The outsize challenges and costs of policy abuse created by a relatively small number of individuals are causing some merchants to retreat from the generous policies they’ve put in place. In doing so, they’re relinquishing the relationships and brand equity they’ve worked so hard to build with good customers. But is retreat the only answer? 

Not according to Dajana Gagic-Cefi, VP of fraud strategy at The Wolfe Companies. Dajana proposes instead that with the same rigor merchants apply to payments fraud, they can offer both the generous policies that customers expect and maintain efficient and effective barricades to abuse. 

First, how did we get here?

Generous ecommerce policies like free shipping and free returns have become ubiquitous over the past few years, so much so that all but the most loyal consumers will balk at anything less. Fraudsters, unfortunately, also love these policies and have evolved increasingly sophisticated and creative ways to take advantage of them, creating a $100B problem for merchants globally. 

Surprisingly, while the global costs and volume of policy abuse are huge for merchants, they are driven by a relatively small number of perpetrators. As with CNP fraud, a small number of repeat offenders are causing a lot of harm, and good customers are paying the price. A Riskified analysis of one merchant’s experience showed that just .2% of customers were causing 12% of losses.1

Even more surprising, despite the size of the problem and the small number of individuals causing it, just 30% of merchants are implementing preventive strategies. 

Why aren’t merchants doing more to fight back? About 76% say the volume and complexity of abuse is simply too high, and 66% say a lack of internal collaboration gets in the way.  Thus the retail retreat.

Merchants aren’t wrong; policy abuse is challenging

The complexity of policy abuse lies partially in the nuanced nature of determining intent. Unlike with payments fraud where the intent of using a stolen credit card is fairly straightforward,  the actions of a valuable customer occasionally stretching a policy are hard to distinguish from those of a professional refund scammer, and there’s a lot of risk if you get it wrong.

This ambiguity allows fraud to fly under the radar at many organizations, increasing costs and the temptation to simply abandon customer- and fraud-friendly policies. 

Collaboration is another challenge retailers report because different parts of the ecommerce organization have different policy-related remits and KPIs, and there’s often little visibility or communications across department lines.  

For the fraud team, job one is stopping losses. For the customer service team, job one is keeping customers happy. And in the murky zone where fraudsters and good customers look similar, each group will err on a different side of caution and thus end up working at cross purposes.

For example, without a consistent cross-departmental policy and strategy on item not received (INR) claims, customer service will likely approve refunds in all but the most egregious cases to ensure no good customers are penalized. 

For a premium electronics brand known for and proud of its extraordinary customer service, this led to some big problems. 

Before it put its current policy abuse solution in place, the merchant’s fraud team discovered that customer service had refunded the same person 27 times for INR. 

That’s not a service problem, that’s a transparency problem.

The policy abuse conundrum: a “monster of our own creation”

As a veteran fraud professional, Gagic-Cefi has seen how this lack of visibility, rigor, and collaboration not only incurs fraud losses, but also costs the entire organization in ways businesses frequently overlook. 

Customer service workloads rise, marketers spend budget on unprofitable customers, and the brand as a whole may face reputational risk. She notes that unlike with payments fraud or chargebacks,  it’s all typically written off as a cost of doing business. 

Without consistent internal systems, appropriate technology, and collaboration across departments, organizational performance suffers from what Gagic-Cefi sees as a monster of our own creation. And instead of addressing the problem with rigorous strategies, merchants are backtracking – reimposing return fees, shipping fees, and restocking fees.

She proposes a different path forward.

A three-pronged approach to more rigorous policy protection

Gagic-Cefi believes there’s a better way to stop losses from policy abuse. It starts with giving this type of fraud the same attention and respect as payments fraud. 

She says fighting policy abuse requires that businesses begin measuring its full impact, giving customer service teams the means to participate in fraud prevention, and applying tools to help precisely and effectively differentiate the bad apples from the good. Here’s how that strategy might look in practice:

  1. Measure. Many organizations are not fighting policy fraud as effectively as they should because they aren’t measuring its full scope and total costs. 

Looking at the full scope of costs across areas like shipping, processing, and marketing on top of the direct costs of lost product and refunds paints a fuller picture that will both get the attention of stakeholders, justify investments, and help quantify the ROI of countermeasures.

  1. Categorize. By analyzing patterns of fraud at your organization and categorizing the fraudulent activities that are most prevalent, you can better begin to collaborate in targeting bad actors. For example, how many cases of policy abuse are INR vs empty box returns, partial receipts, or fake tracking IDs? 

Customer service representatives can participate in this intel gathering by simply tracking and reporting what they see and hear —  certain phrases or words in their interactions with customers — to the fraud team. Similarly, refunds processors can notify the fraud team of returns with certain characteristics.

  1. Apply technology. While gathering observations and keeping spreadsheets from across the organization is valuable, large-scale analysis and insight requires automation. Businesses need vast amounts of data and the tools to ingest and disambiguate it to segregate legitimate and illegitimate activities accurately and at scale.

AI-driven technology like Identity Explore automatically surfaces those signals and makes connections among identities so preventive measures can be precisely applied to bad apples only. 

With the right tactics and tools, merchants can save money, reward good customers, and mitigate and prevent losses from policy abuse. A rigorous approach will lead to better service levels, lower insult rates, and fewer abusive claims and ensure every part of the organization is both engaged with fraud prevention and benefiting from it. 

Don’t retreat. Rethink.

Riskified Policy Protect detects the true identity and abuse history behind each claim, so you can offer rewarding policies to loyal customers while blocking systematic abusers.

For more insight into the causes, motivations, and impact of policy abuse and how your strategy stacks up, check out Policy Abuse and Its Impact on Merchants: Global Benchmarks.

1 Riskified Returns & Refunds Abuse 2024 (Research to be published October 2024)