Unfortunately, some merchants are going to find coal in their stockings this holiday season. By coal, we mean chargebacks, lost merchandise, and other losses stemming from criminal activity. These days, criminals like to play the role of Grinch, stealing from businesses and consumers alike. Businesses need to know what to watch for, so let’s take a gander at some of the most common holiday scams and criminal activities. Along the way, we’ll also discuss methods for controlling and reducing these common types of fraud.
Gift Cards: Handle With Care
In many ways, gift cards are a perfect holiday gift. Unfortunately, criminals also love gift cards. From the perspective of a merchant, gift cards are typically the same as cash. The card usually has a balance, but no name or face associated with it. The convenience and general anonymity of who holds the card opens the door to criminal activity.
First, scammers can obtain the pin and gift card number at a store or online. However, since the card hasn’t been paid for, it hasn’t yet been activated. Criminals can use various tools to monitor the card online. Once the card is paid for and activated by a legitimate customer, the fraudster can quickly steal the balance.
Criminals can also obtain someone’s credit card information, then use it to buy gift cards. Essentially, the fraudster will transfer funds from someone’s bank account or credit line to a gift card they control. They can then use the gift card to buy stuff.
Another common way for scammers to illicitly use gift cards is to ask for them as “payment.” Someone can pretend to be an authority, say the Internal Revenue Service or the customer service department for a website like eBay or Amazon. Next, they’ll pretend that someone has an outstanding tax bill or credit bill with a company. Then they’ll claim that if the customer doesn’t pay up immediately, they’ll be arrested or their credit report will take a hit.
“Fortunately,” the scammers will declare, the bill can quickly and easily be paid down. Simply send them a gift card from Amazon (or another website) and the problem is solved. Of course, legitimate authorities won’t ask for gift cards. That said, once these cards are purchased, the merchant who sold them may end up on the hook for the purchase if the cardholder files and wins a chargeback dispute.
With gift cards, merchants should watch out for the common fraud of repeat orders and abnormally high amounts. When possible, you should also pay attention to the IP address and if something seems off, you may want to pause the transaction. Having mechanisms in place to freeze or reissue gift cards so they can’t be used is also wise. If a cardholder or bank contacts you about a fraudulent purchase, you can then freeze the card balance so the thief can’t steal more.
Seemingly Legitimate Customers Engaging In First-Party Fraud
Unfortunately, legitimate cardholders will sometimes use the common fraud of “first-party fraud” to rip a business off. Essentially, a cardholder can use chargebacks to get an unauthorized refund from the merchant. The cardholder may file a chargeback even if they are perfectly happy with their purchase.
In the United States, Congress has enacted laws that protect cardholders from scammers and illegitimate use (many other countries have similar rules and regulations). If a customer believes that they have been incorrectly charged or that the merchant didn’t deliver the goods or services as promised, they can file for a chargeback with their bank. Ultimately, the card-issuing bank has the final say in the matter and if they approve the customer’s chargeback request, they can claw money back from the business.
Let’s say a customer orders a new winter jacket from Acme Winter Supplies. Acme receives the order and processes the payment, then ships the jacket out. The product is delivered and the customer tries the jacket on, finding it to their liking. But instead of paying for the jacket, the cardholder files a chargeback with their bank, claiming the jacket never arrived.
In this case, the cardholder is simply trying to defraud the business. The retailer can dispute the allegations by filing a dispute letter. In this letter, the merchant will argue that they held up their end of the transaction and delivered the jacket as described. They can furnish evidence too like delivery confirmations, device IDs, orderIP addresses, and whatever else.
The customer won’t get the refund if the merchant wins the dispute. However, the merchant will still have to pay a chargeback fee and their chargeback ratio will rise. Chargeback fees typically cost between $20 to $100. If a business has a poor chargeback ratio, they could be designated as high risk by their payment processor and forced to pay higher processing fees on every transaction.
Friendly Fraud and Communication Mix-Ups
Merchants may find themselves plenty busy during the holiday season. At the same time, consumers are often quite busy themselves. As a result, miscommunication can quickly snowball into a dispute between customers and businesses.
Let’s say a regular customer orders some books from your website. Typically, shipments take a week to arrive and that’s what your customer currently expects. However, owing to the holiday crunch, you get the package in the mail a few days later than normal. The shipper is also overwhelmed and it takes them a few more days than usual to make the delivery.
In this case, what normally takes one week might end up taking two weeks. However, if the customer can’t track the shipment, they might conclude that the order somehow got lost. Instead of turning to the retailer to find out more, the customer might simply file a chargeback.
In this case, the customer isn’t trying to commit common fraud. However, the result could end up much the same. You may have to pay for chargeback fees and you might lose inventory.
To prevent the common type of friendly fraud and honest mixups, you need to make sure you have a quick and responsive customer service department. Additionally, it’s wise to provide tracking information so customers can see where their stuff is.
BOPIS Offers Many Avenues For Scammers
Many customers are using “Buy Online Pickup In-Store” methods to combine the best attributes of online and in-person shopping. When it comes to buying stuff online, customers often have to roll the dice, hoping that the shoes, shirts, electronics, or whatever else match expectations. After that, customers typically have to wait a few days for their products to get delivered. And if the customer needs to file a return, mailing stuff back to retailers can be a hassle.
With BOPIS, customers can largely do away with these headaches. They can instead order something online, then check it out in the store. If something’s wrong with the item, they can return it right then and there.
Sadly, criminals have figured out a variety of different common fraud methods for gaming BOPIS. First, a fraudster can show up and use social engineering to convince the store to hand over goods that they didn’t purchase. They might claim to be picking a package up for a friend, for example. By the time the legitimate customer shows up, their stuff and the thieves could be long gone.
Further, BOPIS speeds up transactions, which is an advantage for criminals. Let’s say a scammer stole someone’s credit card. They could then make a purchase online with that card and pick the order up that day, before authorities or cardholders notice the illicit charge. With traditional online orders, cardholders and their banks often have a few days to notice and cancel the order before it gets delivered.
Further, new shipping addresses rank among the biggest red flags regarding fraudulent transactions. If a customer is suddenly using a different shipping address, it could be because a criminal is trying to get a product delivered. With BOPIS, there’s no need to provide a different shipping address, so that red flag is never raised. The fraudster can simply swing by the store and pick the order up.
Account Takeover Fraud
Modern payment gateways are a blessing. Some years back, you often had to plug in your name, credit card number, delivery address, billing address, and other details each time you made a purchase, even on the same site. Then websites started allowing folks to save their payment information. From that point onward, users could simply use that info to make purchases.
Unfortunately, this benefits hackers. If they can get into someone’s accounts, say using a brute force attack, they could use saved payment information to make purchases for themselves. From the thief’s perspective, the account holder has already done much of the hard work, filling out all the payment details. The scammer simply needs to plug in a new shipping address and voila, they can get ill-gotten goods delivered pretty much anywhere.
Data breaches are pretty common and when they occur, criminals often uncover account login information. Additionally, many people reuse passwords for different sites. Let’s say hackers obtain the passwords and login info for a thousand eBay accounts. Besides trying to make purchases on eBay, they might also try to use the passwords to log into someone’s Amazon or Best Buy account.
Hackers will also try to brute force their way into accounts. This means trying random but common passwords, like Password1234. Unfortunately, some users have a bad habit of setting weak passwords, which could leave their accounts vulnerable.
It’s smart to require people to pick strong passwords. You might insist that they include symbols, numbers, and capital letters, for example. You might check passwords against commonly used passwords and forbid users from using them as well.
Further, you’ll want to keep an eye out for changing shipping addresses. If a customer is suddenly using an unfamiliar shipping address, you’ll want to take extra steps to verify that it’s a legitimate purchase.
Sadly, account takeovers can cost merchants a lot. Often, the account holder will file a chargeback if their account has been used without their permission. Even if the user’s mistakes led to the fraudster gaining access, the business may ultimately foot the bill.
Take Away: Fighting Holiday Fraud Requires a Proactive Approach
Unfortunately, theft and criminal activity are essentially a part of doing business for many merchants. However, by taking a proactive approach, you may be able to protect your business and minimize crime. Businesses should closely examine their operations and what’s currently causing the most losses. Then, they can take steps to reduce those losses.
With chargebacks, for example, businesses can use dispute management platforms. Merchants can set up chargeback alerts that will warn them of pending chargebacks so that they can try to resolve them before they are filed. If chargeback disputes are unavoidable, a dispute management platform can make it easier to gather, analyze, and present evidence.
Each type of criminal activity will require its own approach, of course. With BOPIS, requiring ID is all but a must. Training too is wise, as you can train employees to keep an eye out for social engineering tactics. With account takeover, monitoring both shipping addresses and IP addresses is smart.
Completely eliminating crime and common fraud specifically may not be possible. However, the right moves can protect businesses and minimize risks.