Please enable JavaScript to view the comments powered by Disqus.

We use cookies on our website to give you the best online experience. Please know that if you continue to browse on our site, you agree to this use. You can always block or disable cookies using your browser settings. To find out more, please review our privacy policy.

COVID-19 RESOURCES AND INFORMATION: See the Atlanta Fed's list of publications, information, and resources; listen to our Pandemic Response webinar series.

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

February 22, 2021

New Year, New Fraud

Over the last few years, we've discussed friendly fraud in a number of Take On Payments posts. Friendly fraud occurs when an authorized payment cardholder, or someone they know, purchases goods or services and then disputes the transaction through the chargeback processOff-site link to have the payment to the merchant canceled. From the merchants' perspective, there is nothing "friendly" about this, so they often refer to it as "chargeback" fraud. The actual losses from friendly fraud are difficult to measure, but it's estimated to cost merchantsOff-site link nearly 2 percent of their annual revenue.

With the surge in ecommerce transactions resulting from changing payment habits caused by the COVID-19 pandemic, we assume that friendly fraud—as well as other types of online payment fraud, including the emerging "refund fraud"—has significantly increased. Refund fraud is similar to friendly fraud in that a legitimate cardholder completes a transaction using legitimate credentials. However, in this refund fraud, the cardholder makes the transaction fully intending to use the merchant's refund policies, rather than file a chargeback, to be reimbursed or to receive an additional product. This also differs from refund abuse, where the cardholder purchases and uses a product—often clothing or tools—and then returns it.

Refund fraud by individual cardholders has existed for decades, but more recently a network of professional refund fraudsters has emerged. Using the Dark Web and other nefarious communications forums, professional refund fraudsters seek accomplices and share tips with each other on how to manipulate a merchant's refund policies and customer service representatives. They recruit willing cardholder accomplices with the promise that in exchange for a fee, the cardholder can make large-dollar purchases, get refunded for these purchases, and still keep them. To earn the fee, the fraudster contacts the merchant's customer service personnel and, using their knowledge of the merchant's refund policies while impersonating the cardholder, demands a refund. The fraudster claims that the product never arrived or was damaged, or insists they returned the defective product. The cardholder often pays the fraudster's fee with cryptocurrency.

Like chargeback fraud, refund fraud is difficult to detect since a legitimate cardholder initiates it and generally targets a merchant only once to avoid establishing a pattern of refund requests with the merchant. CardNotPresent.com recently produced an educational webinarOff-site link on this type of fraud detailing the processes that fraudsters use and discussing how merchants can improve their defenses. The involvement of the organized criminal element is further evidence that merchants and card issuers must always be vigilant.