What Consumers & Merchants Should Know About Address Fraud

Picture this: as a merchant, you're contacted by a customer who is demanding a refund for items they never received.

Naturally, you try to verify information about the transaction. You check the address to authenticate the buyer’s identity…but the addresses don’t match. When you look a closer at the account in question, other details seem to have been changed without the customer’s knowledge.

What happened?

Your buyer might’ve been hit by an address fraud scheme. This isn’t a new trick by any stretch of the imagination. But, given the rise of digital commerce, its frequency and scope have increased significantly in recent years.

In this article, we’ll take a hard look at address fraud. We’ll see what it is, how it works, who it affects, and what can be done to stop it.

What is Address Fraud?

Address Fraud: Address fraud is a tactic by which fraudsters use stolen credentials to access a user’s account and change their physical address information. Address fraud enables other fraudulent behaviors, like redirecting goods purchased by an authorized user to the fraudster’s address.

As the name implies, address fraud can apply to any scheme involving falsified address information. Most often, though, it happens when a criminal impersonates someone else to provide false mailing address information about that individual.

Address fraud can occur after a bad actor gains access to a user’s account details. The fraudster can then change the victim’s account details to enable other fraudulent activities.

The criminal may even impersonate the cardholder with the United States Postal Service or UPS, for example. Fraudsters can contact the Post Office and impersonate a consumer. They can then claim that their victim has moved to a new address (i.e., the fraudster’s address), then request that all mail be forwarded to this new location.

Chargebacks for Dummies

Chargebacks can wreak havoc on your cash flow and profitability. This book is your guide for preventing chargebacks and, when they happen, fighting them more effectively. Request your FREE paperback copy of Chargebacks for Dummies today!

Send Me My Free Book!

With little effort, a criminal could arrange for a user’s account statements, bills, and other sensitive details to be delivered right into their hands. Scary, right?

Generalized address fraud is a concerning issue. For our purposes, though, we’ll be focusing on address fraud related to identity theft and account takeover fraud online.

Address Fraud in eCommerce

Cybercriminals can use address fraud as a tactic to facilitate other acts of fraud, particularly in eCommerce.

Let’s put this into perspective. Many eCommerce sites let users create accounts and store their billing and shipping information. When someone makes a purchase, how thoroughly do they tend to check that info before each purchase?

Criminals have a lot of different methods of gaining access to users’ account details. They can hack an unsecured eCommerce site, use phishing tactics to trick users into giving up their credentials, or they may buy them on the dark web.

Common Question

What is phishing?

Phishing is a social engineering scheme designed to trick users into voluntarily giving up their personal information. The attacker may send the victim a targeted email, impersonating a trusted sender, or they may create dummy sites and wait for unassuming victims to key in their information.

Learn about other common eCommerce fraud threats

Once they have the information, bad actors can change the cardholder's address on file, ensuring that any goods purchased get sent to them instead. Worse, they could use that information to target multiple eCommerce accounts at once if the victim reuses the same credentials on multiple sites. The fraudster can let cardholders run up a hefty bill for items that will never be delivered.

The effects of such scams can be devastating for cardholders. Address fraud also hurts merchants, though. Cardholders have legal protections in place if they become victims of fraud, like the chargeback process. When these schemes happen, the merchants tend to be left footing the bill.

Learn more about the chargeback process

Address fraud is just one of countless potential fraud threats facing your business.

The solution for criminal fraud chargebacks is a click away.

Common Signs of Address Fraud

One obvious way for someone to tell that they’ve been a victim of address fraud is to notice that they are no longer receiving their mail. Beyond that, some other red flags to watch for include:

Unsolicited Change of Address Forms

USPS may send individuals an official change of address form for confirmation of any request to change their address. This could signify that someone initiated an address change without that person’s knowledge.

Credit Card Statements Disappearing

A sudden change in how users receive their statements is a red flag. If a cybercriminal has had a victim’s physical statements sent to another address, there should be a record of that change somewhere in the person’s online banking app. If the account in question can no longer be accessed, that user should contact the bank immediately.

Watch out for notifications

Most sites notify account holders via mail or email about any changes to account details. Watch for these notifications. The same should apply if a new user or any new information is added to the account.

Remember the golden rule of fraud management: if it seems suspicious… it probably is.

How to Respond to Address Fraud

If any of the above scenarios apply, the first thing to do is contact the USPS to report and correct any instance of address fraud. Next, any letters or packages received under someone else’s name should have ‘not at this address’ written clearly before they are returned to the post office.

The USPS will collect information including:

First and last name or company name
Address including city, state, zip code, and country
Phone Number
Email address (if applicable)
Information of the person or company you are filing against (if known)
The method of contact used
Date of contact or discovery of address fraud
If any items remain in your possession
Any response you made
Anything pertinent to a fraudulent address
Tracking and or shipping numbers (if available)
Items received and their cost
Monetary losses incurred
How the fraudster gained access to your accounts/address
Any additional information

After this, it’s wise for users to change the login credentials for all their accounts, including email addresses. Once these steps have been completed, a few best practices can help prevent address fraud from recurring in the future.

50 Insider Tips for Preventing More Chargebacks

In this exclusive guide, we outline the 50 most effective tools and strategies to reduce the overall number of chargebacks you receive.

Free Download

Consumer Tips to Prevent Address Fraud

The first step is always to be aware of, and on the lookout for suspicious activity. Whether an attack is centered on an individual or business: awareness and planning are excellent ways to prevent address fraud in the future.

Some other tips we recommend for the general public include:

01 | Going Paperless

While this might seem slightly counterintuitive, selecting paperless billing can place an additional security layer between mail recipients and fraudsters. To take that further, we would also advise account holders to set up a billing-specific email address that will be difficult for fraudsters to gain access to in a typical online breach.

02 | Use a P.O. Box

There are many good reasons to own a Post Office box, but one of the best is to use it to keep personal addresses separate from other business information. Material like billing, banking, and other hard financial data could be more secure if sent to a P.O. box rather than left in an easily-accessible mailbox.

03 | Set up Two-Party Authentication

Users should take advantage of two-party authentication for online accounts whenever available. A cybercriminal who has a user’s account credentials will still be required to verify themselves via SMS or email before any changes can be made.

04 | Use a Password Manager

Most incidents of identity theft and address fraud are the result of passwords compromised via email and social media. Combatting this vulnerability is crucial to preventing fraud. Utilizing password management software like 1Password can help cardholders and merchants keep their data locked down tight.

What About Merchants?

Merchants may not be directly affected by address fraud schemes. However, they face financial impacts like chargebacks for purchases that never arrive at the cardholder's doorstep.

To help prevent this, we recommend using a multilayer strategy including fraud tools that can help weed out bad actors ahead of purchase. Some of these include:

AVS (Address Verification Services)
Biometric Authentication (Apple Pay, etc.)
Fraud scoring software
Blacklisting (previous suspicious activity)

None of these tools are inherently foolproof. But, when taken together, they can drastically limit the ease with which fraudsters pull off attacks.

Learn more about fraud prevention tools

We also strongly recommend seeking professional assistance to handle more difficult-to-manage loss sources, like friendly fraud.

For merchants who wish to limit their vulnerability to address fraud and related chargebacks, Chargebacks911 can help. Call us today for a free ROI analysis that can prove prevention is the best medicine.

eCommerce Fraud

Address Fraud