As e-commerce scams mount, Amazon is investing in a 3D imaging company that could help address the growing problem of returns fraud.
The issue stems from a gap in the current online shopping model: a consumer can request a refund, and it is typically issued once the product is shipped back to the retailer. However, bad actors are increasingly sending back empty packages—or ones that don’t contain the original item—and still pocketing the refund.
To combat this, Amazon is backing Cambridge Terahertz, a startup that builds package-scanning technology for supply chain and security applications. Ideally, the tech can inspect returned packages to verify that they contain the correct items before Amazon processes a refund. It’s also compact enough to be installed at multiple points throughout Amazon’s supply chain.
Unlocking Attack Vectors
As data from Appriss Retail reflects, returns fraud is a growing issue, accounting for $103 billion in losses last year. It’s just one of many fraud concerns for e-commerce merchants.
The e-commerce zeitgeist has unlocked new frontiers for merchant—but it also opened new attack vectors for bad actors. One of the main ways cybercriminals are exploiting e-commerce is by impersonating well-known brands.
The emergence of AI has further empowered bad actors, giving them the tools to make their impersonations more convincing. Okta recently discovered that AI can be used to create realistic phishing sites that clone brands like Microsoft, Amazon, or eBay with just a few simple prompts.
Social Media-Driven Scams
Social media has given cybercriminals a new way to both study and attack their targets. For example, a bad actor may follow a social media influencer to learn which products they are promoting and attempt to capitalize on the latest craze by sending phishing emails that mention the influencer or the product.
Amazon and eBay have also been singled out in other scams driven by social media.
“You go to Facebook Marketplace, you click on an ad, and it redirects you to another site,” Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research, told PaymentsJournal. “Often, it’s going to be a typo domain. Let’s say that I think I’m buying a Louis Vuitton. But when I click on that link and it takes me to the site, Louis Vuitton will be a typo domain, maybe with one of the T’s missing.”
“These particular types of attacks are getting much more sophisticated, and consumers have a false sense of trust. If they see a link that comes to them through a marketplace that they think is a trusted site, how often do we look at the domain once we click on the link?” she said.
Under Direct Attack
In addition to attacks aimed at social engineering customers, merchants themselves are often targeted by direct cyberattacks. Department store chain Marks & Spencer (M&S), a fixture of the UK’s retail landscape for over a century, faced significant losses and operational disruption following a ransomware attack.
A group of hackers infiltrated the company’s systems and threatened to shut down its network unless a ransom was paid. M&S refused to comply with the bad actors’ demands—resulting in the loss of access to critical systems. The department store was forced to halt all e-commerce operations and continued to grapple with the aftermath for months.
A Tipping Point
The constant onslaught against merchants’ systems, communications, and customers has brought the industry to a tipping point. Many fraud attacks are now powered by sophisticated technology and even perpetrated by organized cybercriminal organizations. As a result, many merchants are seeking tech solutions of their own.
Artificial intelligence has factored into many of these solutions because the technology can parse vast amounts of data and identify red flags. This functionality is especially applicable in card-not-present environments like e-commerce.
However, any tech-based fraud defense comes with challenges. Because AI models are imperfect, the technology can make mistakes if given too much rein in the fraud mitigation process.
“Sometimes a decision is very obvious, but in cases where it’s not, if you’re not restrictive enough, you’re going to take a fraudulent transaction,” Don Apgar, Director of Merchant Payments at Javelin Strategy & Research told PaymentsJournal. “If you’re overly restrictive, you’re going to alienate a good customer who was trying to make a legitimate purchase.”
Playing Catch-Up
Customer friction, regulatory concerns, and brand reputation are constant concerns for merchants, but these considerations mean nothing to bad actors. This imbalance is a key reason why criminals have gained such a head start in adopting new technologies, leaving merchants in a perpetual game of catch-up.
Even Amazon, one of the world’s largest retailers, is only now beginning to close the loophole around returns fraud—after losing billions of dollars. To stand a chance against a rapidly escalating fraud epidemic, organizations will need have to think outside the box and embrace more innovative, proactive approaches.
