- With Item Not Received (INR) fraud, the shopper waits until an item has been delivered and then reports it to the merchant - or sometimes to their credit card company - as never having been received
- While retail sales are predicted to only grow around 12%, from $771 billion to more than $834 billion, eCommerce sales are expected to account for 25.5% of that
- Account Take Over (ATO) fraud is when a bad actor gains access to a legitimate customer account and uses their information to make purchases or uses loyalty programs and points that belong to the account holde
The 2020 holiday season was like no other. COVID-19 concerns kept many shoppers at home and eCommerce merchants saw unprecedented sales. This resulted in spending on online purchases to grow 32.2% over the same period in 2019 to $188 billion.
However, with the challenges of 2020 spilling over into 2021 and 2022, eCommerce merchants don’t have time this holiday season to sit back and relax. While retail sales are predicted to only grow around 12%, from $771 billion to more than $834 billion, eCommerce sales are expected to account for 25.5% of that. That means $1 of every $4 spent this season will be online.
Of course, the landscape for merchants has changed in 2022 in some startling ways. Supply chain issues have left many with limited stock and little hope for restocks as items sell out. As a result, shopping may be front-loaded this year, with consumers opting to shop early to ensure they can make the purchases that are most important to them.
Shipping is also a concern. Major retailers have expressed concerns about being able to hire enough workers but they aren’t alone - so have shippers like UPS and FedEx, and with USPS slowdowns there is little to no backup for these systems.
Certainly, some amount of those sales will be caught up in the popularity of Buy-Online-Pickup-In-Store (BOPIS), with a third of consumers reporting they will increase their use of the convenient shopping experience this year. That still leaves plenty of orders that will need to be shipped to buyers. Online shopping fraud - and in particular, shipping fraud - will be front and center this year.
None of this is news to online retailers. However, as you navigate these challenges in the midst of the busiest shopping season of the year, it’s important to stay aware of the specific threats that can cost your business customers and revenue. With the hubbub of the season, shipping fraud can get easily lost in the shuffle, and that’s what bad actors are counting on. The key to preventing shipping fraud this holiday season is to be aware of the schemes and understand what actions you and your staff can take to minimize fraud opportunities.
Table of Contents
Shipping Fraud Schemes During the 2022 Holiday Season (and What to Do About Them)
Here's what you can do during this holiday season to avoid fraud schemes.
Item Not Received Fraud and Chargebacks
What it is
A shopper may order an item and then claim to have never received it, when in fact they have. This crosses the line between shipping fraud and credit card fraud - if the fraudster can’t get the merchant to refund the item, they may call their credit card company and request a chargeback.
How it Works
With Item Not Received (INR) fraud, the shopper waits until an item has been delivered and then reports it to the merchant - or sometimes to their credit card company - as never having been received. Sometimes called friendly fraud, it might seem like a small concern in the grand scheme of holiday fraud attempts.
Unfortunately, it’s a scheme that is costing merchants millions, not just in merchandise, but in chargeback fees and their reputation. Worse, it’s a growing concern. Research shows that those who have successfully executed friendly fraud are 9 times more likely to do so again in the near future.
INR and friendly fraud have an expensive waterfall effect on the merchant. Even leaving aside the cost of the merchandise, friendly fraud is expensive. Re-shipping an item or dealing with processing a return eats up your team’s time, something that’s in short supply during the holidays. Making the process easy might save a customer who is on the up and up, but one who is committing fraud will be encouraged in their bad behavior. If you choose not to address it, the customer may file a chargeback with their credit card company, costing you time in disproving the claim or the fees associated with losing a chargeback battle.
The list of impacts doesn’t stop there, however. Many basic fraud protection solutions use simple filters and detection rules. As friendly fraud increases, these algorithms work on inaccurate information and can flag legitimate purchases as fraud. Once a consumer receives a false decline they are less likely to shop at your store again - ever.
How to Prevent it
Prevention starts with using shipping that includes tracking numbers. While this may not be fool-proof, it can deter amateur fraudsters and will provide proof should a chargeback occur. Requiring a signature is another defense. A signature may increase friction in the process for smaller items, but it can be indispensable for larger or more expensive purchases.
Ensure that your refund and return policies are clear. Sometimes INR and friendly fraud are the results of a customer being unclear about how to get a refund or have ordered an item without understanding a return policy. It can even be the result of receiving an item that doesn’t match the description on your website. If possible, streamline your return process so that customers are more inclined to complete a return than report an item as missing, and ensure descriptions are clear and accurate to the item.
Package Rerouting Fraud
Here's what to do in the case of package rerouting fraud:
What it is
Package reroute fraud is when an order is placed with a merchant to ship to one address and then later changed to another address. This usually happens in conjunction with payment fraud, such as a stolen credit card.
How it Works
Package rerouting as fraud can happen in a number of ways. However, all start with a stolen payment method, such as a credit card, bank account, or a payment service like PayPal.
In the first case, a fraudster places an order with an eCommerce site using the stolen information, including the original owner’s legitimate address. These transactions have a higher chance of clearing because the account owner’s address is the one associated with their payment account. Once the order is placed, however, the bad actor calls the merchant and requests an address change, or calls the shipper after shipping confirmation is received and asks to have the package rerouted.
Some bad actors will contact the merchant immediately after the purchase is made, requesting that a specific shipper be used. The fraudster may have an existing relationship with a shipper and therefore is less likely to have their packages flagged as suspicious.
A fraudster may also enter a non-existent address as the ship-to address. They monitor the online tracking information provided and once the package has been flagged as undeliverable, they contact the shipper to provide a new address.
How to Prevent it
Online merchants must walk a fine line between preventing re-routing fraud and upsetting a customer with a legitimate need to reroute a package. During the holidays, it’s not uncommon for a buyer to forget to change the shipping address on a gift before pressing the buy button.
Merchants must be transparent with their shipping policies and make them clear and accessible to all shoppers. Included in those policies should be wording that explains that your shop will not reroute a package. Train your staff, especially your customer care team, to make no exceptions to the rule, but instead, help the customer cancel their original purchase and make a new purchase using the correct address.
Additionally, your eCommerce platform, logistic solution, and fraud prevention solution should be validating the customer’s zip code and address at order time and prior to shipping. It can be nearly impossible to validate these items manually during the crush of the holiday season, so automating validation as much as possible will help you keep the company gears running.
Account Take Over Fraud
Here's what to do in the case of an account take over fraud:
What it is
Account Take Over (ATO) fraud is when a bad actor gains access to a legitimate customer account and uses their information to make purchases or uses loyalty programs and points that belong to the account holder.
How it Works
Generally speaking, ATO occurs as the result of weak customer passwords, breaches to the merchant’s systems, or phishing schemes that get the customer to divulge their personal information. From there, a fraudster can take over an account, even changing the password so that the original owner can no longer access it.
From there, they may use points or a stored credit card to make purchases and have them shipped directly or through re-routing fraud schemes to the criminals.
How to Prevent it
Encourage customers to maintain safe online practices, like making strong passwords and changing them frequently. Send alerts to the email address on file whenever changes are made to the account or loyalty points are used. You can also provide the functionality to alert customers when purchases are made over a pre-set dollar amount.
Here, too, clear policies can make a difference. Make loyalty points or rewards non-transferable or require that redeemed rewards be delivered only to an address on file or an address that has been on file for more than 30 days. Also, ensure all shipping meets best practices, including tracking numbers.
Just as we expect sales to increase during the 2022 holiday season for online merchants, we can also assume that shipping fraud, as well as other kinds of fraud, will increase, too. However, implementing some straightforward changes can reduce your vulnerability to fraud during the busy days of holiday shopping.
A great deal of shipping fraud starts with payment fraud. Preventing one helps minimize the other while keeping your business from costly false declines. According to the LexisNexis 2018 True Cost of Fraud Study, fraud prevention that combines identity and device verification and order screening tools and is tailored to the fraud profile for various sales channels significantly lowers the cost of fraud for a business. In addition to policy changes, platform alerts, and employee training, a sophisticated fraud prevention solution integrated with your eCommerce platform can reduce fraud across the board. Combined, you’ll have a greater chance of thwarting bad actors and preserving customer satisfaction and revenue.
Rafael Lourenco is Executive Vice President and Partner at ClearSale, a global card-not-present fraud protection operation that helps retailers increase sales and eliminate chargebacks before they happen. The company’s proprietary technology and an in-house staff of seasoned analysts provide an end-to-end outsourced fraud detection solution for online retailers to achieve industry-high approval rates while virtually eliminating false positives. Follow on LinkedIn, Facebook, Instagram Twitter @ClearSaleUS, or visit https://www.clear.sale.