There's a certain type of payment that's prone to fraud because the payer doesn't always know when a transaction is made, or even when the relationship starts.
"Not all consumers are aware when their credit card is used for subscription payments," said Fred Felman, the chief marketing officer at Recurly, which provides subscription management for companies such as AccuWeather, Sling Media, Groupon, JibJab Media, Asana, Twitch.tv and Zillow.
Subscription fraud can vary, but a common case involves a crook using a stolen card to set up a recurring service such streaming music or video. The initial payment is small and not noticeable on a monthly card statement, so the legitimate account holder is less likely to notice the charge. "So a bad purchase from a stolen card may go on for months before it's noticed," Felman said.
The fear that that chip cards will cause fraud to migrate to online 'card not present' transactions is well known, and there's evidence to support that sentiment. Felman and Recurly are concerned there's a particular threat for recurring subscription payment because of the transactions' ability to fly under the radar.
"There is a substantial threat, especially with digital services. There's a lot of demand for streaming video, content and software," Felman said. "The entitlements to purchase and regularly pay for these services are easily given and are given instantaneously."
Recurly is collaborating with Kount, a Web-based fraud detection company, to try to get a jump on subscription billing fraud by spotting unusual transaction patterns, as well as automating transaction reviews to improve workflows for merchant investigations.
Recurly will integrate Kount's tools into its billing engine to produce a merchant-focused anti-fraud tool. The security technology uses a mix of shopping cart data, cross-merchant linking, mobile device signals, device fingerprinting, geolocation and other data points to screen and review transactions.
Each transaction gets a score to determine if a further review is required based on the merchant's specifications. Kount has also collaborated with Ethoca, another fraud prevention company, to spot the use of cards that have a prior history of fraud or chargeback disputes.
"We want to be able to determine in the middle of a transaction if it's a bad card that's being used, or if there's a threat to the card," Felman said. "If there's a large order, for example, it may set off a review process to determine if the merchant should honor the card."
Despite the potential for a fraudulent subscription to persist undetected for months, the greatest threat for subscription billing fraud is at the beginning of the relationship, according to Tim Sloane, vice president of payments innovation for Mercator Advisory Group. "For example, Amazon and Apple need to manage fraud much more closely on new accounts than they do on older accounts," Sloane said.
Recurring payment relationships also pose challenges for crooks that merchants and security companies can take advantage of as part of the battle, according to Sloane.
Criminals may put a stolen card on file for one or two purchases, but risk getting caught if they stick around for much longer, Sloane said. Still, the low initial risk is enticing.
"A digital purchase would be best for the criminal, but digital goods have a low resale value," he said. "A retail purchase has greater resale value but represents greater difficulty because the criminal must set up a bogus address for delivery."
In this environment, solutions that track the initial setup of a recurring relationship across multiple merchants have a better ability to detect crooks, Sloane said.