Refund Fraud-as-a-Service is one of the latest new professionalised hacking services rising in popularity, according to Manchester-based software company Netacea.
Its latest threat report, which researched rising trends across a multitude of hacking forums, found over 540 new refund fraud service adverts in the first three quarters of 2022. It also highlighted that refund fraud services increased by almost 150% from 2019 – 2021.
Refund fraud is the abuse of refund policies for financial gain and costs ecommerce businesses more than US$25 billion every year. Those interested in committing refund fraud can outsource the process to professional social engineers offering Refund-as-a-Service. This poses a significant challenge to retailers, as previously legitimate customers can enlist highly experienced fraudsters to perpetrate this fraud on their behalf, making it difficult to identify fraudulent activity.
As online shopping continues its upward trend, professional fraudsters will look to cash in on the opportunity. Netacea’s report explores the current structure of the underground Refund-as-a-Service market, the changing tactics and methods used by adversarial groups to perform refund fraud and how threat intelligence and fraud teams can work collaboratively to effectively combat it.
“As shown in the rise of ransomware-as-a-service attacks, cybercriminals have shifted to a service-based economy — and refund fraud is no exception” said Cyril Noel-Tagoe, principal security researcher, Netacea.
“As we approach Black Friday and the holiday season, ecommerce stores should take the necessary steps to reduce their risk of refund fraud including educating employees on the methods and tactics fraudsters take.”
The report also recommends that delivery carriers should replace or complement signatures with one-time passwords to prevent refund fraudsters from claiming that packages did not arrive. While, ecommerce stores and delivery carriers should work together to look for patterns in their data sets that may indicate fraudulent activity.
Furthermore, the report said reputation is power in the underground market. In the instance that an ecommerce store identifies the claim to be fraudulent after a refund payment has been made, the store should rebill the customer’s account. An influx of rebill complaints from customers may cause the refund fraud service to drop the retailer from their store list, to avoid negative reviews.
