Retail Fraud Prevention is a Journey Not a Destination
OK. You’re an independent retailer and you’ve taken several steps to protect your pride and joy against retail fraud, also known as shoplifting, payment fraud, data theft, et cetera. Your store is equipped with the latest payment card technology, its digital platform has all sorts of firewall protection, and you have a security policy in place, so your employees know how to identify fishy payments, and sketchy emails, websites and customers. So, you’re good, right?
The 2018 National Retail Security Study, from the National Retail Federation, says retail shrinkage – inventory loss due to shoplifting, error or other forms of retail fraud – cost the U.S. retail economy $46.8 billion in 2017. That doesn’t include the billions lost by merchants in the roughly 53,000 computer data breaches that occurred last year. That’s why each year in November, the Association of Certified Fraud Examiners supports International Fraud Awareness Week.
Improved payment card technology – EMV or microchipped credit/debit cards – has put a dent in payment card fraud. According to Visa – the “V” in Europay, Mastercard, Visa (EMV) – counterfeit card fraud fell 76% from December 2015 to December 2017 as American retailers adopted new technology. As of March, 97% of all the payment card transactions in this country were with chipped cards, and BizTech reports that at the end of 2017, there were 7.1 billion EMV-enabled cards in circulation worldwide. However, as is the case with many retail fraud prevention measures, when one obstacle arises, thieves find a different avenue of exploitation.
See our Retail Fraud Prevention Checklist
One way the bad guys have found around improved technology is to make card not present (CNP) transactions via telephone or internet. They use stolen card and personal information to make purchases for merchandise that can be kept, returned to a store for cash, or sold over the internet.
So, as much as card-present fraud has dropped – from $3.6 billion in 2015 to an estimated $1.8 billion this year – card-not-present fraud has risen – from $3.1 billion in 2015 to an estimated $6.4 billion in 2018.
Javelin, a research-based financial advisory firm, reports that CNP fraud is 81% more common than payment card fraud at a point of sale terminal inside a store. Because the technology of chipped cards makes it so difficult to capture sales transaction data, fraudsters have also turned to setting up new card accounts to do their business, which now makes up over 20% of all payment card thefts.
A new LexisNexis report says every dollar of retail fraud costs merchants an average of $2.66 through a combination of chargebacks, fees, interest, merchandise replacement and redistribution.
“As more transactions move away from the physical point of sale and to the digital and mobile spaces, businesses need to account and prepare for the various potential attack points of fraudsters,” says Kimberly Sutherland, senior director, fraud and identity management strategy for LexisNexis Solutions. “In their efforts to fight fraud, however, businesses should not overlook the importance of reducing friction in transactions to ensure a smooth end-customer experience.”
Ever since their invention, gift cards have been an easy way to sell merchandise to people who don’t know what to buy for their friends or relatives. Point of sale systems make it easy to sell and redeem the cards.
However, a new scam is turning those convenient gift cards into retail fraud nightmares for many merchants. Thieves steal gift cards that are often displayed on shelves with regular merchandise, clone them with the pilfered magnetic strip information, and then sit back and wait for the cards to be purchased and activated by regular customers. Then the thieves use them like legitimate gift cards to purchase merchandise that can be turned for a profit.
Grocery stores and big-box retailers are notorious for the large displays – usually endcaps – full of unactivated cards from various companies.
Merchants can get a handle on gift card fraud by keeping an accurate inventory of those pesky cards. They can also monitor them by looking for an unusual number of returns or credits being issued by a single employee. If any anomalies are spotted, they should consider auditing those transactions.
Fraud to Go
The trend of shopping online either from a laptop or mobile device and utilizing in-store merchandise pickup has created another multichannel problem for some merchants. Many retailers have quickly adopted the practice of click-and-collect, or buy online, pick up in store (BOPIS), to satisfy shoppers aiming to avoid checkout lines. But that has opened their lines of security to fraudsters. Retail experts say cross-channel sales are more difficult to track and can lead to thieves picking up a good customer’s purchase. Again, the thieves can return that merchandise or sell it online.
Mobile sales and use of mobile wallets are key pieces of both retail sales and fraud. Juniper Research, a financial and retail advisory consultant, expects online transactional fraud to reach $25 billion worldwide by 2020. With many retailers focused on making sales transactions easier for the customer, retail fraudsters are finding ways to exploit that desire.
Common Types of Retail Fraud
Merchandise Return Fraud or Wardrobing
Sweethearting – False Price Adjustments
Unauthorized transactions, account takeover and friendly fraud are three major retail fraud risks experts expect to see during the holiday shopping season, according to research by Javelin and Vesta.
Unauthorized transactions are purchases made with stolen card or payment information. In these transactions, thieves pose as card holders. These incidents are increasing in numbers because the bad guys are making more card-not-present purchases and finding other ways to circumvent e-commerce security measures.
Account takeovers are different from unauthorized transactions in that fraudster takes control of a legitimate merchant account – like Amazon, eBay or any other large retailer – and often resets the username and login password. They can even change the physical or mailing addresses and phone numbers, essentially hijacking the entire account. Because the entire account is stolen, the Javelin research says it takes an average of 53 days to detect an account takeover compared to an average of 30 days for other types of fraud. A new report, the 2018 Fraud Attack Index from Forter, says account takeovers rose 31% in 2017.
Friendly fraud isn’t nearly as nice as it sounds. It occurs in several ways. The most common is through disputed transactions that result in chargebacks for merchants. Customers make legitimate purchases and then “dispute” charges to their payment cards with little more than a point and click of a mouse on their bank’s website, thereby stealing the merchandise. Unintentional and unrecognizable purchases also contribute to friendly fraud. Again, charges are disputed by the card holder, which basically nullify the payment to the merchant.
Chargebacks911, a loss prevention firm, says merchants were shouldered with approximately $31 billion in chargeback costs last year.
Legendary Alabama football coach Paul “Bear” Bryant was credited with saying: “Offense sells tickets. Defense wins championships.” Retail merchants should put that defensive mantra to work when it comes to protecting their valuable business and sales data. A good defense will not only protect the business, but it will also smooth and speed up checkout and improve customer service.
Experts agree the foundation of a secure retail business is a sophisticated digital business platform, one that starts at the point of sale system and integrates the entire business.
“A comprehensive digital platform is essential to improving a business’s security. The bad guys have gotten very sophisticated, especially the past couple of years. It’s important to have a multi-tiered approach to security,” says John Oetinger, director of Managed Network Services for Paladin Data Corp. “It’s also wise to have a company that provides the platform to manage the security. It’s not enough just having antivirus, patch management and backup files for your retail system. Professional system management can spot problems in a system and eliminate them before users even notice.”
Draw Up Your Game Plan
Like a good football coach, merchants should draw up a game plan that includes procedures regarding purchases with payment cards, gift cards, checks and even cash to avoid any retail fraud incidents. Merchants should also consider investing in loss prevention technology like video surveillance and upgrading their business’s digital platform. A sophisticated retail system can allow merchants to accurately track purchases and spot disturbing trends of unusual payment methods or increased merchandise returns that could indicate some form of retail fraud.
The National Retail Security Survey says two-thirds of loss prevention budgets are flat or declining, while the average shrink rate is increasing.