Why fraud is going to happen to your business
Last editedApr 20233 min read
What I’ve learned from a career fighting chargeback fraud
There are just two certainties in fraud detection and prevention: you can’t catch everything, and fraudsters are constantly innovating.
If there is a hole in your system they’ll find it, and what’s effective at preventing fraud today may turn out to be useless tomorrow or a month from now, if you aren’t using tactics or technology that can evolve over time.
The best we can do in fraud prevention teams is first try to predict the loopholes in processes or payments systems that fraudsters might try to exploit. Then we can try to figure out how to make that harder for them to do, and how to monitor our effectiveness.
Chargeback fraud is growing
A growing area of concern for merchants – and one that has impacted us at Plum (more on that in a minute) – is Direct Debit chargeback fraud.
All payment methods have an associated level of fraud risk. The Direct Debit scheme allows consumers to dispute payments and receive an immediate but reversible refund while that dispute is resolved. Banks charge this refund back to the merchant, hence the name.
The system is open to abuse. Fraudsters can double their money by paying for and receiving valuable services or products, before filing a chargeback in order to double their money and leave the merchant out of pocket.
This is becoming a big issue because of the huge – and growing – daily volume of online transactions. There is a lot of traffic for fraudsters to hide behind, and they are becoming experts at building trust with merchants and good reputations with banks, in order to maximise their gains later on.
Be flexible and holistic
To better prepare themselves for chargeback fraud, and increase their chances of coming out on the right side of chargeback disputes, merchants need to take a holistic approach.
They must start by educating themselves about the chargeback scheme’s rules and how the system would apply directly to their business and customers. Where are the risks in your customer journey of being left out of pocket, and how can they be minimised? What is your tolerance for risk, given some fraud will inevitably get through?
This understanding should inform the teams you build and the skills you recruit to deal with the problem. It should also inform the rules you adopt and the technology you deploy to enforce them. Above all, your people, processes and technology must be flexible and responsive enough to change quickly in response to whatever the fraudsters try next. To that end, keeping up to date with trends, threats and technology is a key part of every fraud investigator’s job.
We recovered thousands from a single case
Our own experiences with chargeback fraud also highlight the importance of partnerships with trusted experts.
We suffered some losses when a group of fraudsters orchestrated a scam in which they deposited and then withdrew funds from Plum savings accounts while also requesting – and receiving – chargebacks from the banks.
We discovered the scheme only after it had happened. We contacted GoCardless to investigate ways to recover the money, because in a lot of cases we could prove a connection between the accounts showing their activity to be fraudulent. Using GoCardless Protect+ we were able to easily identify each case of potential fraud, decide whether we wanted to contest the chargeback, and package up all necessary documentation needed and then appeal the chargebacks with the relevant banks. All from a single dashboard.
Thanks to GoCardless’s help most of the disputes were successful and we recovered the majority of the money, which otherwise would have been lost revenue. Since adopting Protect+ more widely last year we’ve now disputed around 200 chargebacks and recovered more than £38,000. Because we also have to spend less time working on chargeback fraud we have the headspace to focus on other risks.
Give yourself a break!
The final piece of fraud management advice I would give to merchants is that, whenever fraud happens, although you must look honestly at the oversights that enabled the fraud to happen, don’t be too hard on yourself.
As I’ve said, fraud can always get through – fraudsters never get tired of finding ways to beat your systems. It’s about how fast you can learn, how creative you can be in anticipating similar risks in the future, and understanding what you can do after the fact to try to limit your losses.
Stay alert, don’t take for granted that what works now will always work. And surround yourself with partners that can combine their knowledge and data with your own knowledge of your business and your customers.