Tips for retailers as delivery fraud escalates
By Ben Sillitoe
Officers from the Dedicated Card and Payment Crime Unit (DCPCU) made several arrests in May, in connection with investigations into scam texts claiming to be from Royal Mail.
Suspects were detained on suspicion of fraud involving the use of texts claiming to be from the carrier. Charges have been made, investigations are ongoing, and further arrests are expected to be made.
Other delivery firms – and retailers themselves – have fallen victim to phishing scams in recent months, too, in what appears to be an increase in delivery fraud, where criminals trick consumers into sharing payment details or other personal information.
It’s been widely documented that many people have started shopping online for the first time since the pandemic took hold, and their inexperience is clearly being prayed on. However, I’ve been shopping online for years, and I and others I know were almost duped at Christmastime by a really sophisticated trickster email suggesting I’d missed a home delivery.
It’s a pretty dangerous landscape out there for consumers, so for this blog we’ve gathered some tips and advice for retailers, to help do all they can to protect their customers from fraudsters.
Promote awareness of scams
The banks have become pretty good at telling consumers what types of communication to expect from their customer service teams, and retailers might want to follow suit – especially as the digital engagement drive becomes more important to the sector.
Richard Evans, IT director of information security at Yodel, a parcel carrier, says fraudsters tend to target their victims “when they are at their most vulnerable” with a clear increase noted during Covid-19 lockdowns and peak online shopping periods.
“Regularly promote awareness, particularly during key events, of these scams on website front pages or via mobile applications providing guidance on how to avoid them and what to do if they fall victim,” he advises.
“Confirm that you will NEVER request payment or confidential information via a link/URL in a text message or an email.”
Brad Houldsworth, head of product at eCommerce platform provider Remarkable Commerce, believes this “doesn’t happen often enough” in the retail world.
“The best approach for any retailer to take is ensure the consumer is told about the type of official communications they can expect to receive, when they make an order/enquiry,” he says.
Offer open and real-time comms channels
Monica Eaton-Cardone, chief operations officer and co-founder of Chargebacks911, a chargeback prevention technology provider, says the growth in home delivery and click & collect since the onset of the coronavirus crisis has “opened the door for opportunistic fraudsters, claiming for goods – including fast food deliveries that supposedly didn’t arrive”.
“The best solutions are always the most straightforward,” she notes.
“By working with the experts to maintain an open communication with consumers, retailers can avoid unauthentic customer disputes. Something as simple as providing direct contact numbers or offering delivery tracking and confirmation can make all the difference in reducing the risk of fraud.”
Indeed, Andrew Gough, vice president of global sales at HelloDone, a conversational commerce tech company, says: “Offering consumers the opportunity to interact with brands in real-time at the post-purchase stage can mitigate this risk and help flag any queries around unexpected charges.”
Barley Laing, UK managing director at Melissa, which helps retailers verify customer addresses and contact details, says the increasingly sophisticated fraud, such as the aforementioned SMS delivery fraud messages that proliferated recently, highlight the importance of retailers and carriers preventing all types of fraud.
“The best place to start, and for a light touch yet very effective approach to ID verification to help significantly reduce fraud, is for those operating in the retail industry to undertake electronic ID verification (eIDV),” Laing argues.
“When someone is about to complete a purchase online using such a service, automated cross-checks are run against the data they have provided in real time. This means matching someone’s name, address, date of birth, email or phone number against reputable data streams, like government agency, credit agency and utility records.”
To do this effectively, he adds, retailers need access to “billions of global records in real time to ensure the user experience isn’t compromised”. He suggests these eIDV services also “enrich customer records by highlighting and correcting any existing inaccuracies”.
Combat it together
With both retailers and those involved in the delivery of goods targeted by fraudsters, it is going to take a wider industry effort to tackle the problem: one side is not more responsible than the other.
Rory O’Connor, founder & CEO of Scurri, a delivery management software provider, brings the focus to the week ahead.
“In the run-up to Amazon’s Prime Day on June 21 and 22, consumers have been explicitly warned to be wary of clicking on potentially fraudulent messages and emails regarding parcel deliveries,” he says.
“In situations where delivery fraud may happen, it’s imperative that delivery companies stay in constant contact with both retailers and customers throughout the process – and from one central email address or phone number.”
O’Connor describes the “huge benefit” in retailers offering tracking updates themselves and using their own websites for branded tracking “to build trust”, and says delivery companies should have a way for the recipient to authenticate whether a text message or email has come from them.
Get consumers to report the crimes
Circling back to the importance of clear customer communication, Ciaran Bollard, CEO at Kooomo, an eCommerce platform provider, says phishing messages have surged since last Christmas in Ireland – but calls it a matter for the local authorities.
“Recipients are asked not to provide payment details, to take a screenshot of the text/email, delete it and report the matter to their local Garda (police) station,” he explains.
“These are the types of messages that retailers should be reiterating.”
The DCPCU, which is a UK-wide proactive police unit, formed as a partnership between UK Finance, the City of London Police and the Metropolitan Police, says it continues to combat fraudulent activity such as the so-called Royal Mail-themed ‘smishing’ texts.
Gary Robinson, the head of the unit, said at the time of the arrests in May “we are cracking down on the criminals ruthlessly targeting the public”.
But as we know criminals are often a step ahead of the game, so retailers, carriers and consumers need to have their wits about them.
We’re all consumers aren’t we, so let’s do what the authorities advise and “take five to stop fraud” if we receive suspicious messages. That involves taking a moment to stop and think before parting with money or information, challenging any suspicious requests, and contacting banks and Action Fraud immediately if you think a scam has taken place.
And that’s good advice for retailers to pass on to their customers, as B2C communication in this space ramps up due to necessity.