Fraudsters' new target: The end-to-end customer journey

May 12 2021
by Jordan McKee


The fraud landscape is diversifying. Bad actors are broadening their focus beyond payments, targeting touchpoints across the customer journey. This report discusses several emerging areas of fraudulent activity that pose a growing threat to both the customer experience (CX) and the bottom line.

The 451 Take

While areas such as login, promotions and returns have traditionally fallen outside of the remit of most fraud teams, the proliferation of fraud across the customer journey will increasingly require enterprises to take a holistic view of fraud management. This will necessitate increased collaboration between a variety of teams – including fraud/risk, marketing, operations and information security – to align on strategies that both secure and optimize the customer experience. In response to this trend, forward-looking merchant fraud prevention vendors are broadening their capability sets to include ATO and policy abuse protection, and are positioning these capabilities as part of an identity-led framework for fraud management.

Fraud's proliferation across the customer journey

Traditional card fraud is not the only source of fraud that merchants are up against. In recent years, 451 Research has observed various forms of non-transaction fraud increasingly proliferate across the customer journey. Touchpoints from online account creation through to product returns have emerged as growing vectors for fraudulent activity, and consequentially, both financial and reputational losses. Notable sources include:

Account takeovers (ATO). ATOs aren't a problem faced just by financial services organizations. Popular loyalty/rewards programs (hotels, airlines, restaurants) have become attractive targets for criminals, who either drain rewards currencies/benefits themselves, or sell the login credentials on the dark web. Bots have become an increasingly popular tool for fraudsters' ATO efforts, helping automate and expand their attack opportunity. Reputational damage, declines in profitability, and costs to replace stolen points are all common outcomes of ATOs.

New account fraud. Fraudsters often create multiple fake loyalty/rewards accounts to aid in various schemes, such as transferring rewards currencies from an account they have illegitimately taken over into the new account they have created. Aside from the fraud implications, new account fraud creates increased challenges for merchants in discerning a legitimate customer interaction from a fraudulent one.

Buy online pickup/return in-store (BOPIS/BORIS) fraud. The proliferation of omnichannel commerce has created major new vectors for criminals. BOPIS shopping experiences that have been in vogue during the pandemic enable fraudsters to quickly obtain fraudulently purchased goods and circumvent traditional manual review cycles and billing/shipping address matching. BORIS provides an efficient way for fraudsters to 'cash out' goods that were fraudulently purchased online and receive a gift card, which they can then resell online through gift card marketplaces.

Concerningly, many emerging types of fraud are also committed by nontraditional fraudulent actors, including otherwise 'good' customers who are attempting to game the system by abusing both merchant and issuer business policies (e.g., policy abuse). This type of fraud can be difficult to detect, and tackling it creates a unique challenge for merchants, which must carefully and delicately address instances of abuse to minimize the impact on lifetime value, as well as on their overall customer base. Several examples include:

Promotion abuse. Merchants needlessly give up margin when customers take advantage of promotions. This can take a variety of forms, including shoppers creating multiple email addresses to access multiple new customer discount codes, or oversharing 'refer a friend' discount codes outside of their network (e.g., posting to Craigslist). This is a widespread issue, with a third of Gen Z consumers and a quarter of millennials admitting to using different email addresses or other contact information to access promotions or discounts multiple times, according to our Connected Customer (Consumer Population Representative), Trust & Privacy 2020 survey.

Return abuse. Merchants with lenient return policies often fall victim to this abuse and can lose revenue when returned items must be discarded or resold at a discount. The tactics here are many, and include wardrobing (purchasing an item with the intent to return it), switch fraud (purchasing a new item and returning the old/defective item) and 'brick in a box' fraud (returning an item, such as an electronic, with certain parts removed). Several merchants have been forced to revise lifetime guarantees due to abusive customer behavior. For example, in 2018, LL Bean revoked its lifetime product guarantee after noting that about 15% of its returns were classified as abusive, amounting to $250m in losses over a five-year span.

Item not received (INR) fraud. INR fraud involves customers notifying a merchant that their online order was never received (when in fact it was) and demanding a refund (or new shipment) of the item. Merchants that have been overloaded with digital orders simply lack the time to investigate each INR incident, and often find refunding the order is the path of least resistance.

Reseller abuse. This occurs when unauthorized resellers purchase product in bulk, often employing bots, and resell it themselves. One footwear retailer we spoke with noted that reseller abuse is a significant problem for 'drops' (limited release of a particular item). Bots can wipe out all or most of the drop inventory, blocking loyal customers from making a purchase.

Friendly fraud. A problem that has grown during the pandemic, this involves customers contacting their card issuers to request a refund for an item on their statement they claimed to have not authorized (when in fact, they had). Investigating and providing evidence to refute these types of disputes can quickly overwhelm fraud teams if the right processes and documentation are not in place.

The emergence of new fraud vectors has caught many merchants on their back foot, resulting in reactive responses (see Figure below). These responses often result in customer friction, including dialed-back policies (returns, promotions), inability to craft VIP experiences (one-click checkout) and inefficient shopping experiences (lengthy shipping due to manual review cycles).

Roadblocks to innovation are another common outcome. We have spoken with numerous enterprises that have avoided entry to international markets or pulled back on the launch of new initiatives (such as a subscription offering) due to fraud concerns. Without an ability to effectively discern good customers from criminals, the end-to-end CX and the business inevitably suffer.

Figure 1
Unoptimized Approaches to Fraud Prevention Create Friction Across the Customer Journey
451 Research