Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
New Year, New Fraud
Over the last few years, we've discussed friendly fraud in a number of Take On Payments posts. Friendly fraud occurs when an authorized payment cardholder, or someone they know, purchases goods or services and then disputes the transaction through the chargeback process to have the payment to the merchant canceled. From the merchants' perspective, there is nothing "friendly" about this, so they often refer to it as "chargeback" fraud. The actual losses from friendly fraud are difficult to measure, but it's estimated to cost merchants nearly 2 percent of their annual revenue.
With the surge in ecommerce transactions resulting from changing payment habits caused by the COVID-19 pandemic, we assume that friendly fraud—as well as other types of online payment fraud, including the emerging "refund fraud"—has significantly increased. Refund fraud is similar to friendly fraud in that a legitimate cardholder completes a transaction using legitimate credentials. However, in this refund fraud, the cardholder makes the transaction fully intending to use the merchant's refund policies, rather than file a chargeback, to be reimbursed or to receive an additional product. This also differs from refund abuse, where the cardholder purchases and uses a product—often clothing or tools—and then returns it.
Refund fraud by individual cardholders has existed for decades, but more recently a network of professional refund fraudsters has emerged. Using the Dark Web and other nefarious communications forums, professional refund fraudsters seek accomplices and share tips with each other on how to manipulate a merchant's refund policies and customer service representatives. They recruit willing cardholder accomplices with the promise that in exchange for a fee, the cardholder can make large-dollar purchases, get refunded for these purchases, and still keep them. To earn the fee, the fraudster contacts the merchant's customer service personnel and, using their knowledge of the merchant's refund policies while impersonating the cardholder, demands a refund. The fraudster claims that the product never arrived or was damaged, or insists they returned the defective product. The cardholder often pays the fraudster's fee with cryptocurrency.
Like chargeback fraud, refund fraud is difficult to detect since a legitimate cardholder initiates it and generally targets a merchant only once to avoid establishing a pattern of refund requests with the merchant. CardNotPresent.com recently produced an educational webinar on this type of fraud detailing the processes that fraudsters use and discussing how merchants can improve their defenses. The involvement of the organized criminal element is further evidence that merchants and card issuers must always be vigilant.