Tales from the Chargeback Crypt (Volume II)
Maybe you thought you were safe from spooky chargebacks for now, but every good horror story has a sequel. A big part of the work we do managing chargebacks for our clients involves analyzing chargeback data, which means delving deep into the specific circumstances that led someone to dispute a transaction. We get used to seeing the same very common chargeback types over and over, and sometimes it's easy to imagine we've seen it all. But then there are those chargebacks that make even the gurus sit up and say, "yikes!"
Take a deep breath and prepare yourselves for more of the spookiest chargebacks we've seen.
It Came from the Affiliate Network
Affiliate networks can be a good way to boost traffic and cultivate leads. It's a simple idea: the affiliates promote each others' content on their own websites, earning commissions when referrals turn into sales. But what happens when the affiliate network isn't quite what you think it is?
A merchant we know joined an affiliate network and was pleased to see immediate results. Orders started coming in, and he paid the commissions out to the websites that were referring his new customers to him.
Then the chargebacks started coming.
Ultimately, every single purchase that came through the affiliate network would end up getting a chargeback. In truth, the affiliate network was a scam from the very start. The websites were fake. The orders were placed with stolen credit cards. It was all the work of a fraudster out to steal commissions from unsuspecting merchants. By the time the merchant realized what had happened, the "affiliate" sites were down and the fraudster was nowhere to be found.
As for the merchant, he hasn't given up on affiliate networks—he's just much more careful about vetting his affiliate partners, and when new referrals start placing orders, he scrutinizes their network data for any possible fraud indicators.
The Fastidious Fraudster
Some of our clients have been victimized by a fraudster so knowledgeable, well-prepared, and cautious that a thorough audit of their anti-fraud and security protocols would reveal no way that the fraudster could have been screened out and blocked. In fact, there's no way of knowing if it was one fraudster or several responsible for all of these attacks—the fraudster leaves no clue to their identity other than their mastery of so-called "clean fraud."
Clean fraud is when a fraudster uses a stolen card without giving way any telltale signs of fraud. They'll test out the card numbers with other merchants to verify that they work, ensure that they have the right address and CVV, and even spoof a geographically-correct IP address.
You may not be able to screen out the clean fraudster, but you can make sure that anyone who wants to slip a stolen card past your payment gateway has to work just as hard as they do. Always make sure AVS/CVV matching is active, keep your ecommerce software fully patched and up to date, and take the time to trust your intuitions and investigate any order that feels "off" to you.
Invasion of the Account Snatchers
A classic horror movie trope: the monster is calling his intended victim on the telephone, taunting them. Suddenly, the operator cuts into the call to warn the victim that the call is coming from inside the house!
Now imagine a chargeback scenario where the fraud is coming from inside your own CRM! Terrifying!
Account takeover fraudsters may not be as slick as the clean fraudsters, but they're just as dangerous as they pursue the path of least resistance to gain access to other people's money. Instead of learning how to outmaneuver payment card security protocols, they log directly into user accounts on ecommerce sites after obtaining the password via phishing, social engineering, brute force hacking, or even educated guesswork (account takeover fraudsters have a lot of options). Then they place orders and steal personal information from that user account until it gets discovered and shut down.
You can't stop your customers from writing their passwords on post-it notes or falling prey to clever phishers, but you can require them to use strong, complex passwords and take a closer look when know user accounts start behaving oddly.
Little eCommerce Shop of Horrors
We're running a chargeback management company, not Arkham Asylum, so far be it for us to try to psychoanalyze the fraudster mindset. We just can't help but wonder, though, what motivates the fraudsters who practically set up an entire online store—and fulfill orders!—just to steal money and personal data.
Schemes like these are known as triangulation fraud. The fraudster sets up a fake but functional storefront, often on sites like eBay, offering too-good-to-be-true deals on certain products. When they get a customer, they use the customer's credit card to purchase the product from a legitimate site and drop ship it, so that the customer won't realize they're being scammed until they look at their credit card statement—at which point the legitimate merchant will get hit with a chargeback.
As with any true fraud chargeback, the best defense is vigilant prevention. If you're a seller of high value items, it's a good idea to keep an eye out for other merchants offering unrealistically low bargain prices.
The Telltale Car Parts
What's the number one rule for scary sequels? They've always got to find some way to outdo the original. In our first installment of spooky chargeback stories, we discussed a jewelry merchant victimized by a fraudster who bought a ring, swapped out the diamond, returned it, and charged it back.
You might think it'd be pretty hard to top that, but we worked with a car rental company that dealt with a nearly identical scam—except, in their case, the fraudster replaced the entire engine of the car they rented. That alone would have been an audacious act of theft—but they still tried to get a chargeback on the car rental fee!
Hopefully you'll never encounter a scammer as ambitious as this, but it's a good reminder to inspect returned or rented products when you get them back.
We hope that seeing the scariest chargebacks we can think of gives you more confidence when it comes to fighting your own chargebacks. It's worth the effort—many chargeback representments can easily be won with the right evidence, and fighting chargebacks will give you insights into customer feelings and behavior that you can't get anywhere else.