Published: January 8, 2024
Reading time: 3 minute read
Written by: Forter Team

Policy abuse is the new frontier of emerging fraud and is particularly challenging for merchants to address because it can be committed by both fraudsters and legitimate customers. Both groups are outmaneuvering fraud detection systems, ultimately costing retailers hundreds of millions in lost revenue and growing operational costs.  

Digital commerce organizations are realizing that policy abuse is no longer simply a cost of doing business, and it’s become a profitable target for fraudsters. 

Fraud vs. Abuse

Before diving into how merchants should solve this problem, let’s first take a deeper look at how fraud and abuse compare. 

Payment Fraud occurs when someone steals another person’s payment information and uses it to make unauthorized purchases, which is done with willful manipulation of a digital identity and is committed by fraudsters with malicious intent. 

Payment fraud is a broad category that also encapsulates other fraud types at multiple stages of a customer journey:

  • Fake account fraud occurs when a fraudster, customer, or merchant (in the case of marketplaces) creates an account with the intent to abuse referral and sign-up incentives, re-trial subscription services, conduct card testing attacks, scam legitimate customers, and more.
  • Account Takeover (ATO) Fraud occurs when fraudsters breach an account belonging to a legitimate customer, resulting in challenges like stolen credit card points or cash balances.
  • Card-Not-Present (CNP) fraud occurs when a fraudster uses stolen credit card information to make purchases without physically presenting the card, causing merchants to bear the costs of a loss.
  • There are also examples of fraud, including first-party fraud (also known as friendly fraud), where actual customers commit fraud by disputing legitimate transactions. 

Policy Abuse occurs when a retailer’s various policies are exploited for gains and can be committed by legitimate customers who are not manipulating their identity or fraudsters who are looking for their next scam. Abuse can mean dealing directly with the retailer (reaching out stating they never got the item or were shipped the wrong item) or in a service chargeback where the consumer bypasses the retailer and files a chargeback with their issuing bank.  

The critical difference between fraud and abuse is that fraudsters are all bad actors with malicious intent, and merchants should aim to block every fraudulent transaction to protect their revenue. On the other hand, abuse can be committed by bad actors with malicious intent and genuine customers who could be taking advantage of permissive policies or who have legitimate claims. This means there is a lot of subjectivity in how merchants define abusive behavior and what level of abuse they want to permit in order to protect a good customer’s experience. 

Tackling Fraud & Abuse Holistically 

While there are key differences between fraud and policy abuse behavior, the approach merchants should take to solving them is the same: it’s all about identities. With fraudsters and abusers becoming increasingly adept at evading traditional rules-based fraud prevention efforts, the only way to proactively stop these behaviors is by detecting and blocking these types of behaviors at the identity level. 

At the core of addressing fraud and abuse is leveraging identity-based decisioning to answer the question of whether you can trust an identity accurately. 

To effectively block fraud or abuse, you need to:

  1. Trust who is on the other end of a digital transaction
  2.  Have a large first-party dataset and leverage identity-based decisioning to accurately identify fraudsters, abusers, vs legitimate customers
  3. Reduce risk and loss without impacting the customer experience

In addition to both being about detecting identity-level behavior, fraud and abuse prevention are also frequently owned by the same personas or teams within a retailer organization. This is another reason it makes sense to holistically solve fraud and abuse rather than separate them out as two separate problems and workstreams. 

Focused on Identity

Retailers need a solution that is razor-focused on detection at the identity level to proactively prevent these behaviors across the consumer journey – before they impact your bottom line. 

If you’re interested in learning more about Forter’s approach to fraud and abuse and how we’ve helped many merchants across industries tackle this problem effectively, you can request to set up a time to meet with one of our representatives. 


3 minute read