Search Podcasts

Episode 220 – Stay Ahead of the Game: Understanding and Countering Policy Abuse with Eyal Elazar, Riskified

Yvette Bohanan

September 13, 2023

In this episode, Yvette Bohanan and Chris Uriarte sit down with Eyal Elazar, Head of Product Marketing at Riskified, to discuss policy abuse trends and the implications of consumers and professional criminals increasingly engaging in these schemes.

You can listen to the full podcast using the player below or continue reading to learn more about this topic.

What is Policy Abuse?

Policy abuse, a form of first-party fraud, occurs when a customer – whether legitimate or a professional posing as a legitimate customer – manipulates a business’s policies for financial gain.

A newly released 2023 Riskified survey of over 300 merchants found that 90% of online merchants believe policy abuse is a significant problem for their bottom lines.

Percentage of online merchants who believe policy abuse is a significant problem for their bottom lines

Source: Riskified, 2023


Policy abuse can take various forms, including:

Return Fraud: Exploiting a business’s return policy by returning used or stolen items for a refund or store credit. Organized groups sometimes engage in return fraud schemes, resulting in significant financial losses for businesses.

Coupon Misuse: Using coupons in ways that violate the terms and conditions set by the business. Examples include photocopying coupons, using expired coupons, or combining multiple coupons inappropriately.

Offer Exploitation: Creating multiple accounts or using fraudulent information to take advantage of discounts, freebies, or other offers intended to attract new customers.

Item Not Received (INR): INR occurs when a legitimate customer does not receive a purchased item. INR can be used in cases of third-party fraud when a customer has a package stolen from their doorstep or when the item they were expecting is not shipped to them. However, when a legitimate customer receives the item but claims they did not in order to avoid paying for it, then INR becomes first-party fraud.

Reseller Abuse: Using automated bots to purchase items from a retailer (or manufacturer) to create false scarcity and resell the items on a marketplace at a higher price. The business suffers rapid inventory depletion, resulting in revenue and reputational impacts, along with being disintermediated from the customer. The customer who purchases through the reseller suffers, too, by paying more than they should for the product.

While some forms of policy abuse have held steady for the past year, several are on the rise. In a recent Riskified survey, 37% of business respondents noted that return fraud is increasing, 57% have seen an increase in Item Not Received (INR) fraud, 38% have seen an increase in promotional code abuse, and 45% have seen an increase in reseller abuse.

Why is Policy Abuse Hard to Prevent?

Given the wide range of policy abuse schemes and that an estimated 30-40% of policy abuse cases involve legitimate customers, it is not surprising that fraud controls designed to mitigate third-party fraud (where the customer or account holder suffers a financial loss) are not successful in detecting policy abuse. Moreover, many policy abuse schemes, such as coupon fraud, do not result in a chargeback – historically an essential confirmation tool for detecting fraud patterns, blocking bad actors, and training models.

What Should Businesses Do To Curb Policy Abuse?

Because the symptoms and financial impacts of policy abuse show up in various places in an organization, businesses should create a cross-functional team to discuss all forms of policy abuse. Consider a team that includes risk management, finance, legal, customer support, marketing, and logistics. As appropriate, product managers, software engineers, and information security team members may be included to discuss trends, issues, and potential improvements to controls.

Data that reflects a 360-degree view of marketing programs and customer accounts is critical to making cross-functional conversations actionable. High-level data that pulls through a customer journey – for example, sales, returns, chargebacks, and refunds related to a specific marketing promotion – is a good place to start. Be prepared to segment data further to see patterns that will unearth actionable information. Segmenting by payment methods, geographic details (such as zip code), and customer demographics will be important to ensure controls are specific enough to protect good revenue. Getting to actionable insights requires everyone to focus on the 360-degree view of the data and resist the urge to look solely at gross sales. Focusing on the “top line” can result in limited thinking about the actual revenue a program or product is generating, allowing fraudulent schemes to perpetuate.

Once a new control is identified, creating or enhancing automated controls focused on specific policy abuse schemes enables scalability and tuning for a particular form of abuse. For example, models and tools that detect reseller bots will identify bot versus good customer activity. Combining these automated controls with refreshed manual controls, such as updated customer support procedures and policies, creates a comprehensive, measurable, and tunable response to specific risks.

Policy Abuse is Here to Stay

With younger demographics more prone to believing policy abuse is acceptable behavior and more organized rings participating in first-party fraud schemes, businesses must recognize that policy abuse is here to stay and act accordingly. Getting the conversation started internally and looking closely at your data is the first step in mitigating the losses and risks associated with this first-party fraud.

Recent Payment Views

Involuntary Churn: Measured and Managed

Involuntary Churn: Measured and Managed

In our previous post on involuntary churn, The Payments Playbook for Challenging Churn, we explored the challenges faced by business in managing recurring billing operations. The post explored various tactics to manage and reduce involuntary churn, such as dunning...

read more
Buy Now, Pay Later: Where Have the Months Gone?

Buy Now, Pay Later: Where Have the Months Gone?

At the beginning of the year, I hypothesized that four issues needed to be addressed for sustained Buy Now, Pay Later success. What happened this year? To what extent did we mature our BNPL market?  Let's take a look at 2023 progress: Issue 1: BNPL Education January...

read more
Payments Post #6: Glenbrook’s August Roundup

Payments Post #6: Glenbrook’s August Roundup

Chris Uriarte and Justin Pituch put their heads together to sift through the August news in search of a broader storyline. Looking back at headlines surrounding merchant surcharging, fee backlash, and Adyen’s lackluster H1 performance, we noted an underlying theme of...

read more
Payments Post #6: Glenbrook’s August Roundup

Payments Post #5: Glenbrook’s June/July Roundup

Payments Post was on vacation last month; your editor was making his way from Berkeley, CA to a new home in Chicago, IL. But now that I’m settled in the Windy City, I’m happy to present this “double feature” post, covering developments in both June and July. Two major...

read more

Glenbrook Payments Boot CampTM

Register for the next Glenbrook Payments Boot CampTM

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot CampsTM workshops tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

GlenbrookTM Company Press

Comprehensive books that detail the systems and innovations shaping the payments industry.

Launch, improve & grow your payments business