Online fraud comes from many channels. Some cases involve individual actors who cause losses through a handful of transactions, while others involve international crime rings coordinating the flow of stolen merchandise through a series of intermediaries.
For many merchants, the majority of chargebacks are for purchases actually made (and for merchandise received) by the cardholder. Merchants refer to this type of chargeback as “friendly” fraud. In contrast, banks characterize “hostile” fraud as action perpetrated by a third party against the merchant and cardholder. While “friendly” chargebacks are generally easier to refute, doing so can certainly be costly between the chargeback fees and the time it takes to follow through in response.
Imagine that a fraudster is in the business of illegally re-selling watches. In his country, he can sell a watch for $100 via the black market. At his disposal are thousands of stolen American credit card numbers, each with plenty of credit available. Quite painlessly, this fraudster can make money by visiting various websites and using stolen credit card information to buy watches.
As e-commerce grew, merchants quickly learned that international orders were much riskier than domestic orders. Enterprising fraudsters quickly responded to this obvious red flag. By recruiting an intermediary to re-ship the goods from within the country of the purchaser or credit card issuer, fraudsters bypassed the most basic of static fraud detection rules.
Occasionally, reshipping fraud involves a freight forwarder. With a freight forwarder, the initial shipping address or recipient automatically forwards merchandise to a specified endpoint outside the country. However, more often than not, sophisticated criminals ship orders to a residential address instead. These fraudsters recruit unknowing accomplices through classifieds, social media posts, and even dating sites to participate in “work from home” schemes that actually facilitate this kind of international theft.
Another way that fraudsters turn stolen credit cards into money regardless of location is by fulfilling an order for an unwitting customer. Auction fraud comprises stolen merchandise and direct shipping to an unaware customer. Here's a potential real-world case of auction fraud:
On an auction site or other digital marketplace, a fraudster creates listings for copies of the newest Stephen King novel. Julie Goodgal of Maine sees a listing and purchases a copy of the novel from the fraudster. The fraudster then uses a stolen credit card, belonging to a victim who lives in Florida, to buy the novel from a retailer’s site and has the book shipped directly to Julie. The fraudster has thus made a 100% profit on a book that he never had to pay for by using the money from the stolen credit card. In other cases, the fraudster might not even purchase and ship the book, instead opting to simply pocket the cash from Julie.
Auction fraud typically (but by no means exclusively) involves less expensive merchandise than reshipping fraud, such as books and digital merchandise.
A fraudster creates listings for copies of a novel.
Julie Goodgal purchases a copy from the fraudster with legitimate money.
Fraudster buys the novel from a retail site with a stolen credit card.
Fraudster ships the novel directly to Julie and makes 100% profit.
So far, this article has been concerned with stolen credit cards loaded with funds. However, fraudsters must first ascertain a credit card number’s validity before they can use it. They test the stolen card number by making low-value purchases online to see whether the site accepts the payment method. The more information the merchant returns about failed authorizations, the more valuable this card testing becomes for fraudsters.
Besides chargebacks, businesses may lose money to malicious users in other ways:
Refund Abuse: Malicious customers can make money off of merchants without involving their credit card companies by reaching out directly to the merchant for a fraudulent refund (or three). Savvy abusers may create a series of accounts to continue to obtain fraudulent refunds once caught on an initial account. Others will employ the services of a professional fraudster, a criminal who specializes in extracting refunds from merchants.
Promo abuse: Abuse of promotional offers can result in losses. For instance, if you offer a free $5 coupon with every new account creation, someone might script the creation of a hundred accounts, followed by the purchase of a low-priced, resellable item each time.
Affiliate fraud: Merchants that offer referral bonuses may find that fraudulent referrals can cost more than the referral program generates in revenue.