Preventing Fraud in Buy Online Pick Up in Store (BOPIS)

This approach brought on a large amount of risk, as fraudsters would need to have the goods shipped to a customer, and then contact the carrier to have these items held in order to later pick them up.

Very crafty fraudsters would try to send these deliveries to a different location, or try to have them delivered to a PO Box. However, this approach is very complicated and requires a certain savviness on the fraudster’s end in order to ensure success.

A huge risk liability for merchants

As these previously physical purchases transitioned to the card not present (CNP) side, the liability in these cases also shifted, from the credit card company to the merchant.

We’ve continued to see these trends in BOPIS orders within our network. After all, every online transaction, be it shipped goods or pick up in store, require an email address. A competent fraudster is incentivized to use a real, valid email address, as he will need to be able to track their purchase.

More importantly,  when a customer buys an item online and picks it up at the store, confirmation email will often be their proof of purchase, a frictionless way of proving they’ve purchased the item they are trying to claim.

Since we see a higher risk level on items that are picked up in store, we deploy specialized controls to tackle these trends, including delivery type, delivery speed, product SKU(s) and product category. This is similar to how we tailor our controls affecting our customers who deal with digital goods.

These variables include:

  • Delivery Type
  • Delivery Speed
  • Product SKU(s)
  • Product Category

Since digital goods do not need to be delivered or picked up, they are easy targets with immediate benefits, all while keeping risks minimal. BOPIS allows fraudsters to reduce the risk involved in shipping directly to a physical address, making it a new “flavor of the moment” fraud type—a reliable and relatively riskless method of committing fraud.