
Sign up to save your podcasts
Or
A consumer purchases a product and receives exactly what was described. However, they experience buyer’s remorse and want to return it. Unsure if they’ll be refunded, they falsely report the transaction as fraudulent instead.
This kind of misuse may seem minor on its own, but it is part of consumer-engaged fraud—a category often mislabeled and misunderstood.
In a recent PaymentsJournal podcast, Nicole Reyes, Managing Vice President of Risk Operations at Velera, and Suzanne Sando, Lead Fraud Management Analyst at Javelin Strategy & Research, discussed how to differentiate types of consumer-engaged fraud, the emerging threats within the category, and the steps organizations can take to protect themselves.
As many businesses have strengthened their fraud defenses, criminals have shifted their focus to consumers. This shift has had an impact—consumer-engaged fraud has become one of the leading drivers of fraud losses in the industry for both financial institutions and merchants.
While there is broad consensus that consumer-engaged fraud is growing, there is still division over how to define it.
“It can be really hard to track and quantify this type of fraud for each financial institution, especially because of challenges such as mislabeling,” Reyes said. “Some people would consider first-party and scams together. Some would continue to keep first-party reported as fraud, and other financial institutions—once it’s determined it is first-party—they may move those into the collection bucket. So even from a settlement perspective, each financial institution can vary.”
Consumer-engaged fraud breaks down into two classifications: misuse and persuaded.
Misuse occurs when an authorized party reports a legitimate claim as fraud without any outside influence. This includes the traditional first-party fraud model, where a consumer orders an item with no intention of paying—knowingly exploiting a loophole in the system.
The persuaded form of consumer-engaged fraud happens when an authorized party acts under outside influence. Most scams fall into this category, such as when a criminal convinces a victim to pay upfront legal fees in exchange for a promised inheritance.
While there are just two overarching classifications of consumer-engaged fraud, a deeper look reveals a wide range of subclassifications.
“I think it’s kind of alarming when we lay out all of the various types of misuse and consumer-engaged fraud and the scams that there are out there,” Sando said. “It’s alarming to see all of the various ways that consumers are being targeted. But I think it also hammers home the importance of understanding the nuances of these types of fraud and that they each come with their own signals.”
Under the misuse umbrella is unintentional fraud, where a consumer reports a fraud claim in error.
“They thought that they were purchasing something from Nike, but the billing website had a different name,” Reyes said. “When they called and asked to validate this transaction, maybe they didn’t recognize it. Then later they call back and say, ‘Oh, I do recognize that is my charge.’ Or they provide their card to a friend or family member and don’t recognize exactly what was spent.”
There are also various forms of intentional misuse. For example, a person may order an item—typically a big-ticket or luxury product—and then file a false fraud claim. Other types of misuse include cases where a consumer claims an item was never delivered or reports it as damaged in transit.
There are perhaps even more instances of persuaded consumer-engaged fraud. These include the many variations of scams and phishing schemes.
“One of the big ones that we’re seeing lately is the imposter or the impersonation scams, where a fraudster may impersonate an employee or a financial institution and convince the consumer to complete an action that would result in a financial loss,” Reyes said.
“Fake emails are another use of impersonation scams and one of the most successful ones—emails that appear to be from the authorized user’s financial institution asking them to click a link to update their information, which then leads to a malicious website design,” she said.
In addition to the many subclassifications of consumer-engaged fraud, consumers are now under attack through multiple avenues.
“Our research at Javelin shows that consumers are dealing with a huge range of consumer-engaged fraud, and all of that is coming from a variety of communication channels,” Sando said. “You’re getting emails, texts, social media, DMs, and phone calls are still happening. There are friend requests from people you don’t know.”
“There are all these different kinds of communication methods with their own set of tactics that are constantly evolving, and so it makes tracking and preventing this kind of suspicious activity really difficult,” she said.
Technology has enabled bad actors to exploit these channels at greater scale. For example, billions of phishing emails are sent each day—a feat increasingly accomplished with minimal effort.
Artificial intelligence has also made these communications more realistic. In the past, fraudulent messages were easier to detect due to obvious grammatical errors or phony domain names—flaws that are no longer as easy to spot.
Adding to the issue is the vast amount of personal data users willingly share online. Cybercriminals can tap into this information and use it against their targets.
“They’re getting more sophisticated, where now they’ll start hacking into the email addresses and they will target a specific user,” Reyes said. “They’ll say, ‘Nicole, I know that you have a Netflix subscription and maybe you’re on a promotion that’s coming up in a year, so the email that I’m going to send to Nicole is going to be more tailored around trying to entice her to click on this link because it’s Netflix-related. Or I’m going to ask her to extend this rewards promotion.’”
Because these communications are so sophisticated, organizations must place renewed focus on authentication.
“Any area or medium in which you allow consumers to engage with you—whether that’s via email, text message, over the phone, online banking—double-check the security of those, making sure you have advanced authentication measures in place, so that you truly know who the consumer is on the other end of the engagement,” Reyes said.
In addition to technology-based measures, financial institutions must ensure their education efforts are current, both internally and externally. This should go beyond simply sharing news about the latest scams. There should be interactive tools that help users become familiar with bad actors’ tactics.
Additionally, many financial institutions capture significant amounts of accountholder data that can be utilized to detect consumer-engaged fraud. For example, they could check purchases against past transactions and monitor for changes in IP addresses.
Although many organizations collect this data, they often can’t use it for fraud prevention because it is siloed in separate systems. To combat modern data-driven fraud, organizations will not only have to share data across departments but also collaborate with industry peers.
“One of my biggest key points here is to get out of the silo mindset,” Sando said. “We can’t make any progress if we don’t start somewhere. I feel like we’re just on the cusp—we’re so close to getting to this point where we can all start working together across financial institutions, across consumer advocacy groups. We just have to get past that siloed mindset of ‘I only know what’s happening in my own backyard.’”
As institutions look for ways to move forward, many remain uncertain about the best steps to combat consumer-engaged fraud. The first step is to define the problem appropriately.
“That lack of standardization and categorizing the incident is what’s making it so difficult to effectively track what’s actually happening,” Sando said. “When there’s no industry-wide standard or even a standard set at your financial institution, that means FIs are left to make the determinations on their own of how they should categorize this. That can create delays across the board when it comes to investigating the crime.”
In addition to investigative delays, the lack of standardization often results in inaccurate reporting. Employees are frequently left to handle these incidents through manual review, making accurate trend tracking difficult.
“Those are all reasons why we created a consumer-engaged fraud classification guide—starting within our Velera partnerships—on how can we start to streamline and talk about this the same way,” Reyes said. “Not only to classify it—that’s the first step—but then the next step is how can we systematically tag these types of cases, so that we can start to put some data around it.”
“Then we can start to not only gain insights into what the true volume of the problem is, but also to start to put in preventative measures to combat it,” she said. “We can start to understand how fraud trends are going to shift and what tactics fraudsters may use in the future, so that we’re set up for success to not only better report it and understand it, but to better fight it.”
A consumer purchases a product and receives exactly what was described. However, they experience buyer’s remorse and want to return it. Unsure if they’ll be refunded, they falsely report the transaction as fraudulent instead.
This kind of misuse may seem minor on its own, but it is part of consumer-engaged fraud—a category often mislabeled and misunderstood.
In a recent PaymentsJournal podcast, Nicole Reyes, Managing Vice President of Risk Operations at Velera, and Suzanne Sando, Lead Fraud Management Analyst at Javelin Strategy & Research, discussed how to differentiate types of consumer-engaged fraud, the emerging threats within the category, and the steps organizations can take to protect themselves.
As many businesses have strengthened their fraud defenses, criminals have shifted their focus to consumers. This shift has had an impact—consumer-engaged fraud has become one of the leading drivers of fraud losses in the industry for both financial institutions and merchants.
While there is broad consensus that consumer-engaged fraud is growing, there is still division over how to define it.
“It can be really hard to track and quantify this type of fraud for each financial institution, especially because of challenges such as mislabeling,” Reyes said. “Some people would consider first-party and scams together. Some would continue to keep first-party reported as fraud, and other financial institutions—once it’s determined it is first-party—they may move those into the collection bucket. So even from a settlement perspective, each financial institution can vary.”
Consumer-engaged fraud breaks down into two classifications: misuse and persuaded.
Misuse occurs when an authorized party reports a legitimate claim as fraud without any outside influence. This includes the traditional first-party fraud model, where a consumer orders an item with no intention of paying—knowingly exploiting a loophole in the system.
The persuaded form of consumer-engaged fraud happens when an authorized party acts under outside influence. Most scams fall into this category, such as when a criminal convinces a victim to pay upfront legal fees in exchange for a promised inheritance.
While there are just two overarching classifications of consumer-engaged fraud, a deeper look reveals a wide range of subclassifications.
“I think it’s kind of alarming when we lay out all of the various types of misuse and consumer-engaged fraud and the scams that there are out there,” Sando said. “It’s alarming to see all of the various ways that consumers are being targeted. But I think it also hammers home the importance of understanding the nuances of these types of fraud and that they each come with their own signals.”
Under the misuse umbrella is unintentional fraud, where a consumer reports a fraud claim in error.
“They thought that they were purchasing something from Nike, but the billing website had a different name,” Reyes said. “When they called and asked to validate this transaction, maybe they didn’t recognize it. Then later they call back and say, ‘Oh, I do recognize that is my charge.’ Or they provide their card to a friend or family member and don’t recognize exactly what was spent.”
There are also various forms of intentional misuse. For example, a person may order an item—typically a big-ticket or luxury product—and then file a false fraud claim. Other types of misuse include cases where a consumer claims an item was never delivered or reports it as damaged in transit.
There are perhaps even more instances of persuaded consumer-engaged fraud. These include the many variations of scams and phishing schemes.
“One of the big ones that we’re seeing lately is the imposter or the impersonation scams, where a fraudster may impersonate an employee or a financial institution and convince the consumer to complete an action that would result in a financial loss,” Reyes said.
“Fake emails are another use of impersonation scams and one of the most successful ones—emails that appear to be from the authorized user’s financial institution asking them to click a link to update their information, which then leads to a malicious website design,” she said.
In addition to the many subclassifications of consumer-engaged fraud, consumers are now under attack through multiple avenues.
“Our research at Javelin shows that consumers are dealing with a huge range of consumer-engaged fraud, and all of that is coming from a variety of communication channels,” Sando said. “You’re getting emails, texts, social media, DMs, and phone calls are still happening. There are friend requests from people you don’t know.”
“There are all these different kinds of communication methods with their own set of tactics that are constantly evolving, and so it makes tracking and preventing this kind of suspicious activity really difficult,” she said.
Technology has enabled bad actors to exploit these channels at greater scale. For example, billions of phishing emails are sent each day—a feat increasingly accomplished with minimal effort.
Artificial intelligence has also made these communications more realistic. In the past, fraudulent messages were easier to detect due to obvious grammatical errors or phony domain names—flaws that are no longer as easy to spot.
Adding to the issue is the vast amount of personal data users willingly share online. Cybercriminals can tap into this information and use it against their targets.
“They’re getting more sophisticated, where now they’ll start hacking into the email addresses and they will target a specific user,” Reyes said. “They’ll say, ‘Nicole, I know that you have a Netflix subscription and maybe you’re on a promotion that’s coming up in a year, so the email that I’m going to send to Nicole is going to be more tailored around trying to entice her to click on this link because it’s Netflix-related. Or I’m going to ask her to extend this rewards promotion.’”
Because these communications are so sophisticated, organizations must place renewed focus on authentication.
“Any area or medium in which you allow consumers to engage with you—whether that’s via email, text message, over the phone, online banking—double-check the security of those, making sure you have advanced authentication measures in place, so that you truly know who the consumer is on the other end of the engagement,” Reyes said.
In addition to technology-based measures, financial institutions must ensure their education efforts are current, both internally and externally. This should go beyond simply sharing news about the latest scams. There should be interactive tools that help users become familiar with bad actors’ tactics.
Additionally, many financial institutions capture significant amounts of accountholder data that can be utilized to detect consumer-engaged fraud. For example, they could check purchases against past transactions and monitor for changes in IP addresses.
Although many organizations collect this data, they often can’t use it for fraud prevention because it is siloed in separate systems. To combat modern data-driven fraud, organizations will not only have to share data across departments but also collaborate with industry peers.
“One of my biggest key points here is to get out of the silo mindset,” Sando said. “We can’t make any progress if we don’t start somewhere. I feel like we’re just on the cusp—we’re so close to getting to this point where we can all start working together across financial institutions, across consumer advocacy groups. We just have to get past that siloed mindset of ‘I only know what’s happening in my own backyard.’”
As institutions look for ways to move forward, many remain uncertain about the best steps to combat consumer-engaged fraud. The first step is to define the problem appropriately.
“That lack of standardization and categorizing the incident is what’s making it so difficult to effectively track what’s actually happening,” Sando said. “When there’s no industry-wide standard or even a standard set at your financial institution, that means FIs are left to make the determinations on their own of how they should categorize this. That can create delays across the board when it comes to investigating the crime.”
In addition to investigative delays, the lack of standardization often results in inaccurate reporting. Employees are frequently left to handle these incidents through manual review, making accurate trend tracking difficult.
“Those are all reasons why we created a consumer-engaged fraud classification guide—starting within our Velera partnerships—on how can we start to streamline and talk about this the same way,” Reyes said. “Not only to classify it—that’s the first step—but then the next step is how can we systematically tag these types of cases, so that we can start to put some data around it.”
“Then we can start to not only gain insights into what the true volume of the problem is, but also to start to put in preventative measures to combat it,” she said. “We can start to understand how fraud trends are going to shift and what tactics fraudsters may use in the future, so that we’re set up for success to not only better report it and understand it, but to better fight it.”