This article was published in the April 2015 issue of STORES Magazine.
Micro Center found an online promotion spurred fraud
The popularity of e-commerce is only growing, with convenience and price the most prevalent reasons people buy online. The issue is that a significant number of online shoppers rarely visit bricks-and-mortar locations — and vice versa. That’s where the concept of buy online, pick up in-store comes in: The idea is that retailers could integrate their e-commerce operations with physical stores.
Online shoppers expect greater selection, lower prices and free shipping — all features that chip away at margins already thinned by price-matching strategies.
The good news is that shoppers will change their behavior, says Rodney Mason, CMO of Blackhawk Engagement Solutions: All they need are the right incentives. A 2014 study from Blackhawk found that 64 percent of consumers already buy online and pick up in store. As many as 82 percent of consumers would consider buying online and picking up products in-store if they received a $10 rebate on a $50 item.
Retailers are listening: Merchants from Walmart to Whole Foods Market are offering the option. The convenience has a dark side for retailers, however: The option to buy online and pick up purchases in bricks-and-mortar locations has opened a whole new avenue for identity thieves to cash in.
Something amiss
Computer and electronics retailer Micro Center recently ran a special promotion to bring traffic into stores: Customers could make purchases online, and then pick up their orders in a store in as little as 18 minutes.
“The promotion gave us a competitive advantage,” says Skip Myers, Micro Center’s director of loss prevention and risk strategy. “People were buying things and picking them up on their lunch hour.”
During all this activity, Myers and his staff were monitoring transactions. They noticed multiple orders for several Apple products such as MacPro notebooks and iPads, which were running into the thousands of dollars.
Suspecting that something might be amiss, Myers checked the credit cards used in the transactions. They all had the same name but the credit card numbers were different. In addition, he noticed that the name was somewhat unusual. The first thing he did was run the name through a search engine.
“Up popped this stuff from Oklahoma, from the Department of Corrections with her name, her picture and all the information on her conviction for credit card fraud,” Myers says. The website even provided the name of her probation officer. “The probation officer was very interested in her, since she had not reported for a while.”
The thief wasn’t being shy about her activities, either. Myers checked her Facebook page and found that “she was bragging about what she was doing, ripping off stores with phony credit cards,” he says. “She even talked about where she had been and where she might be headed.
“We matched her picture with surveillance footage from our stores in Kansas City and Chicago and could see she was traveling with two male companions,” Myers says. “We were able to put our Ohio stores on high alert.”
A couple of days later, the trio turned up at the store in Columbus, Ohio, to pick up items ordered online. Once they were identified, they left the store without the merchandise they ordered. The following day, the woman and her friends showed up at the Cleveland Micro Center, where local police had been notified and the three of them were arrested. The woman was charged with felony credit card fraud and violating her probation.
In addition, Myers says, “Upon searching her vehicle, police found numerous stolen items in the trunk from Micro Center, Home Depot, Best Buy and Target.”
“Many fraudsters use the in-store pickup in conjunction with shipped orders as a way to bypass fraud screens.”
Security checks
The type of fraud perpetrated against Micro Center isn’t the only way the buy online, pick up in-store concept is being exploited.
“Many fraudsters use the in-store pickup in conjunction with shipped orders as a way to bypass fraud screens, because merchants tend to consider orders with in-store pickup as less risky since they can check customer information at the store,” payment management company CyberSource wrote in a report from a 2013 fraud attacks webinar. “While fraudsters have no intention of picking up the product in the store, the merchant is more likely to ship the other part of the order if an in-store pickup is associated with it.”
The migration to buy online, pick up in-store fraud comes as merchants have become savvier about shipping orders to an address that differs from the billing address associated with the credit card being used for payment. In addition, the criminals themselves have become wary of using third-party pick up points too often, lest they come under more surveillance.
Online retailers can tell you that they have experienced fraudulent transaction rates that often run three to five times higher than those seen in traditional bricks-and-mortar stores, says Sean Trundy, COO with UVeritech, a supplier of counterfeit detection and identification verification equipment.
“Criminals using fraudulent documents are much safer doing so from the anonymous Internet than in person in the store,” Trundy says. By shopping online, the fraudster can test stolen credit card numbers to determine which ones are still active.
The best way to counter this, he says, is by verifying that customers are who they say they are — checking that the credit cards and identification documents being presented are legitimate.
The option to buy online and pick up purchases in bricks-and-mortar locations has opened a whole new avenue for identity thieves to cash in.
Such a security check was not used at the victimized Micro Center locations, says Myers. The 18-minute promotion “was working really well for us,” and the intention was not to inconvenience the customer. In addition, it was determined there were valid reasons the person picking up the order at the store might not have the credit card.
“Small businesses were ordering merchandise and having someone other than the cardholder doing the pickup,” Myers says. “Parents would pay for an item and have their son or daughter away at college pick up at a store near them.”
The promotion was a new concept, Myers says. “We didn’t have a lot of controls in place [and] the bad guys took advantage.”
He says he would caution merchants against using a similar promotion or even just using the traditional buy online, pick up in-store model. “If any other retail is using buy online, pick up in-store, they’re lying if they tell you it’s not a problem.”