Online retailers are losing significant revenue to fraud, with one technique in particular proving impossible to defeat, and authorities unwilling or unable to step in.
One high-end online retail CIO who wished to remain anonymous described the 'chargeback loophole', a situation in which a fraudulent purchaser denies receipt of goods, which leaves the selling organisation with no recourse but to accept its losses.
V3 understands that cyber criminals can make a purchase online, sign for the goods once they arrive, then call the retailer to report non-delivery, demanding their money back. Whilst retailers can argue that the delivery happened, if the purchaser states in writing to their card company that the delivery didn't occur, and that the signature is not theirs, the retailer loses all rights to the funds.
"This loophole has to potential to set the online payment industry back, as this level of fraud continues to rise retailers will start to lose faith in the system," said a CIO in the retail industry. "Banks do not lose any money so have no interest in fixing the situation. The retail industry, merchants, banks and the courier services need to work together to bring about new standards in the same way as they did with [software-based authentication process] 3D secure," the CIO added.
Mastercard confirmed that the practise exists, and claimed that it employs "robust checks" to prevent abuse, though no retail professionals which V3 spoke to saw these checks as helpful in this case.
Visa said that retailers should speak to their payments acquirer (the financial institution that enables it to accept payments) if they suspect fraud. However GlobalPay, a leading payments acquirer, simply confirmed that the chargeback loophole exists, and gave no further help when contacted by concerned retail professionals, according to correspondence seen by Computing.
Carolyn Sweeney, director of global business development at The Chargeback Company, described the activity as a genuine threat to retailers.
"Fraud patterns have actually been addressed more effectively than ever before. Real fraud is now able to be blocked, but the biggest fraud - and biggest threat to retailers - is for consumers to deny their own transactions," said Sweeney.
"Modern shoppers have near-complete control over the retail experience, but chargeback fraud is a significant risk to retailers and customers. As consumer demand and expectation rises, and more people begin shopping remotely, on-demand, and anonymously, so does the likelihood of chargeback fraud - and giving the consumer control begins to show its drawbacks.
"Once a customer denies a purchase, retailers may be stuck refunding the purchase, paying processing fees, and losing the disputed stock. It's a complicated area, but one thing is absolutely clear: these people are fraudsters, and criminals.
"The key to defeating friendly fraudsters is being able to identify the reasons behind them, so you can pinpoint the problem and reduce current and future losses. From eradicating misleading descriptions, streamlining services and monitoring suspicious activity, retailers can protect themselves against potential risks and guard sensitive data.
Sweeney also called for an industry-wide change to combat the problem.
"While, at The Chargeback Company, we protect retailers on a case-by-case basis, an industry-wide change needs to happen to protect retailers as a whole. UK consumer banks are obliged under PSD and the FCA to apply an immediate same-day refund when they are notified that a transaction is unauthorised. This then results in the debit being passed back to the retailer leaving them in the lurch. Banks need to be more vigilant and look at trends in consumer activity and open up conversation with them to pinpoint whether claims of either unauthorised or disputed transactions are true or not to stop it negatively impacting retailers.
"If this change happens, we would expect to see both retailers and banks provide better customer service overall, as they're able to focus on genuine customers and stop the fraudsters in their path."
V3 contacted the Cabinet Office, the Home Office, the Department for Business, Energy and Industrial Strategy and the Treasury to find out what the government can do to tackle the problem. All departments declined to comment.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software