Sometimes the biggest threats come from the foes who pose as friends, spinning tales that seem legitimate and often urgent. And then comes the realization:
You’ve been scammed.
Eric Kraus, V.P. and general manager of Fraud, Risk and Compliance Solutions at FIS, told PYMNTS that friendly fraud looms as a growing threat for merchants and banks alike.
Friendly fraud is another name for first party chargeback fraud, which occurs when a consumer buys something online through a card-based purchase, and then disputes the charges or requests a chargeback, having already received the item or the service that they bought. The conversation was held against the backdrop where merchants of all sizes say “friendly fraud” is the No. 1 fraud trend they are dealing with, representing a significant increase in loss exposure the past few years.
Then there’s “refund fraud” which also occurs after the transaction is completed. However in this scenario, the goods that have been purchased are not returned — or something else entirely is sent back to the merchant.
As he said, illustrating what might happen to an unwitting merchant:
“The last thing you want is to initiate a refund and then open up the iPad box and see that it’s empty.”
Friendly fraud, he said, has become a favorite of scammers in recent months, so much so that he said FIS has seen some eCommerce merchants estimate that 80% of their claims are tied to it.
“These scams are especially high in the digital goods space,” he said.
Banks and credit unions are also feeling the pinch. Disingenuous cardholders, he said, will try to make claims with their financial institutions (FIs), stating that their cards were stolen multiple times in a short period of time as an example.
In the digital age, the bad actors are also leveraging technology to help them launch attacks at scale, compromising point-of-sale devices and “testing” cards. To figure out if a stolen credit card number is valid, thieves sometimes attempt small purchases to see which cards get approved. The fraudster can then make larger purchases over time. Manually testing takes time, so criminals use botnets to run thousands of low-value transactions quickly.
“Just as we in the fraud fighting profession use technology to stay in front of things, the criminals are doing the same thing,” said Kraus. That means merchants need to maintain a strong cyber posture and scan for malicious code regularly.”
Botnet attacks on issuers often originate from hacked merchant sites, so eCommerce threat disruption tools are an important weapon in the fight, he said. It’s equally critical to proactively monitor for sudden increases in transaction volume from particular enterprises, which can often be an early indicator of a these types of attacks.
The Lines of Defense
To gird against scams, he said, merchants need to closely monitor their purchase activity for attributes indicative of friendly fraud. Among the telltales: larger than normal or higher velocity purchases, especially with merchandise that is popular on reseller markets, should raise red flags for further review or investigation.
In other instances, omnichannel merchants can require claimants to visit a physical location.
“People don’t like to lie in person as they might anonymously,” he said.
It’s equally important, he added, to put processes in place that track and monitor repeat offenders — creating a denial list that can be cross referenced before accepting a suspicious order. The use of behavioral analytics can be instrumental in identifying suspicious patterns up front, if a merchant has a history of transactions with a consumer.
“All of a sudden you start seeing something anomalous or, or out of pattern — perhaps a sudden influx of new orders from the same mobile device,” said Kraus.
Looking at the rocky economic outlook ahead, he predicted that friendly fraud and refund fraud will likely increase at the individual level and remain a focus of organized crime. And as attacks become more ambitious and gain scale and speed, financial institutions need to look across their portfolios and not just at the individual card level.
“Fraudsters like to send numerous transactions across a high number of accounts. Oftentimes these are very low dollar amounts, say $5 repeatedly, across thousands of accounts in a portfolio,” he said.
Ferreting out the fraud becomes especially difficult when marquee names in eCommerce are compromised — because so much legitimate traffic is getting through, too. It’s become imperative to let good customers through, while acting with speed to shut down fraudsters. No easy task, when the criminals are also banding together on social media to share tips and trade secrets.
“There are some very slick, automated, digital risk protection tools and services out there that track social media trends to uncover and help blunt those activities,” he said.
A consortium and collaborative approach, he said, is effective in identifying risk trends as quickly as possible.
That can be cumbersome for companies without robust in-house cybersecurity capabilities, he told PYMNTS. But artificial intelligence (AI) and machine learning technology will continue evolving to promote better fraud fighting outcomes with the least amount of consumer friction in the mix (without additional step-ups or verification).
“True enterprise fraud management capabilities will finally become a reality with data aggregation and real time data views across several different payment channels that offer a holistic view of the consumers’ behavior.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More