BOPIS FraudOnce Again, Criminals Turn a Consumer Convenience Into an Opportunity for Fraud

June 27, 2023 | 10 min read

This image was created by artificial intelligence using the following prompts:

One cashier of two women is handing the bag of merchandise to the customer at a store, in the style of red and teal.

BOPIS Fraud
  1. Articles
  2. eCommerce Fraud
  3. BOPIS Fraud

In a Nutshell

Buy Online/Pick Up in Store (BOPIS) combines the convenience of online shopping with the flexibility of choosing your pickup time. Consumers love it… but so do criminals, who are leveraging the benefits of BOPIS to commit retail fraud. What is BOPIS fraud? And how can merchants protect their businesses from it?

How the Convenience of “Buy Online Pickup in Store” Shopping Helps Criminals Engage in BOPIS Fraud

Online shopping was a game changer when it first debuted in the late ’90s. For the first time, customers could literally shop from the couch, then have their delivery within a week or two. Later, the introduction of express shipping meant purchases could arrive in just two days, or even less.

The “buy online pick up in store” model (sometimes abbreviated as “BOPIS” or “BOPUS”) offers something even better, though.

BOPIS gives you the ability to make a purchase online and receive your goods within minutes. All you have to do is pop over to the store and claim your items. For example, you can place an order at work, then stop and grab it on the way home, often without even going inside the store. It’s a new level of convenience for consumers… but that doesn’t always make things easier for merchants.

BOPIS has opened a whole new front in the fight against criminal activity. Now, BOPIS fraud is one more thing retailers have to deal with.

Recommended reading

What is BOPIS Fraud?

BOPIS Fraud

[noun]/boʊ • pus • frôd/

BOPIS fraud refers to any criminal activity committed through “buy online pickup in store” channels. Here, criminals can pick up online orders at the physical store as a way of bypassing normal security protocols deployed in both eCommerce and physical retail.

Every new development in the retail world seems to introduce a new type of fraud. BOPIS is no different.

As mentioned above, “buy online pick up in store fraud” is a blanket term. Any theft that comes from ordering merchandise from a website, then picking it up at the merchant’s physical store location, can be considered BOPIS fraud.

BOPIS disrupts the traditional online purchase model, and therefore opens up loopholes that merchants and cardholders may not be aware of. BOPIS scammers can then take advantage of the unique characteristics of physical order pickup to bypass normal eCommerce security measures. 

The
The
Become a Full-Fledged Chargeback Genius

The only resource you need to become an expert on chargebacks, customer disputes, and friendly fraud.

Download the Guide

Conventional fraud prevention tools often rely on customer verification techniques that may not factor into BOPIS purchases. For example, checking if the shipping address of a transaction varies from the billing address. With BOPUS fraud, there’s no shipping address to compare against.

The customer will normally be asked to verify their identity at the point of pickup. This might mean nothing more than showing the store employee a screen capture of the order confirmation, though.

How Does BOPIS Fraud Work?

BOPIS fraud offers cybercriminals new opportunities, as well as a way to twist existing scams in order to avoid detection. Some commonly-seen tactics include:

Using Stolen Payment Card Data

This is one of the standard ploys used by cybercriminals, just adapted for BOPIS the environment. Fraudsters make an unauthorized purchase using stolen card data and other personal information they have obtained through phishing or bought off the dark web. They can then simply grab the goods and disappear.

Picking up the order at the retailer means less security to get through. Buyers are seldom asked to produce their physical credit card at pickup. As we said earlier, just a confirmation message is enough in many cases. 

Store workers cannot apply as many verification tests as security software could. Even if their credentials are totally fake, fraudsters know that there will be minimal inspection, particularly during busier times, such as holiday season shopping.

Last-Minute Cancellation

Fulfilling orders so quickly can leave gaps in the purchasing process, and fraudsters are more than happy to take advantage of that. For example, a sneaky crook can pay for an order online, then wait for an email saying their purchase is ready for pickup. Right before entering the store to receive the merchandise, however, they cancel the order.

Even with the speed of electronic communication, it’s unlikely that the cancellation will make it to the attendee at the pickup area before the fraudster walks off with the goods. The scammer may even double-down by using a stolen card; if so, then there’s no way to trace it back to the crook.

The thief gets the merchandise, as well as a refund for the canceled order. They can keep using the stolen card undetected, while the merchant pays for it.

“Sneaker” Bots

Sneaker bots are software programs specifically designed to circumvent purchasing requirements or limitations.

For example, let’s say a merchant is selling a limited edition collectible. As such, they want to limit the number of per-customer purchases of the item in question. Using sneaker bots, a fraudster can use multiple dummy accounts at once to score multiples of that item. The goods can then be picked up as separate orders and resold with a markup.

This ploy is often seen in relation to event tickets. One high-profile example occurred in early 2023 when Ticketmaster had to cancel thousands of ticket sales for Taylor Swift's Eras Tour due to intense bot attacks.

Fraud hurts consumers, but merchants bear the brunt of the financial impact. We offer solutions for better fraud mitigation.REQUEST A DEMO

Warning Signs of BOPIS Fraud

There’s no “silver bullet” for catching BOPIS fraud perpetrators in the act. That said, there are a few telltale signs that may signal a problem worth investigating:

Obnoxious Customers

Picture this: You’re in a busy store. There’s a long line at the pickup desk, the worker at the front is already frantic, and now a customer is causing a loud ruckus over their order. The natural reaction on the manager’s part would be to just get rid of the customer as quickly as possible. But, that’s exactly what the fraudster is counting on. By creating an embarrassing scene, they’re hoping the worker will hand over the order without checking too closely, just to try and resolve the situation as quickly as possible.

Non-Matching Card Data

A crook ordering online needs a credit card user’s account information… not the credit card itself. Fraudsters hope that workers will be hesitant about asking to see the card used for the purchase. It’s a perfectly reasonable request, though. Not having the card on their person doesn’t prove a purchase is fraud. But, it should be seen as suspicious, and a good reason to ask for additional identification.

High-Value Orders

Fraudsters typically like to get as much as they can with each scam to maximize their gains and lower the chance of discovery. That means they go for pricey, easy-to-unload merchandise like electronics. Again, it’s not a sure sign, but high-value BOPIS orders could point to fraud, especially coming from a new customer. What we’re saying is: maybe a merchant should think twice before loading that 72-inch TV into a BOPIS customer’s car.

Repeat Offenders

As we mentioned, fraud mitigation solutions can’t check a BOPIS buyer’s billing address against their shipping address. Some tools can, however, quickly compare the card information against reports of stolen cards and lists of buyers profiles with a history of fraudulent activity. If a scammer commits fraud once, they’re likely to do it again.

Tips & Best Practices for Preventing BOPIS Fraud 

Once a BOPIS fraudster pulls their scam, there’s little chance of tracking them down and recovering the goods. To prevent loss, merchants must either stop crooks before they come to collect their order.

Catching the fraudster before an order is placed may involve a software solution that compares the given data against user blacklists, card status, geolocation, and other indicators. Merchants should review orders that show fraud red flags, such as multiple orders using the same payment credentials but requesting BOPIS at different physical locations.

50
50
50 Insider Tips for Preventing More Chargebacks

In this exclusive guide, we outline the 50 most effective tools and strategies to reduce the overall number of chargebacks you receive.

Get the FREE guide

Merchants should also be on the lookout for high-risk products. Gift cards, electronics, luxury goods, or other large ticket items are all hot targets, as they have great resale value. Watch for bulk orders, as well as the rate at which orders or attempted orders are initiated within a specific time frame.

IMPORTANT!

The best way to thwart these fraudsters is to request strong customer authentication at the time of ordering.This involves asking customers for something they know, something they own, and/or something they are. Having two factors of authentication can help differentiate between fraudsters and legitimate cardholders. Of course, this may also deter buyers, but this may be offset by transaction risk analysis (if offered in one’s region or country).

Catching fraudsters during the pickup generally requires implementing and adhering to strict protocols. This means mandating identification at time of pickup, for example, and ensuring it matches billing identity and order contents. Requesting both a valid government-issued ID and the card used to place the order offers another level of verification. 

Controlling access to the pickup area, when possible, can also encourage closer examination of orders. Make sure the area is well-lit, and possibly employ cameras. Above all, train staff to be consistent when releasing BOPIS orders, and do not leave them unattended.

BOPIS & Chargebacks

When fraudsters run a BOPIS scam, merchants lose the merchandise from the order. In cases of last-minute order cancellations, they could also lose any amount they refunded to the fraudster.

But, the consequences of BOPIS fraud get much worse.

Consumer victims of credit card BOPIS fraud will likely contact the bank to file a chargeback. That means that on top of all the other losses, the retailer will also have to refund the customer, then pay chargeback fees imposed by the bank. Over time, it will also affect the merchant’s chargeback rate, leading to higher costs and penalties.

This is still only one of the types of fraud that card-not-present merchants deal with. For example, customers sometimes file illegitimate chargebacks on merchandise they actually collected. This compounds the price that merchants are already paying. True fraud prevention and mitigation requires a more comprehensive approach. 

Want to get a better picture of fraud mitigation and chargeback management help that goes beyond BOPIS? Talk to the experts at Chargebacks911® about short- and long-range solutions.

FAQs

What is the acronym for “buy online pickup in store”?

The “buy online pick up in store” purchasing channel is often abbreviated to either “BOPIS” or “BOPUS.” Different entities use different acronyms. However, they both refer to the same action.

What is BOPIS fraud?

BOPIS fraud refers to any criminal activity committed through “buy online pickup in store” channels. Here, criminals can pick up online orders at the physical store as a way of bypassing normal security protocols deployed in both eCommerce and physical retail.

How does online fraud work?

The term “online fraud” covers a range of illegal actions that involve eCommerce. There are innumerable ways these crimes work. However, most involve illicitly obtaining cardholder payment information, then using that data to make fraudulent online purchases.

What is a BOPIS chargeback?

Cardholders who are victims of BOPIS scams will typically file a dispute with their bank. The bank then files a chargeback against the merchant to retrieve the unauthorized funds. The merchant will also lose any shipped merchandise and associated costs, and will be assessed a chargeback administration fee.

Ready to get started?
We Take the Guesswork Out of Chargeback Management
You might also like...
Credit Card Fraud Statistics
April 17, 2024 | 10 min read

Credit Card Fraud Statistics

Key Credit Card Fraud Statistics to Know for 2024

eCommerce Fraud
March Madness 2024
March 26, 2024 | 4 min read

March Madness 2024

Scammers See Opportunity as March Madness Begins

eCommerce Fraud
Man-in-the-Middle Attack
February 29, 2024 | 14 min read

Man-in-the-Middle Attack

Man-in-the-Middle Attacks: 10 Tips to Prevent These Scams

eCommerce Fraud
Join the conversation
Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
Ready to get started?
We Take the Guesswork Out of Chargeback Management

Information

Information

Resources

Company

Contact Us

United States

18167 US Highway 19 N
Clearwater, FL 33764

877.634.9808
info@chargebacks911.com

Europe

Vantage House
6-7 Claydons Lane
Rayleigh, Essex, SS6 7UP

+44 (0) 2037 505550

877.634.9808

Copyright © 2024 Chargebacks911®

Privacy Policy | Terms & Conditions

We’ll run the numbers; You’ll see the savings. Stop losing money to chargebacks. Let us show you how much you could save.
Have a question? Give us a call to speak with an expert. 877.634.9808
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form