Fraud comes in many forms, and the fight against it never ends.
Fraudsters pretending to be someone else generally take one of two approaches: They either use real personal data or invent personal data out of whole cloth. The latter, synthetic identity fraud, is largely on the decline thanks to advanced artificial intelligence (AI) systems that recognize tiny inconsistencies in fake user profiles.
The former can be further subdivided into two schemes: clean fraud and friendly fraud. Both are much harder to detect than synthetic fraud, and each can ravage merchants’ bottom lines if left unchecked.
How Clean Fraud Cleans House
Clean fraud’s name may sound innocuous, but the act is a particularly pernicious means of thievery. It differs from other fraud types in that the bad actor uses another individual’s real customer data and identity. The presence of a legitimate identity, even a stolen one, lets the scheme resist many detection techniques that look for inconsistencies, such as AI-based pattern recognition systems. Such identities are also not susceptible to any blacklists or fraud filters, which only contain known fraudulent information.
Clean fraudsters can acquire their stolen identities through a variety of means. Phishing schemes are particularly common, occurring when fraudsters impersonate an authority figure from a website the victim trusts and asks for their username and password. The fraudster then has free rein of the victim’s account, which includes their payment information, billing materials and shipping addresses.
Clean fraud is especially prevalent after any major data breach, when millions of stolen identities become available on darknet marketplaces. Fraudsters can buy identities by the dozen at rock-bottom prices and systematically test them with innocuous purchases, cross-referencing them with passwords and PINs gathered from other thefts or breaches. When the cybercriminal finds a match, they can either start making purchases themselves or resell the identity to other fraudsters at a premium.
Friendly Fraud is Not Here to Make Friends
Friendly fraud is in many ways even more difficult to identify and combat than clean fraud because friendly fraudsters do not steal legitimate identities for their schemes. They instead use their own identities, making friendly fraud completely immune to normal customer verification methods like biometrics, passwords and two-factor authentication.
The most common form of the fraud occurs when customers request chargebacks from their bank, claiming that transactions were fraudulent or that products were defective. The financial institutions refund the customers, and then recoup payments from the transacting businesses.
This practice is sometimes not malicious, as a legitimate customer may simply want their money back from a mistaken purchase and files the chargeback even though a refund would be more appropriate. Some customers do make purchases with the full intent of abusing chargebacks to get items for free, however. Affected banks have no means to verify consumer claims but want to remain in the customer’s good graces, so they accept the request and make the merchant responsible.
These chargebacks can be devastating to merchants not only because of lost profits and stolen merchandise but also due to banks’ and credit card companies’ stiff penalties. Visa can charge merchants penalties of up to $75,000 a month depending on their number of chargebacks and length of time monitored. Credit card companies can, in extreme cases, bar merchants from accepting their cards altogether, cutting off massive revenue streams.
The fact that any given chargeback could just reflect an honest mistake makes friendly fraud incredibly difficult to fight. Merchants do not want to risk alienating their customers by vigorously investigating every single claim, but too much leniency can lead abusive customers to take advantage.
Attempts to tighten the reins on customers can backfire. Outdoor clothing and recreation equipment company L.L. Bean faced this Catch-22 last year when it modified its famously generous lifetime return policy to stop customers from exchanging years-old items for new ones free of charge. Disgruntled customers quickly filed a lawsuit, and although a Massachusetts district judge eventually threw out the suit, L.L. Bean’s reputation was damaged.
It is hard to overstate friendly fraud’s widespread nature. A study found that friendly fraud accounts for up to 86 percent of all chargebacks and noted that 81 percent of consumers admitted to filing a chargeback out of convenience. The problem is getting worse, as well, increasing at a rate of 41 percent every two years.
The dual schemes of clean fraud and friendly fraud are both prevalent and potentially ruinous if not curbed. Banks, credit card providers and security solutions providers must ultimately step in to preserve consumer safety and merchants’ bottom lines.