fraud and abuse Here are some tips to differentiate the two forms of policy abuse, in order to optimize customer relationship and business outcomes

As the global retail digital commerce sector grows exponentially, businesses are turning to more flexible policies to offer differentiation and value for customers. This includes free or extended returns, flexible payment options, discount coupons and more—all of which have inevitably increased the surface area for policy abuse.

Firms often treat business losses as abuse and fraud, but the two are fundamentally different and need to be addressed distinctively. They must be tackled with different technologies and tactics because the risks are significant and can cause unintended disruption to customer experience and revenue streams.

So, what is the difference between transaction abuse and fraud? Simply put:

  • Fraud can be defined as when someone other than the card or account holder is involved in a transaction. Fraud takes place as a result of the willful manipulation of a digital identity. The nature of the act defines how to defend against it. Empirically, we recognize that attempted fraud behavior on a given website is mostly predictable, with the most critical factor being the nature of defenses that are in place. If defenses are good and bad actors are consistently rejected, then fraudsters will move to an easier target.
  • Abuse involves transactions where offenders are users that generally are not hiding their identity. Abuse stems largely from good customers who are making the most of permissive policies, or who have legitimate claims. Consequently, abusers know that there is an upper limit on how much they can claim before the retailer stops doing business with them.
  • To summarize, abuse is often perpetrated by customers, and fraud is perpetrated by those who are not customers.

Important point: if fraud is perpetrated by people who are not customers, then the business will not have a way to recognize them, and must block them repeatedly before checkout, and do it consistently—or else the fraud pressure will persist. However, to accurately identify fraudsters, businesses need a broad dataset.

Why should the difference matter?

While businesses possess much of the dataset needed to identify abuse, they may lack effective tools to link together and collapse accounts that are created by serial abusers.

While fraud “pressure” is for the most part predictable across e-commerce and is largely a function of a firm’s defenses, it is much more idiosyncratic and is almost exclusively a function of policies specific to the business, together with how those policies are enforced, or neglected.

Note that when it comes to service chargebacks, legitimate customers—even those who are abusive—do not behave identically on various sites. Consequently, it would be a grave error to universally block such customers at checkout.

Customer service, shipping policy, return policies, and vendor—they all matter. Whether or not there is a consequence to their actions matters. Did the system try to close their account? Did it deny the Item Not Received (INR) after multiple claims? These are the questions businesses should focus on because they tie directly to the fundamental relationship that a business has with its customers. Most businesses should, and do, care about this a lot.

Framing abuse and fraud management the right way

Some fraud detection vendors are starting to “cover,” meaning the business pays to shift the chargeback liability on things like INR claims and other service chargebacks.

It is understandable why this initially appears compelling to the business. INR claims are on the rise, so it seems to magically make the problem disappear. However, there is nothing the fraud vendor can do to manage the risk without interfering in the customer relationship.

Arguably, vendors should never presume to write the Return Policy for one of their customers, even if that was the root cause of 90% of their abuse. Nor should a vendor decline a buyer that was not manipulating their identity on the presumption that they may file a service claim because people keep stealing their packages.

Likewise, it does not seem to make sense to only address service chargebacks after they have already taken place during the dispute process. However, when a vendor takes responsibility for abuse, it has to do all of the above.

Any e-commerce company benefits from enlisting risk management functions to address both fraud and abuse, which as mentioned, are fundamentally different and must be treated as such. However, it is important that in doing so, organizations invest the resources that produce both the best outcome for the customer and the best economics for the business.

Here are two key thoughts that will hopefully will help frame fraud and abuse:

  1. The correct way to think about fraud is to acknowledge that the main value of fraud vendors is to provide clients with hyper-accurate fraud detection that scales. The vendor must be able to leverage a unique dataset that spans different verticals and geographies and help clients make decisions about buyers not recognized, even as the latter manipulate their identities.
  2. The correct way to think about abuse in any form (returns, INR, promo) is to find a vendor that makes a business smarter. That vendor should not simply shift responsibility; it should help their clients identify and prevent root causes, gain access to better tools for measurement and insight into the dataset, and receive unique expertise to apply thoughtful policies that drive the right customer relationship and business outcomes.

Regardless of vendor, solution, or policy: nothing should ever interfere with the sacred relationship between a business and its customers.