Solutions overview
Harness the power of your data to reduce fraud and increase payment acceptance
Tailor-made fraud protection
Detect and stop fraud faster with clear insights
Adaptive solutions for emerging threats
Defend against ATO, promo abuse and seller fraud
Optimize conversion with agnostic authentication
Manage PSD2 and take control of authentication
Online payment fraud
Understand chargebacks, fees & detection
Machine learning for fraud detection
Models, risk scores & thresholds
Link analysis & graph networks
Draw deeper insights from data
Account takeover fraud
Prevention strategies & reputational risk
Policy abuse
Uncover & stop hidden costs
PSD2 & SCA
3D Secure, TRA & exemptions
Global payment regulation map 2022
Track PSD2 & more with a full report
Resource Zone
Deep dives on fraud & payments topics
Blog
The latest fraud & payments updates
API & developer docs
APIs, glossary, guides, libraries and SDKs
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Partners
Join our partner programme
Uncover & stop hidden abuse
Resource zone
Read more about our happy custmomers
Blog / Account Takeover
Subscription businesses have proved to be resilient throughout the pandemic, but as fraudsters continue to target them, how can fraud teams stay a step ahead?
Share this article:
Subscription businesses are subject to online payment fraud, now more than ever. Since the start of the pandemic, the subscription economy skyrocketed - subscribers to digital news and media grew 300%, one in five US customers purchased a subscription box, and it's estimated that by 2023 as many as 75% of consumer brands will have a subscription-based offering.
But, as always, with increased success and popularity comes a higher risk of fraud. Whilst every business sees fraud differently, subscription merchants are vulnerable to specific fraud threats. Let’s take a closer look at top risks and how to manage them...
Subscription businesses come in many shapes and sizes, but most fall under two main categories: online access subscriptions like Netflix, Spotify, or online newspapers, and physical goods subscriptions that send monthly box deliveries of anything from makeup, to wine, or even Harry Potter merchandise.
Whilst these two types of subscription models see fraud differently, the following common features separate their experiences from other online merchants:
Subscription businesses often...
Rely on recurring card payments, often taken out of a customer's account every month.
Prioritise customer acquisition and retention to make the most of their recurring payment model, and will often utilise social media marketing/offer promotions.
Offer in-demand brands and products at a discount.
Whilst these unique features are great for business and make subscriptions attractive to customers, they also attract fraudsters.
Whilst subscription merchants can see similar types of fraud to other sellers, here are some of their unique fraud threats...
Account takeovers are on the rise, with online retailers seeing an average of 3 significant attacks per month. Subscription accounts can be very lucrative targets, as some businesses enable credit to build over time. A customer might pay $30 a month to BoxOfMakeup, but to receive a delivery they have to login and select products. After they forget to order a box for three months, $90 will sit in their account. Fraudsters target valuable accounts to order/resell products or sell account details on the dark web. In these cases fraudsters know they are less likely to get caught, as the customer with credit probably won’t check their account often so may not notice a takeover.
It’s common for customers to share passwords for online access subscriptions, as they don’t see the harm and repercussions are rare. New research found that 80% of 13-24 year olds say they’ve given out online TV service account details. Whilst many merchants accept account-sharing as a cost of doing business, it can become expensive. Password sharing is estimated to cost Netflix over $135 million in missed revenue.
Password sharing and setting obvious account details also leave customers vulnerable to account takeover, and it’s a constant source of frustration for fraud teams. Just a week after Disney+ launched in November 2019, thousands of passwords were sold or offered for free on the dark web.
Fraudsters like to mimic online subscription businesses in phishing attacks, like the latest Netflix phishing email that convinces customers to enter their card details and claim a refund. For more information on how account takeovers happen and how to prevent them, watch our recent webinar.
Recurring transactions are great because they are completely frictionless, but customers can “set it and forget it," causing subscription merchants unnecessary chargebacks. Customers can easily forget they subscribed to a service or forget to cancel, and be surprised when money is taken out of their account. This buyer's remorse can lead to more friendly fraud chargebacks. If a customer claim is successful, they could falsely reclaim funds from every previous subscription transaction.
Subscription businesses often localise delivery to one country or area to manage demand, but social media communities - like Glossybox UK and their global ‘Glossies’ - can attract worldwide customers. Customers have been known to get around limited delivery capabilities by using third-party freight companies like shipito.com and boxitforme.com. If a fraud team sees an order from a customer in Australia requesting delivery to a freight warehouse in London, it would look immediately suspicious. This genuine behaviour masks fraudsters who use the same third-party delivery services.
Merchants often overlook promotion abuse by genuine customers, but more organised schemes are emerging that shouldn’t be ignored. Some fraudsters offer customers discounted prices for online access subscriptions by continuously signing up to free trials on their behalf. Similarly with subscription boxes, fraudsters can create multiple accounts to repeatedly use ‘get the first box free’ promos and amass merchandise to resell.
Many subscription businesses offer limited-time discounts and host pop-up events, attracting fraudsters who hide in the increased traffic and quick sales. But reselling schemes are in a fraud grey area. If someone uses stolen credit cards to purchase subscriptions for resale, it’s definitely fraud, but what about genuine customers who buy and trade their favourite beauty box in bulk? Whilst sales teams may not see the harm in this, unchecked reselling networks can rack up hidden costs associated with brand erosure and customer loss.
Every subscription business will experience fraud differently, but you can manage these unique threats by monitoring fraud indicators that match your business priorities, and utilising graph networks...
Different fraud indicators are important to subscription businesses compared to other retailers. Whilst order content is the no.1 key fraud indicator across most retail industries, it’s often unimportant to subscription merchants, as products can stay the same month-to-month and across customers. On the other hand, monitoring order time is significant, as fraudsters tend to accelerate checkout times and choose to pay for next-day delivery with subscription boxes. It’s important to assess your unique business priorities and tailor your approach to identifying fraud.
Graph networks are suited to subscription merchants to help uncover suspicious networks of stolen cards or devices, or highlight mass reselling schemes. Large, fast-growing, or high-risk customer networks become clearly visible, enabling teams to take action against them. To learn more about link analysis and graph databases for fraud detection, you can find more information on our insights page.
Grace Proctor, Content Writer
Blog / News
You might’ve heard about a new fraud tactic called ‘account pre-hijacking.’ But what actually is it? And how can you prevent it? Let’s break it down.
If you offer a subscription, recurring payments can leave you vulnerable to unique fraud risks. How should you tailor your fraud strategy?
Buy now, pay later is exploding - what risks could this bring your business? We speak with Nelda Biltauere, Fraud Researcher at Ravelin, about BNPL challenges, costs & strategy.