By Doriel Abrahams, Principal Technologist
It’s an exciting time for big box retailers, who are experimenting with and expanding their customer experience from many directions, leveraging new technologies and customer behaviors. I’m all in favor! Of course, being a fraud analyst, I also want to ensure that fraud and risk are always considered as part of the process.
You Don’t Have to Fight Freight Forwarding
I’m going to start with something a bit controversial. A lot of big box retailers think of freight forwarders as the enemy. Sometimes, there are important policy-related reasons for this, and I won’t argue about those cases. Often, though, it’s because there’s a strong association between freight forwarding and fraud. I want to tell you — that’s really not fair.
Most people who try to use reshipping do so because they value your brand, which is globally respected, but they can’t order your goods to reach them outside the US. Moreover, they’re typically individual consumers, not businesses, meaning the reputational aspects that are sometimes a concern with resellers aren’t in the picture.
Yes, a small percentage of these attempts represent fraud, but let’s be realistic – fraudsters aren’t going to go away if you block freight forwarding; they’re going to pivot to using mules more. When you stop forwarding, you’re really harming good buyers.
Looking at the big picture, more than 85% of freight forwarding orders are likely legitimate. That’s a significant market you’re turning away if you focus on stopping freight forwarding rather than identifying which orders are legitimate and which are fraudulent. At the very least, it’s worth some analysis and internal discussion.
Fraudsters Jump On Omnichannel Faster Than Good Buyers
Many big box retailers have recently become commendably creative about integrating all of the possible routes in a customer journey into one coherent omnichannel experience. You might have in-store terminals where customers can use their digital accounts and leverage QR codes found in-store, tap into digital points, and perhaps pay using the app. The horizon is widening when it comes to the parameters of customer experience.
I’m not saying that retailers should dial this down. (I’m a consumer, too!) At the same time, it’s important to ensure that fraud and risk teams are part of the discussions around new evolutions of the purchase path because every convenience and feature you add represents a potential avenue of exploitation for a sneaky fraudster. In Forter’s analysis, when a new program or feature is rolled out, fraudsters typically take less than a day to attempt an attack.
Fraud and risk teams must have trustworthy cross-departmental relationships with regular syncs to ensure the business is protected as it breaks new ground.
Private Label Cards Need Protection
Private label cards can be a powerful part of your brand, but they’re also attractive to fraudsters who use stolen identities to set up accounts, which they fuel with stolen payment methods. This leaves the retailer dealing with both loss and reputational damage, potentially on both the side of the person the identity belongs to and on the side of the cardholder.
Moreover, many private label card offerings include sign-up incentives such as being able to use the card right away, often for amounts up to a few hundred dollars, before even receiving the physical card. Naturally, this kind of incentive is heavily abused by fraudsters.
It’s important to ensure that every touchpoint of the private label card process is protected, from application to use at checkout and beyond. There can be a tendency to assume that if someone has a card, it must be legitimate, but as in cybersecurity, you can never give a free pass to someone just because they’re inside the door.
Click-and-Collect Continues to Offer Loopholes for Fraud
Many retailers found that fraud attacks leveraging click-and-collect programs increased during the COVID-19 pandemic and then leveled out afterward. That’s good news regarding limiting future risk, but it does mean that the threat is still a predictable part of doing BOPIS (buy-online-pick-up-in-store) business that can’t be ignored.
This is particularly relevant with click-and-collect because fraudsters who engage in BOPIS fraud tend to be repeat fraudsters. A fraudster who has tried a BOPIS attack once in the past is 3 to 4 times more likely to try that again in future attacks rather than attempting to send to a shipping address. Moreover, almost every fraudster who succeeds in a BOPIS attack tries it at least once more, and many of them try many times, even if they’re stopped after the first time.
Defend Your Rewards and Loyalty Programs
Loyalty and rewards programs are often key to a big box retailer’s enduring popularity and success. New technologies and products only give more ways to expand the programs and make them more attractive and relevant to people’s daily lives. The more they catch on, the more likely customers are to have saved monetary value or equivalent assets in their accounts, which is a great sign of engagement and loyalty.
That said, there’s a cost: accounts with loyalty programs attached are 4-5 times more likely to be targeted by fraudsters. In fact, fraudsters who have taken over an account associated with a loyalty program are very likely to advertise the account for resale to other criminals by including that information.
Expand, Improve and Analyze
I want to end by making it very clear that I am not suggesting that big box retailers become less innovative or generous in their terms, policies or offerings. It’s fantastic for customers, businesses and the ecosystem that so much is developing in so many directions to improve and enrich the shopping experience.
As your company and its programs evolve, ensure you’re always analyzing for fraud and risk vulnerabilities and considering the potential impact on your business before and after checkout. More than anything, ensure you have processes, technology and analysis in place to ensure you know who your customers are — including when they’re fraudsters.
Have you experienced any fraud surprises in big box retail in 2024? I’d love to hear!
Doriel Abrahams is the Principal Technologist at Forter, where he monitors emerging trends in the fight against fraudsters, including new fraud rings, attacker MOs, rising technologies, etc. His mission is to provide digital commerce leaders with the latest risk intel so they can adapt and get ahead of what’s to come.