The fraud landscape is diversifying, with bad actors adapting their focus to touchpoints across the customer journey. There are several emerging areas of fraudulent activity that pose a growing threat to the customer experience and the bottom line. Traditional card fraud is no longer the only type of fraud that merchants need to protect against.
Various forms of non-transaction fraud across the customer journey can occur. Awareness of these new tactics are critical to avoid the financial and reputational losses that can stem from a successful attack. Here we have identified some of these tactics. Although this is not an exhaustive list, it attempts to represent a sampling of fraudsters’ changing tactics.
Account Takeover (ATO)
ATOs are a problem that both financial services organizations and loyalty/rewards programs must defend against. In these attacks, bad actors will drain rewards currencies/benefits themselves, or sell credentials on the dark web. In this arena, bots have an increasing role in the fraud, helping attackers automate their tactics. Common outcomes of ATO are reputational damage, declines in profitability and costs to replace points.
New account fraud
In this scheme, fraudsters create multiple fake loyalty/rewards accounts to aid in different schemes such as transferring rewards currencies from a compromised account to a new account they created. In addition to the fraud implications of new account fraud, this kind of attack creates major headaches for merchants because it becomes ever more difficult to discern a legitimate customer interaction from a fraudulent one.
Digital-First Drives Customer Experience Technology Adoption
Buy online pick up/return in-store (BOPIS/BORIS) fraud
As a result of omnichannel commerce, criminals are now using BOPIS shopping experiences to enable fraudulent activities. BOPIS, popularized during the pandemic, allows fraudsters to circumvent traditional manual review cycles and billing/shipping address matching. This is done by illegally purchasing goods online and then returning the goods for gift cards that can be resold online.
Nontraditional areas of fraud: ‘good’ customers game the system
Promotion abuse occurs when customers take advantage of promotions by creating multiple email addresses to access multiple customer discount codes or by oversharing ‘refer a friend’ discount codes outside of personal networks. Like many of the activities, fraud caused by nontraditional actors is difficult to detect and is tricky to navigate.
Merchants with lenient return policies often fall victim to return abuse. These activities usually stem from wardrobing (purchasing with the intent to return an item), switch fraud (purchasing an item and returning a broken one) and ‘brick in a box’ fraud (returning an item with parts removed). These tactics have resulted in lost revenue and the adjustment of lifetime product guarantees.
Reseller abuse occurs when an unauthorized reseller purchases items in bulk for resale. This is usually done with the help of bots, and this type of fraud most often targets limited releases, blocking legitimate customers from buying the product.