A Growing Threat: Return Fraud Continues to Significantly Expand YoY

In mid-January, I had the pleasure of attending the NRF “Big Show” Conference in New York City. As always, it was great to meet new people, reconnect with prior colleagues, and finally meet some people in person — we have been on video calls way too often in the past three years!

As expected, retailers completed a great selling season in the Q4 holiday season. “December's numbers combined with November's results show retailers had a very successful two-month holiday season,” said Matthew Shay, president and CEO of National Retail Federation (NRF). And rightly so, as year-over-year sales grew 4.24 percent in November and 3.07 percent in December.

A large and growing portion of these sales are on e-commerce platforms that many of us enjoy using, with the convenience of shopping from home and the flexibility to easily return items as needed. But as Shakespeare would say, “therein lies the rub.” These flexible and customer-friendly returns policies that are so crucial to the success of e-commerce platforms are also exploited by fraudsters. E-commerce return fraud may have cost U.S. retailers an eye-watering $100 billion in 2023 alone. Why and how is this happening, and how can these fraudsters be stopped?

The Why: A Lot of Money at Stake and a Process That's Easy to Manipulate

Having a convenient returns policy is the lifeblood of successful e-commerce merchants. As retailers competed with each other, especially during the rush of the holiday season, they offered an easy way for consumers to buy as well as return merchandise online without cumbersome processes. Shoppers are expected to return about 15 percent of merchandise purchased during the holiday season, valued at $148 billion. But this is where fraudsters enter. Nearly 17 percent of these returns are expected to be fraudulent, which is a really large range for the fraudsters to hide in. While retailers are worried about this, and rightly so, they also don't want to change their returns process as it may hurt customer experience and reduce sales. It's quite the catch-22 situation. Protect the brand and revenue vs. reject returns and refund claims? To quote one of my fellow fraud fighter’s post on LinkedIn: “Refund fraud is booming. It's easy, it's profitable, and there are a lot of people doing it.” — Brett Johnson

The How: Fraudsters’ Playbook

The important thing to remember is that it's not one or two fraudsters acting solo; there’s a whole network of them working together. For example, there are fraudulent service channels on telegram with tens of thousands of members offering complete fraudulent returns services for a fee. These fraudsters use a few common tactics such as:

Related story: 'Tis the Season for Greater Fraud Protection

• Nesting and purchasing of accounts: They open hundreds of accounts and normalize them over a period of time before they will be used for fraud. They also offer to purchase good accounts from legitimate customers in exchange for money or a cut of the fraud profit.
• Smaller orders that equal large fraud loss at scale: Pindrop’s data reveals a few prolific fraudsters are responsible for a large number of fraudulent returns. Analysis of a large U.S. retailer’s returns activity showed that only three fraudsters were responsible for over 700 fraudulent returns. While each order was small (<$100), the total value of fraud committed by these three fraudsters alone was in the hundreds of thousands of dollars.
• Organized with playbooks designed for each retailer: This paper reveals that there are over 250 retailers (and growing) in the U.S. that are being targeted by a network of concession abuse as service providers with tactics and playbooks targeted at each of them based upon their returns policy.

Research also shows that the contact center is the preferred channel for fraudsters as they can socially engineer the call center agent into changing the phone number on the account each time they call, verify a transaction, or manipulate the call center agent into processing their claims. Chat is the second preferred method as fraudsters can submit multiple claims at a time. However, as the phone is live and gives less time for the agent to react/correct, fraudsters gravitate to it. As many as one in every 60 calls that come into the retail contact center are fraudulent.

For retailers it may seem like there's no way around the core problem. They need to open the door to customer-friendly return policies, and fraudsters will barge through that door. Therefore, to solve this problem, we need to stop fraudsters before they enter.

How to Stop Fraudulent Refunds and Returns

The Anatomy of a Fraud Attack

The research team at Pindrop discovered a prolific fraudster who went by the name “Salao Khan” who was targeting a leading U.S. retailer. He made five separate phone calls from five different caller IDs within three weeks using four different names. “Salao Khan” was trying to socially engineer the agent into processing fraudulent returns for missing items. The agents sometimes identified this as suspicious activity, but other times they missed it and processed the refunds. Each successful attempt cost the retailer a lot of money. Within a couple of weeks we uncovered 45 such fraudsters that had placed 3,429 calls from 2,630 unique devices/caller IDs, putting the retailer at the risk of losing thousands of dollars.

Detecting These Fraud Attacks

Like any other process, you need the right tools for the job. Consider using a multifactor platform that includes the voice, device, behavior and several data risk models of the caller to produce a risk score on every call in real time. With this real-time score the call can be routed to a specific set of contact center agents who have the tools and training to review all of the account information to deal with fraudulent calls.

In addition to a multifactor risk platform, Pindrop has developed and operationalized a new feature called “Negative VoiceID” to identify when a single fraud voice is attacking multiple times over a given period of time. This feature compares the voice characteristics of the current caller to a set of negative voice profiles trained based on confirmed fraud cases and identifies a fraudster even when they change or mask the calling device, location or phone number.

The underlying idea is to catch the fraudster from multiple angles. If you miss them because they changed phone numbers, you can identify them by the account they're targeting. If not, you could track suspicious behavior or tell-tale fraudulent carrier signals. Above all you can analyze and match voices not just with previously captured samples, but also check if they are normal or synthesized voices. Here's an example of fraud profiles we detected in just one day:

What Does This All Mean for Retail and Returns Fraud?

As retailers push further into 2024, they're undoubtedly planning to continue the investment in e-commerce and customer experience. Online sales and returns will continue to be more prevalent. Fraudsters have taken note and will continue to target these areas. Contact centers, especially the phone channel, is the sore spot and is often exploited by fraudsters. Utilizing a multifactor fraud prevention platform combined with negative voice matching and deep-fake detection capabilities will prove crucial in stopping these fraudsters before they can cause more damage. Sales and revenue are increasing YoY; keep that motion going strong and protect yourself from the fraud losses you're experiencing.

Shawn Hall is vice president, global business intelligence at Pindrop, a company that combines best-in-class audio, voice, and AI technologies with a comprehensive risk database to provide added protection across the phone channel.