Blog / Account takeover , Link analysis , Policy abuse

How are fraudsters targeting your subscription business?

Subscription businesses have proved to be resilient throughout the pandemic, but as fraudsters continue to target them, how can fraud teams stay a step ahead?

How are fraudsters targeting your subscription business?

Subscription businesses are subject to online payment fraud, now more than ever. Since the start of the pandemic, the subscription economy skyrocketed - subscribers to digital news and media grew 300%, one in five US customers purchased a subscription box, and it's estimated that by 2023 as many as 75% of consumer brands will have a subscription-based offering.

But, as always, with increased success and popularity comes a higher risk of fraud. Whilst every business sees fraud differently, subscription merchants are vulnerable to specific fraud threats. Let’s take a closer look at top risks and how to manage them...

How are subscription businesses unique?

Subscription businesses come in many shapes and sizes, but most fall under two main categories: online access subscriptions like Netflix, Spotify, or online newspapers, and physical goods subscriptions that send monthly box deliveries of anything from makeup, to wine, or even Harry Potter merchandise.

Whilst these two types of subscription models see fraud differently, the following common features separate their experiences from other online merchants:

Subscription businesses often...

  • Rely on recurring card payments, often taken out of a customer's account every month.

  • Prioritise customer acquisition and retention to make the most of their recurring payment model, and will often utilise social media marketing/offer promotions.

  • Offer in-demand brands and products at a discount.

Whilst these unique features are great for business and make subscriptions attractive to customers, they also attract fraudsters.

How do fraudsters target subscription businesses?

Whilst subscription merchants can see similar types of fraud to other sellers, here are some of their unique fraud threats...

Account takeover on high value subscription accounts

Account takeovers are on the rise, with online retailers seeing an average of 3 significant attacks per month. Subscription accounts can be very lucrative targets, as some businesses enable credit to build over time. A customer might pay $30 a month to BoxOfMakeup, but to receive a delivery they have to login and select products. After they forget to order a box for three months, $90 will sit in their account. Fraudsters target valuable accounts to order/resell products or sell account details on the dark web. In these cases fraudsters know they are less likely to get caught, as the customer with credit probably won’t check their account often so may not notice a takeover.

Customers who share passwords cause profit erosion and create fraud opportunities

It’s common for customers to share passwords for online access subscriptions, as they don’t see the harm and repercussions are rare. New research found that 80% of 13-24 year olds say they’ve given out online TV service account details. Whilst many merchants accept account-sharing as a cost of doing business, it can become expensive. Password sharing is estimated to cost Netflix over $135 million in missed revenue.

Password sharing and setting obvious account details also leave customers vulnerable to account takeover, and it’s a constant source of frustration for fraud teams. Just a week after Disney+ launched in November 2019, thousands of passwords were sold or offered for free on the dark web.

Fraudsters like to mimic online subscription businesses in phishing attacks, like the latest Netflix phishing email that convinces customers to enter their card details and claim a refund. For more information on how account takeovers happen and how to prevent them, watch our recent webinar.

Recurring payments models are susceptible to more chargebacks

Recurring transactions are great because they are completely frictionless, but customers can “set it and forget it," causing subscription merchants unnecessary chargebacks. Customers can easily forget they subscribed to a service or forget to cancel, and be surprised when money is taken out of their account. This buyer's remorse can lead to more friendly fraud chargebacks. If a customer claim is successful, they could falsely reclaim funds from every previous subscription transaction.

Third-party freight companies make subscription box delivery fraud harder to spot

Subscription businesses often localise delivery to one country or area to manage demand, but social media communities - like Glossybox UK and their global ‘Glossies’ - can attract worldwide customers. Customers have been known to get around limited delivery capabilities by using third-party freight companies like and If a fraud team sees an order from a customer in Australia requesting delivery to a freight warehouse in London, it would look immediately suspicious. This genuine behaviour masks fraudsters who use the same third-party delivery services.

Organised promotion abuse and reselling schemes are on the rise

Merchants often overlook promotion abuse by genuine customers, but more organised schemes are emerging that shouldn’t be ignored. Some fraudsters offer customers discounted prices for online access subscriptions by continuously signing up to free trials on their behalf. Similarly with subscription boxes, fraudsters can create multiple accounts to repeatedly use ‘get the first box free’ promos and amass merchandise to resell.

Many subscription businesses offer limited-time discounts and host pop-up events, attracting fraudsters who hide in the increased traffic and quick sales. But reselling schemes are in a fraud grey area. If someone uses stolen credit cards to purchase subscriptions for resale, it’s definitely fraud, but what about genuine customers who buy and trade their favourite beauty box in bulk? Whilst sales teams may not see the harm in this, unchecked reselling networks can rack up hidden costs associated with brand erosure and customer loss.

Graph networks are a great tool to manage fraud against subscription merchants

Every subscription business will experience fraud differently, but you can manage these unique threats by monitoring fraud indicators that match your business priorities, and utilising graph networks...

Different fraud indicators are important to subscription businesses compared to other retailers. Whilst order content is the no.1 key fraud indicator across most retail industries, it’s often unimportant to subscription merchants, as products can stay the same month-to-month and across customers. On the other hand, monitoring order time is significant, as fraudsters tend to accelerate checkout times and choose to pay for next-day delivery with subscription boxes. It’s important to assess your unique business priorities and tailor your approach to identifying fraud.

Graph networks are suited to subscription merchants to help uncover suspicious networks of stolen cards or devices, or highlight mass reselling schemes. Large, fast-growing, or high-risk customer networks become clearly visible, enabling teams to take action against them. To learn more about link analysis and graph databases for fraud detection, you can find more information on our insights page.

Related content