_{hello world [what’s up]}

Welcome to the pre-launch, rough-drafty, alpha version of the Cartomancy Labs Futurecast. I can’t promise it will get any better than this, but I’m thrilled you’ve decided to come along for the ride. Let’s taco-bout Trust And Cyber Online. 🌮

It’s Boxing day, a day much loathed by retail workers throughout time. Back when I worked in a mall, it was the second busiest day of the year - after Black Friday. But Boxing day was so much worse, because it was the Day Where Everyone Wanted to Return Their Gifts. Nobody had a receipt, all the boxes were opened, ripped, and the store itself looked like a wave of angry elves had chewed their way through all of the racks. Everyone was required to work a shift that day.

I’m not sure if Boxing Day is quite as dire in these days of gift receipts and online returns, but dealing with returns has become an issue year-round. One of my favorite cases in business school was about Nordstrom and their fantastic customer service, how they would accept returns, no questions asked. Including a set of Firestone tires. The comment is meant to be a punchline and reinforce the resolute and elegant customer service: but that anecdote has kept me in a tailspin for years. Obviously Nordstrom doesn’t sell tires.  Did that even come up with the customer? How did they determine the amount of the return? Where did they put the tires? How did they deal with the inventory on an ongoing basis? Did they figure out how to sell the tires back to a garage? None of these questions were answered in the business case, but just thinking about it reminds me of the eBay warehouse (closet?) where marketplace transactions had gone bad, and eBay ended up being the broker of returns and returned merchandise. Just a whole bunch of people and space dedicated to transactions gone wrong.

Fraud technology is typically pointed “up front”, on the original purchasing transactions, because that’s where most of the fraud lives, in that initial money movement, and the connection between the buyer in the transaction and the financial instrument they present at the point of sale. But that may be changing. Last year Dark Reading reported that Refund Fraud-as-a-Service was taking off, with ads on hacker forums up 60% and losses from refund fraud estimated to surpass $25B/year. TBH I didn’t really clock the trend as more than a rise in the offering of refund fraud services, but this year it’s really come together. Many anti-fraud services are adding the full transaction lifecycle into their kit, to enable risk based evaluations of transactions both up-front (at time of purchase) and also at time of refund or return. In addition to being an open and egregious problem, like many successful fraud schemes we are also seeing rings organize to capitalize and scale the issue into a business, hence big retailers/marketplaces like Amazon and Walmart teaming up with federal prosecutors go after large rings targeting them. 

It takes a lot of participation to get to a ring worth pursuing - in  Amazon’s suit against REKK, there were seven former Amazon employees named in the complaint as well as the 20 ring organizers (REKK). And this scam doesn’t just involve criminal fraud organizers, and corrupt insiders, but requires collusion with buyers who have probably had a legitimate customer relationship with the retailers for some time. Roughly, the scam is like this: the buyers would go ahead and make purchases, and then pay REKK a commission (~30%) for REKK to represent them in a dispute process, in order to get a refund without merchandise return required. 

It’s pretty hard to go after entire rings of bad actors, it takes a ton of time to build cases against the participants. I think this quote is worth noting: "In November alone, Amazon supported law enforcement agencies across three continents to take action against multiple refund groups, resulting in arrests and the disruption of organizations responsible for millions of dollars in fraud," said Amazon cybercrime attorney Jamie Wendell.  This kind of coordination is only possible when the corporations (retailers, in the case of refund fraud) are willing to really invest in detection and investigation  – BleepingComputer also reported that Amazon says it spent at least $1.2 billion in 2022 alone (that includes a dedicated workforce of > 15k people) to combat theft, fraud, and abuse.

If Amazon’s willing to spend $1.2B on fraud, that means it’s a problem worth innovating on to help out smaller entities who are affected by the problem but don’t have the resources to make such concerted investments. Expect more offerings in this space in 2024.

_{training data [what’s new]}

Privacy / Surveillance: Security cameras have always been a staple of physical security, but amping-up those cameras with facial recognition is not going over very well for RiteAid, who's settled with the FTC after being found to have misused the technology in such a way that was described as “reckless” and resulted in shoppers being “subjected…to unfair searches and humiliation”. Note that racial bias in facial recognition is well-documented. 

Trust & Safety / Startups: While early adopters of ML/AI, the T&S industry is still bogged down by heavily manual review and moderation practices, and could benefit from additional automation and modernization. Y Combinator-backed Intrinsic is stepping into this space and promising to speed-up the development of custom classifiers, and orchestrate the enforcement actions that follow detection. This is a crowded space, but larger scale platforms need to train their classifiers on their own data against their own policy suite, if Intrinsic can maintain flexibility and operate at scale, that will make this an interesting player in the market as content platforms continue to be scrutinized by regulators and their user bases.

Fraud Losses: Banks/FIs in the US continue to get hammered with fraud losses again, with PYMNTS intelligence reporting that nearly 43% of FIs experiencing an increase in fraud in 2023 over 2022, and where losses are up at larger FIs, they are up almost 65% over 2022. Fraud loss rates (the share of transactions resulting in fraud loss) for this segment increased from 1.6 basis points in 2022 to 1.9 in 2023. The source report is paywalled (registration walled) but worth downloading if you like looking at numbers.

Holiday scams: It’s a little late to warn you about holiday scams, but it will be even later soon, so here are some of the scams of 2023 that were interesting. FTC warns consumers about fake shipping notification emails and text messages - I can confirm that my SMS junk bin is full of fake messages from “shippers” who can’t seem to find my address but can find my phone number. Gift card scams were all over the news this year: fraudsters love the liquidity and anonymity of gift cards, but when consumers get hit with the losses it straddles crime categories (it’s some kind of fraud, but also a scam). When buying these cards at retail locations, check for tampering on the packaging, and weirdness on any scratch-offs. In addition to these trendy scams, FBI warned consumers earlier this year to stay vigilant about traditional scams that fall under the “if it looks too good to be true, it probably is” category, plus beware of unsolicited incoming deals and offers. These scams can happen in-person or online, and while it’s a great time of year to be full of holiday cheer, keep your spidey senses tuned-up, as well.

_{find more cartomancy [what’s out there]}

_{ttyl [what’s next]}

Thanks for reading to the end of this set of lab notes. I’m thrilled to have some fellow travelers mapping out where we’ve been, philosophizing about where we want to be, and building the paths to get us where we’re going.

See you next time on the Futurecast!

Allison

@selenakyle

/