Security & Fraud

The Rise Of Holiday Reshipping Fraud

Criminals get into the holiday spirit, too. For instance, they know how to talk in friendly, polite terms to overworked and often-frustrated customer service representatives — to gain such advantages as having purchased items redirected to their own addresses, rather than to the customers who supplied their payment information.

Such a scam promises to play a big role in retail’s fourth quarter, said Yinglian Xie, CEO and co-founder of DataVisor. In a new PYMNTS discussion, she and Karen Webster spoke about online fraud trends for the 2019 holiday season — and the prospect that the 2019 winter holidays will see the worst levels of online fraud ever.

 

“We are going to see another big year of fraud this holiday shopping season,” Xie told Webster.

Growth Factors

Part of the reason for that growth, of course, comes from the fact that, every year (and every holiday shopping season), more people use digital and mobile channels to buy retail products. However, that’s only a portion of the story. As PYMNTS research has documented, and as experts such as Xie know well, fraudsters continue to get better at their work, as well as use sophisticated technology and techniques to steal from legitimate consumers.

Reshipping fraud offers a timely example of that, and represents an upgrade in how criminals conduct their business — a warning for retailers and payment service providers hoping to stay abreast of current fraud trends.

As it turns out, traditional shipping fraud is relatively straightforward: Criminals simply have purchased items redirected to their own addresses, rather than to the customers who supplied their payment information. These consumers may have intentionally made their purchases, or simply had their data stolen.

Reshipping fraud is more complicated. The criminal first steals payment data from a legitimate consumer, and uses that information to purchase an expensive product. These bad actors then rope in unsuspecting assistants through job advertisements, promising work flexibility. These victims are told to accept shipments at their private addresses, repackage them then reship them to fraudsters at different addresses — often overseas.

“It’s becoming a factor” in online-enabled and holiday fraud, Xie said. “It actually happens quite frequently in this form.”

Arms Race

A few factors are involved in this apparent upswing with reshipping fraud, she noted.

First, as online and mobile commerce becomes more popular, more consumers are becoming comfortable with the delivery of expensive electronics, luxury items and other pricey goods via those channels. Not only that, but the holiday shopping season features seemingly endless promotions on a growing number of products, increasing the urge to spend more money on those delivered products. In addition, eCommerce operators continue to seek ways to reduce friction, which can lead to fewer fraud checks and detections. Customer service agents also tend to work long, busy hours during the holiday shopping season, which can make it easier for sweet-talking fraudsters to talk their way into theft.

“The time is well worth it to commit the crime,” Xie told PYMNTS, discussing the return on investment of, say, spending 20 minutes arranging the fraud versus the hundreds or even thousands of dollars that a single product or delivery can bring on the black market.

As Webster put it during the discussion: “It’s kind of easy to overwhelm customer service people to agree to something quickly if there is a nice person on the other end of the phone.” That is no dig against customer service people — rather, an observation of the stresses of retail in the fourth quarter of the year.

Retailers are not helpless, of course. However, staying abreast of fraud increasingly requires investments in machine learning, as well as other new and emerging technologies, which can better spot potential fraud without increasing false positives and other forms of friction that tend to scare away, or even alienate, legitimate customers.

“The attackers are always creating new methods of attacks,” Xie said, “and we don’t always act accordingly.”

Indeed, she said fraudsters are using similar data analysis techniques to those of retailers — including the same analysis that shows how people shop via different channels.

“They are actively doing the same things as well,” she said. “It’s an arms race.”

——————————

LATEST PYMNTS REPORT: B2B API TRACKER 

Social distancing has changed eCommerce from a ‘want to have’ to a ‘must have’ for businesses, yet retailers could struggle to create convenient payment and refund experiences for their apps and websites, says Abdul Raof Latiff, head of DBS Bank’s digital institutional banking group. In the April 2020 B2B API Tracker, Latiff explains how banks can provide a timely assist via application programming interfaces (APIs) that integrate payments into those eCommerce platforms.

TRENDING RIGHT NOW