Opening the door to online commerce is an expedient and profitable way to reach consumers, but those with fraud on their minds also find a way in. Now, it is becoming tougher to distinguish those with good intent from the ones with bad intent, especially when formerly good customers start to abuse merchants’ policies.
That’s the take from the “2024 Global eCommerce Payments and Fraud Report,” released Thursday by the Merchant Risk Council, a Richmond, Va.-based association for e-commerce companies and professionals. More than 1,100 merchants participated in the survey undergirding the report.
“Every year, the MRC survey queries merchants to see what they report as the biggest fraud attack threat they are facing,” Tracy Brown, MRC vice president of programs and technology, tells Digital Transactions News. “For the first time in 25 years, merchants are reporting the biggest attack threat as refund and policy abuse unseating more common and prevalent attacks like phishing and first-party misuse.”
Forty-eight percent of merchants cited refund and policy abuse as one of the top fraud types, outdoing first-party misuse at 45%. Phishing affected 42%.
“Refund and policy abuse is a category of fraud that exploits policies that merchants have in place to govern returns, exchanges, and policies pertaining to order transactions,” Brown says. “Because merchants want to maintain the lifetime value of their customer relationships, there are policies that are lenient to the cost of handling a return while striving to make the customer happy. While policies like these have been in place for years—or even decades—ill-intended individuals are exploiting the policies for personal gain.”
This type of deceit is problematic because it is a new wave of fraud and “even historically good customers take advantage of the very policies that are designed to address customer satisfaction,” she says.
First-party misuse also is on the increase. In the current report, 20% of all disputes were related to first-party misuse, up from 18% in the 2023 report and up from 16% in the 2022 report.
“This particular fraud attack allows customers to intentionally dispute a transaction previously paid for on a credit card by filing a chargeback with the issuer of their credit card exploiting a process that is in place for fraudulent or the occasional erroneous transaction,” Brown says. “In the case of a first-party misuse attack, the customer intentionally files a chargeback claiming situations such as: they did not receive the merchandise (though they did), they did not authorize a charge (that maybe a household member placed, like on a gaming device) or that they canceled a recurring subscription (when, in fact, they never did.)”
Why is this type of fraud increasing? “There are several factors influencing this rise such as the economy, inflation, etc.; but additional catalysts are the facts that customers have learned that there is little penalty, if any, for this type of fraudulent claim fueling repeat behavior,” Brown says. “Additionally, for both [first-party misuse] and refund abuse, the use of social media and Internet ‘playbooks’ on how to perpetrate these attacks [is] more widespread.”
There is no single tool to counter this type of fraud, the report says. Some of the top tactics include reviewing and analyzing non-fraud chargebacks and declines, cited by 67% as very or extremely effective, followed by checking customer purchase and order histories, 65%, and monitoring and analyzing transaction data for unusual activity or anomalies, also 65%.