5 Tips for Tackling Subscription Fraud and Abuse

written by

Tonya Boyer

February 22, 2024

Finding a product you love can be tough in today’s crowded consumer market, but once you find the perfect thing, why not get it again and again? That’s the beauty of the subscription: allowing customers who love your products and services to use them repeatedly in the most convenient way possible.

If your business offers a subscription service, you know exactly what we’re talking about. If not, it’s worth looking into; after all, subscriptions offer so many bonus features – not just for customers but also for your business.

For one thing, subscriptions can help businesses retain customers and provide a reliable and predictable revenue stream. Customers love the convenience of automatic recurring payments, and the law of customer inertia means that customers who have signed up for your subscription service are likely to stay with the service unless an inciting event causes them to cancel. This predictability makes it easier for you to calculate future revenues and profitability.

However, despite all these benefits, you must watch out for subscription fraud on your platform so you can take steps to address it.

Subscription Fraud

Although you may think a subscription service isn’t applicable to the service or product your business sells, that’s an assumption you should definitely double check. There are so many kinds of subscription services, and odds are one of them may work for you.

One of the most well-known subscription types is access to a service or platform. This is how the heavy-hitter subscriptions like streaming and gaming platforms work. You also see other business niches using this model, such as audiobooks, weight loss support, and online course streaming services. And those are just services marketed to individual consumers; there’s a whole world of enterprise services aimed at businesses that run on subscription models – think cloud computing, website hosting, advertising, and tech support.

These types of subscription services can run on a flat prepay payment model (pull payments recurring monthly or annually, for example) or on a pay-as-you-go basis, which can give customers more flexibility while still allowing for all the convenience of a traditional subscription model.

Another common type of subscription service is related to delivery: grocery delivery and meal services, or recurring purchases for things that need to be frequently replenished such as supplements, toiletries, and household goods. There are even subscriptions for digital recurring products – think a recurring subscription for in-app or in-platform currency. There are also curation services, which have become increasingly popular over the past few years; any product type you can think of (coffee, wine, snacks, makeup, books, toys) has a corresponding curation subscription service somewhere online.

But with all the benefits of offering a subscription service, there is a downside – subscriptions are just as susceptible to fraud as other ecommerce transactions.

Like with many other types of fraud, subscription fraud can be broken down into two basic categories: abuse and true fraud. Abuse is generally perpetrated by normal customers who are trying to take advantage of the system. True fraud, on the other hand, is usually perpetrated by organized criminal fraud rings who do crime for a living and want to use your service to illegally turn a profit.

One of the most prevalent forms of subscription abuse is the ongoing creation of new accounts by a customer to take advantage of consecutive free trials. When one free trial ends, they create a new account with a different email address and claim another free trial with the new account. Free trials are a tool to draw in new customers, and while allowing this type of subscription abuse to continue doesn’t take anything away from your actual new customers, it does skew your customer retention metrics and costs you money for the services that the abusing customer is using, not to mention you don’t get the money that customer would have paid you if they’d been using the service fairly.

Password sharing is another form of subscription abuse, one which can cost you big in missed revenue from customers using your services without paying for their own subscriptions.

Subscription fraud usually has credit card or identity theft at the center of the operation; bad actors use stolen credit cards and other identifying information to sign up for a subscription (or more likely, for hundreds of subscriptions) and use those to turn a profit. Profit is frequently made through reselling products gained via the subscription service, but bad actors can also get creative – think mining bitcoin on a cloud computing subscription or advertising phishing scam sites via an advertising service subscription.

Subscription fraud may be a looming threat to subscription services, but there is a way to keep the fraud contained, and an experienced human intelligence team knows the tricks of the trade. Below are our top five tips for tackling subscription fraud on your platform.

Performing a standard review whenever a customer signs up for your subscription service is the best way to keep on top of subscription fraud. An experienced human intelligence team will provide the most accurate reviews, although for businesses with a larger customer base, it makes sense to supplement your human team with an automated fraud prevention model (machine learning and AI are industry standard for this). Subscription fraud will often exhibit standard fraud indicators such as generic email addresses or inconsistencies between IP geolocation and account information provided by the customer.

Unlike with single purchase fraud monitoring, businesses selling subscriptions have the benefit of being able to track the subscriptions through their lifecycle. Not only can reviews be performed at initial sign-up, but they can also be performed at subsequent payment events or whenever other changes are made to the account. For example, if a customer signs in from a new location or adds a new payment method, those could be instances in which a fraud review is warranted. Not only will this type of action-triggered review help prevent account takeover situations for legitimate customers, it can also provide further evidence to aid in catching higher-quality fraud accounts that may have been missed at sign-up.

We also suggest setting up anomaly detection tracking around usage metrics, if those are applicable to your service type. A subscription that suddenly displays a significantly higher usage rate could indicate account compromise or missed subscription fraud. For pay-as-you-go models, this can also help you detect fraudulent activity in the moment, rather than waiting until the customer (or owner of the payment instrument) notices an abnormally large charge on their next statement and files a chargeback.

As mentioned above, geolocation indicators can be hugely beneficial in identifying fraudulent sign-up or account takeover activities. An account with a login IP that is not consistent with the location of its payment address should raise red flags as potentially fraudulent. Or, if the bad actor manages to mask their IP location at time of sign-up, tracking geolocation via login IP data will allow you to catch the bad actor later down the line when they become more careless (for more on how to detect this type of established account fraud, you can check out our previous blog post).

Similarly, accounts that become compromised will likely also exhibit IP activity from locations that are not consistent with their payment instruments.

More than that, geolocation indicators can also be used to identify abusive behaviors, such as password sharing, which can cause significant revenue loss for flat-rate subscriptions where users pay one base rate, regardless of how much they use the service. Providers can get around password sharing by designating a single IP address as the “main location” for the account and flagging any login attempts from other locations as violating policies – which is how Netflix has been proposing to handle the password sharing situation on their platform.

Link analysis can be a game changer for detecting subscription fraud and abuse. The criminal rings who are responsible for most of the global ecommerce fraud love to reuse and recycle their resources. When they have a credit card or a phone number or an IP address that gets through your system, you can almost guarantee they’ll plan to use that attribute again when committing subscription fraud in the future.

That’s where link analysis comes in – by being able to trace those connections between accounts using the same attributes, your fraud team can detect bad accounts, even when they don’t exhibit any of the trademark sloppy account setup that would normally indicate fraud. Even if bad actors take their time with the account setup in order to fool your system, link analysis doesn’t lie.

Link analysis can also be used to prevent subscription abuse, especially the abuse pattern where a single user has multiple accounts in order to benefit from free trials and other promos. They may create a new email address for each new account, but it’s unlikely that your average abuser (usually a normal customer unassociated to any organized crime) will have more than one phone number or device with which to sign up.

By using link analysis, you can identify these users and block them from your system – or simply block their auxiliary accounts, leaving them with a single account with which to do business with your platform.

As a business, you frequently have to strike a delicate balance between easing customer friction and protecting yourself from fraud. This applies not just to your level of risk aversion, but also to the way in which you allow your customers to make purchases. For subscriptions specifically, we recommend using tiered pricing, and putting higher tiers behind more intensive fraud reviews. Higher rates of usage and spend can pose a greater potential fraud loss to your business, so a more thorough fraud review makes sense to protect yourself. But that doesn’t necessarily mean spending more on fraud prevention, because the flipside of the coin is that you can put less fraud review time on customers with lower pricing tiers.

For subscriptions with a pay-as-you-go model, the alternative to tier pricing is threshold billing. That is, the customer can only spend a predetermined amount on the service before they need to successfully pay off what they’ve spent so far.

After one (or more) successful payments at that threshold, you give customers the option to increase their spending threshold. This is what credit cards do with spending limits, which increase after a certain amount of time with good spend from the customer. Putting this type of threshold limit in place on your platform can limit fraud loss and other damage by preventing bad actors from going hog wild spending on your platform, only to not pay you when it comes time for their billing cycle to end.

If you’re interested in consulting with one of our experienced fraud analysts about how to prevent subscription fraud and abuse, you can contact us here.  

written by

Tonya Boyer

February 22, 2024

Table of Contents
    Add a header to begin generating the table of contents

    written by

    Tonya Boyer

    February 22, 2024

    Stay informed with industry-relevant emails curated by our team of experts.

    We send out emails once or twice a month relating to IP Services, industry news, and events we'll be attending so you can meet our experts in person.

    Tonya Boyer

    Tonya has been with IP Services since 2014. After several years serving as a Subject Matter Expert in the cloud computing space, she began managing the Fraud Protection team in 2017. She believes in creating a happy, casual but professional workspace where everyone can live their best lives while doing good work. She is dedicated to community outreach and helps coordinate the IPS Connects volunteer and donation committee.