Learn about payments and the payment facilitator model from our team of experts
Refund Fraud – The Facts
By Dan Spalinger
Head of Global Advisory Services
Fraudsters don’t get day jobs, goes the saying and despite various card security improvements in recent years, fairly simple vectors for such individuals to take advantage of still exist. One of these that continues to be an issue for Payment Facilitators and Acquirers alike is that of “refund fraud”.
A common example of such a scheme might begin with the fraudulent acquisition of a merchant account through any number of ways (stolen identity, synthetic identity, “friendly” merchant fraud, typical merchant fraud). Such an acquired account may quickly seek to begin processing (in part or whole) what are commonly called “orphan refunds” but more accurately labeled as unmatched refunds. These refund transactions are unlinked to any prior transactions—because no true transactions have occurred. These unlinked refund transactions are more than likely to have the resulting credits directed towards any number of accounts under the control of either the same or other fraudsters frequently using prepaid cards for ease of use and anonymity. Without rapid identification of such events, Payment Facilitator and Acquirer losses can ramp quickly and six or seven figure loss liabilities are not unheard of.
One method of confronting these fraud events is simply to disable the capability for any terminal or system. Not allowing any refund to be processed that does not match to a prior transaction can work—if you maintain awareness of the need to do so as you expand your support of various devices and systems or move into different business verticals that may be more subject to this type of fraud than others.
Simply prohibiting such transactions is not always feasible. For example, if a merchant has previously processed transactions with one acquirer and then moved its processing relationship to the Payment Facilitator, there may be a need or request to process an unmatched refund via their new acquiring relationship.
The card brands themselves have been aware of such a method of fraud and include rules requiring monitoring for such occurrences by an Acquirer or Payment Facilitator. They specifically call for identification of unusual credit voucher activity to include credit vouchers without offsetting activity. All Payment Facilitators should be aware of this requirement even if their current systems and processes do not support unmatched refunds today.
Infinicept provides the method by which to monitor for these transactions within its exception reporting capabilities. To the extent that a Payment Facilitator wishes to identify and review every unmatched refund it has that capability. Identifying these incidents via the Infinicept system quickly is an easy first step to take in halting such events.
Of course, robust underwriting and customer due diligence at the inception of a relationship stands as the foremost method of weeding out such bad actors, looking for typical fraudster red flags including requested account changes in the early days of a merchant relationship, use of “general” vs. corporate email accounts, and similar.