Refund fraud, also known as refund scams and refund abuse, is by no means a new trend. It has, however, evolved; just as consumer behaviors and expectations in the digital marketplace have changed over the years. A type of friendly fraud, refund fraud may appear on the surface as the price that powerful corporations must pay to operate online. However, combined with other payment fraud and policy abuses, refund fraud is costing retailers alone $100 billion per year, according to recent reports from global sources. But what of the banks? What are the implications of refund fraud for financial institutions? What are the common scenarios faced in refund fraud in banking? And, most importantly, what steps can banks take to prevent refund fraud in the first place?
Article at a glance:
- What is refund fraud in banking?
- What does refund fraud in banking look like?
- What are the implications of refund fraud on banks?
- What can banks do to prevent refund fraud?
What is refund fraud in banking?
Refund fraud entails tricking a company into refunding money for a product or service that was not paid for or falsely claiming that there is a problem with the product or service received.
Common scenarios associated with banking refund fraud:
- Identity theft
In the case of identity theft, a fraudster uses stolen personal identity information to open accounts or make unauthorized purchases; only to then request refunds for these unauthorized transactions.
- Social engineering
- Account takeover
Social engineering techniques, such as impersonating a customer or a company executive, are often used by fraudsters in bank refund fraud. For example, a bad actor may send an email or make a phone call pretending to be a representative from the victim’s bank, claiming a security breach has occurred or there is a suspicious transaction on their account. They urgently request the victim’s login details to reverse the transaction, thereby ensuring the victim facilitates the refund fraud unknowingly. In some cases of banking refund fraud, a bad actor will gain unauthorized access to the account of a legitimate user. This can be done via phishing, social engineering or the use of leaked passwords from data breaches. After accessing the account, the fraudster will review the transaction history to identify recent purchases, or else look for transactions that can be exploited for refund fraud.
What are the implications of refund fraud for banks?
When it comes to quantifying the cost of refund fraud to banks, it’s important to consider various factors, such as the scale of the fraud attack, the reporting accuracy and the specific tactics used by fraudsters (as outlined above). At a high level, it’s important to break the costs down. Let’s do so.
- Direct financial losses
- Indirect financial losses
- Reputational damage
Naturally, banks directly lose money when processing unauthorized refunds due to fraud, including the funds reimbursed to customers who were victims of the refund scam. However, the indirect costs significantly add up. These include the resources banks invest in to investigate suspicious activity and, ultimately, resolve it. Indeed, these efforts are put in place to identify the extent of the refund fraud, recover the funds when possible and strengthen security measures to prevent it from happening again. Reports of fraud harm the reputation of the financial institution associated. The minute customers get wind of security failures at their bank, trust is eroded. Rebuilding this trust, especially in such a competitive marketplace, costs.
The global implications
Furthermore, while these sorts of scams have been around for some time, the interconnected nature of global financial systems and the ease in which we can transact across borders has provided bad actors and criminal organizations more opportunities to conduct refund fraud on a grander, global scale. Therefore, while refund fraud has common characteristics globally, the legal and regulatory frameworks in each country can shape the response and consequences for the financial institution. These regulations are created to protect the consumer but also mitigate the possibility of fraud in the digital world. Let’s take a deeper look.
- Consumer protection laws
- Data protection regulations
Countries have different consumer protection laws that may dictate how a refund is processed, as well as what information is provided to consumers and their rights and responsibilities, alongside those of the business and the bank. Naturally, compliance with these laws will affect how a refund fraud case is handled. As we discuss regularly, regulations related to data privacy and data protection vary around the world. In countries with strict laws, banks have to adhere to specific protocols when handling customer information. This, in turn, impacts how they investigate and respond to fraud.
- Financial crime protection laws
- Payment system regulations
Further, anti-money laundering (AML) and counter-terrorism financing (CTF) regulations can affect how financial institutions monitor, report and respond to suspicious transactions, including any related to bank refund scams. Payment system regulations pertaining to bank refund fraud encompass various measures overseen by regulatory bodies to ensure the safety and integrity of payment systems. These regulations typically mandate the implementation of robust fraud prevention measures by financial institutions, including authentication mechanisms and transaction monitoring systems. They also outline provisions for customer protection, liability allocation, and reporting requirements for instances of fraud.
- Fraud reporting requirements
Finally, various countries have differing requirements for reporting instances of fraud to regulatory authorities. Therefore, the way a bank communicates with regulatory bodies will influence the overall response to and handling of refund fraud. It goes without saying, that international collaboration and information sharing efforts play a significant role in addressing bank refund fraud on a global scale.
What are three steps banks can take to prevent refund fraud?
Thankfully, there are tools and technologies available to not only better detect fraud, but ultimately to also prevent refund fraud from occurring in the first place. Below are just three steps banks could take to be one step ahead of fraudsters.
- Go beyond KYC at onboarding with dynamic data
Because so much of banking refund fraud involves stolen identities and account takeovers, it is imperative that financial institutions go beyond legacy infrastructure and traditional Know Your Customer (KYC) and AML processes. For example, machine-learning-based tools and technologies enable banks to check their blind spot at onboarding. This is done through the provision of a probabilistic data set with authoritative sources. While we detail in this blog the exact ways we recommend complementing KYC risk assessments with dynamic data, here is the reason for the recommendation: Not only does dynamic data enable financial institutions to positively identify more legitimate customers with greater confidence, but it also provides these customers with the digital onboarding experience that they are accustomed to in this digital economy.
- Enhance security measures with behavioral analytics
Leveraging behavioral analytics to monitor user behavior and detect anomalies enables banks to identify unusual activities that may indicate refund fraud. Behavioral analytics tools examine the current and historical interactions of a customer and can be used to differentiate between a legitimate cardholder and an imposter. For example, behavior analysis technology can analyze:
- The volume of traffic coming from a single device
- The method of moving through a form online
- The pattern and speed of typing and whether it’s consistent with a human or bot
- If a form field is autocompleted or copy and paste is used
- Analyze the risk of each transaction, immediately
There are tools that enable banks to conduct, in real-time, risk analysis to assess the risk associated with each transaction based on various factors (such as type of transaction, location and user behavior). At Mastercard, we have tools that enable user authentication, as well as provide detailed insights into the authorization process via proprietary machine-learning models. Better still, this can all be done locally, cross-border and is network-agnostic. To learn about how banks can leverage best-in-class identity verification tools and technology to fight fraud at both onboarding and during transactions, get in touch today.
