Tax Refunds Rock! Unless They’re Stolen and Used for Evil
By Sift /
13 Feb 2015
We’re in the midst of tax season again. Over the past several years, a steadily increasing number of criminals have targeted U.S. online retailers immediately after the tax season, paying for transactions with prepaid debit cards obtained through fraudulent tax returns.
It works like this: Joe Fraud has Susie Taxpayer’s social security number, address, and employment information. He uses a tax preparation service to file Susie’s tax returns on her behalf and chooses to have the refund deposited onto a prepaid debit card. Joe Fraud then uses the prepaid card to buy high-ticket items online.
As a merchant, there are a few reasons to be concerned about this growing threat. Chargebacks can still apply for these purchases, despite the rarity of chargebacks associated with prepaid debit purchases. However, more important is the overall cost of dealing with the fallout from these fraudulent purchases. Having been a fraud agent and manager myself, these scam purchases are frustrating. Although I never drastically restructured my review process to catch the handful of fraudulent purchases using these prepaid debit cards, I did keep a closer eye out for them during tax season. As with all scammers and criminals, these tax return fraudsters leave clues.
These orders are generally high-dollar orders on new accounts. The shipping and billing addresses likely don’t match, which is typical of fraud in general. The difference comes down to card type: if you look into the card type, you’ll find that it’s a prepaid debit card. The phone number provided is unlikely to be verifiable to the cardholder through online channels, and getting the issuing bank to verify prepaid card information is usually impossible because they often don’t have cardholder information on file. However, if you reverse lookup the provided billing name and/or address, you can sometimes obtain the victim’s phone number, who is generally unaware of the fraud.
As a rule, these signs are excellent barometers of an order’s “badness”. These indicators can also help to detect credit account takeovers for high-limit personal and corporate cards (which we’ll discuss in a future post). As with tax refund fraud, the best way to confirm a bad user’s involvement is by finding a contact number or address outside of the bank’s available verification methods.
Why It Matters
In fraud prevention, many merchants prioritize reviewing orders based on the expected loss versus the cost of preventing it. With purchases made on fraudulently obtained tax refund cards, the expected loss is relatively low due to infrequent chargebacks, while the time and effort required to accurately review these orders is relatively high. So why bother?
Others may disagree, but I think that doing the right thing and stopping this kind of fraud in its tracks is always worthwhile. The victims of this fraud will have a hard time correcting it, and any early notification can help. Giving the victims a heads up and impeding criminals is — in my opinion — a worthy task.
More pragmatically, I also believe that anything that makes you a pain for fraudsters will help your bottom line. Criminals value their own time, and they’ll remember your site as one that frustrated their efforts.
Have you encountered this kind of fraud? What do you watch for when reviewing orders? Share your thoughts and feedback in the comments, or tweet us @siftscience!