you can do to safeguard them. Taking the time to monitor and analyze your chargeback activity through the year can give you the insights you need to protect yourself through the holiday rush.
- The Truth About Chargeback Alert Networks
- Preventing Policy Abuse
- Online Travel Agency Chargebacks
- Holiday Fraud and Chargebacks
- Fighting iGaming Chargebacks
- The Truth About Chargeback Alert Networks
- Preventing iGaming Chargebacks
- What is a Chargeback Guarantee?
- The Pros and Cons of Chargeback Prevention Alerts
- The 12 Most Common Reasons for Returns