The days and weeks after Christmas are huge for returns. You can walk into a clothing store a week or two after Christmas and see a pile of clothes that have been returned for any number of reasons. They were too big, too small, the wrong color, or whatever. And as long as the customer has the undamaged merchandise and a gift receipt, they can usually make the return for store credit.
But what do you do if you run an ecommerce store? Or a click-and-mortar store that allows online returns to come back to stores?
With ecommerce sales on the rise this holiday season, there’s bound to be plenty of return fraud that follows. Whether it’s malicious, friendly, or family, there are things you can do to protect yourself and reduce the number of return fraud cases you have to deal with.
To start with, make sure your website security is up to date. Hackers and thieves will try to break in and steal credit card data and personal information from your site. If you were working on outdated protection software and a prayer, upgrade that as soon as possible, especially if you’ve stored customers’ credit cards on your site. Account take overs are a big problem and can result in plenty of chargebacks or return fraud, as crooks return “gifts” they ordered through other accounts..
You’ll also have plenty of people calling to say an item arrived damaged or it was too late. This is a favorite trick of return fraud crooks, especially for high-priced items like electronics. The typical practice of most ecommerce merchants is to tell the customer to keep the damaged item and then send out a replacement item. Fraudsters count on this, because they can get a second item for free.
If you do this, do not let the customer keep the damaged item! Ask them to return it. Tell them a replacement will be sent once the damaged item is returned. If the claim is legitimate, they’ll return the item, and you absolutely should send out a replacement. But if they never send the package, then you know this probably wasn’t a legitimate return.
Make visual confirmation of all returns. To get the damaged item returned, the merchant often sends a return label, Once the returned package is scanned into the return center, the replacement is shipped out.
However, a trick that return fraudsters have begun doing is sticking the return label on an envelope stuffed with junk papers or even a box filled with dirt. The label is scanned in at the return center, the item is marked as returned, and the package is sent to another station to be processed.
Envelopes will often get sent to the mail room for processing. When it’s opened, the person finds it’s filled with junk papers, so they throw it away with a shrug and an eye roll. And packages filled with dirt or other junk will also be discarded. In these cases, no one does a followup investigation to find out what the product should have been, and the matter is dropped.
This is also happens when companies accept returns at UPS and Fedex stores: Once the package is scanned there, it’s considered returned. It’s convenient, but there are too many chances for fraud. You can help reduce fraud by including the weight of the original package and the weight of the new package in the return paperwork. Set up an alert in your system that tells you when a return is significantly different from an original package so you can take further steps.
Look for unusual payment patterns, like several credit cards being used to ship to a single address. Or returns coming from an address that’s different from the original recipient. (That usually means porch pirates.) Or maybe you’re seeing one card being used to ship to several addresses in the same neighborhood. This could always be someone buying gifts for family, but if these are orders of high-dollar gifts like electronics, it could be something else.
Look for unusual return patterns too. Do customers return a lot of items? Have they ever pulled the “damaged item return” scam? Note that in your CRM.
Also, participate in Mastercard’s Ethoca program, which sends out regular alerts on customers who have committed fraud in the past or if a credit card was stolen. You’ll get notified whenever a bad actor tries to make a purchase on your site.
Make sure you require CVV2 codes on your websites. Better yet, use the new dCVV2 codes. This way, people who have stolen credit card numbers can’t make purchases without the CVV2 codes. If you didn’t do that in 2020, you should at least start using it now so you’ll be ready for 2021.
Work with a third-party chargeback dispute service like CB-ALERT. We have the tools that help identify patterns of return fraud, friendly fraud, and invalid chargebacks. It’s especially important for small merchants who have new customers. You won’t spot patterns in first-time customers, but the tools we use can tell you whether those new customers have committed return fraud and friendly fraud against other merchants.
Photo credit: MobiusDaXter (Wikimedia Commons, Creative Commons 3.0)