Nina Kollars loves coffee and convenience, so she purchased her own Nespresso machine. It was a great choice, but buying coffee pods and capsules directly from the manufacturer is still a fairly expensive way to get your coffee fix. Like many savvy, coffee-addicted consumers, she shopped around for a better deal. She found a great deal on coffee, but it came with more than she bargained for.
During her session at DEF CON 27, Nina tells the story of how buying coffee in bulk made her an unwitting accomplice to triangulation fraud, allowing identity thieves to convert stolen credit cards into cash. Her entertaining and informative session is worth watching, but what piqued my interest was her experience reporting these nefarious activities to the various companies involved.
Anticipate Rogue Experiences
When she received an expensive new espresso maker with her order of coffee pods, she thought she had made a mistake. Instead, the seller made a clerical error. Since the shipment came directly from the manufacturer, Nina called Nespresso customer service to inform them of the additional item she received. Nespresso’s customer service agent confirmed that someone’s credit card was indeed charged for both of the products. Still, they weren’t prepared to help her resolve the issue no matter how insistently she tried to return the device.
There’s no good outcome for Nespresso in this scenario. They obviously couldn’t share the billing information they had to help Nina track down the sender. They could have shipped the item back at their expense and refunded the order, but Nespresso would have to absorb the loss of credit card fraud that wasn’t their fault. That’s not right.
However, they still have a responsibility to help their loyal customer, Nina, through this unusual experience with their brand. After all, she was already loyal to the brand and is still likely to continue buying Nespresso products. Unfortunately, they didn’t seem to have the answers either, and there was no follow-up after the case was escalated to the fraud team.
I don’t think many other companies would have done any better, but helping customers navigate and recover from rogue experiences is an essential consideration for experience professionals. Rogue experiences are those experiences shaped by malicious or unauthorized third-parties who may be fraudulently or deceptively representing your brand.
As an IT support center analyst for a university, I intercepted countless rogue experiences. Institutions of higher education and their students are top targets for phishing scams and financial fraud. The victims of these schemes often contacted us, while still unaware they’re being conned. Ironically, blocking or shutting down websites trying to steal our customers’ personal information often leads to more immediate calls than those who were scammed successfully. Annoyed conversations frequently began with, “you sent me an email saying that I need to verify my account, but the link you gave me doesn’t work!”
Advising customers that they’ve been the victim of fraud or deception is often the first step to addressing rogue experiences. One must first establish that what the customer experienced to this point was not created by our brand. Furthermore, it’s often our responsibility to help customers recover and provide education to help them avoid these experiences in the future.
Misleading Marketing Consequences
The platforms on which rogue experiences occur also share some culpability for their consequences. In this case, Nina points out that eBay made it difficult for consumers to identify potentially suspicious accounts. When these events transpired, eBay did not prominently display seller ratings, or lack thereof, for new accounts. They were buried low on the page, in the fine print. It took additional clicks and visiting another page altogether to see how recently an account had been created. By boldly displaying generic product ratings near the top of the page, less savvy buyers could easily misinterpret the product rating to be an assurance of the seller’s legitimacy.
While eBay facilitated the fraud in this story, this problem could occur on any platform that enables peer-to-peer transactions. This type of e-commerce has become increasingly popular, and it’s increasingly difficult for consumers to determine who’s really selling the products they’re buying. Amazon, NewEgg, Target, and Walmart all permit third-parties to advertise and sell products through their website marketplaces. I know of multiple organizations that have purchased dangerous pirated software on Amazon. For a long time, Google search engine results would lead you to believe that Sears was the top place to buy Cisco Catalyst switches, an enterprise networking product that Sears itself does not stock and has absolutely no business selling.
Trust has always been crucial to business relationships, and it’s only becoming more important as trade evolves. This is a concern for every business, not just e-commerce platforms. We must hold our employees and business partners, whether they’re authorized merchants, outsourced contact centers, subcontractors, or delivery drivers, to impeccable ethical standards. Failures in this regard have long-term consequences for customer loyalty.
Listen for the Unexpected
Perhaps the most important lesson of this story is that we must listen with open ears. As businesses race to shift-left, directing customers toward self-service and automation, we cannot neglect customers who need to tell us something we didn’t expect to hear. eBay enabled the type of fraud Nina experienced, by not allowing users to report suspicious activity when the scammer holds up their end of the bargain. She says, “there’s a [button] for ‘didn’t receive the item,’ there’s a thing for ‘damaged goods received,’ but there’s nothing for ‘I got extra stuff, and I’m trying to report this.'”
In many cases, the best resolution a business can offer to customers is a prompt, no-hassle refund. Some companies have learned that it’s cheaper and easier for everyone to issue refunds automatically when specific problems arise. Occasionally, I’ll receive an item from Amazon that doesn’t quite live up to expectations or was cosmetically damaged during shipping. It’s rare, but when this happens, recovery is as simple as opening the app and selecting the type of problem to report.
In many cases, Amazon will issue an instant refund and advise me to keep, donate, or responsibly dispose of the product. I’ve had the same experience with problem purchases from Apple’s iTunes Store. Because they’re delivered and licensed digitally, it’s a no-brainer to revoke the license and issue a refund without involving a costly human (or bot) in the process.
These experiences are about as frictionless as they come, but this practice can make things far worse for customers who have a problem the company didn’t anticipate or require a solution that isn’t pre-programmed. Much like Nina’s attempts to report fraud, I’ve become frustrated when there wasn’t a button that described my concern and even more angry when it wasn’t acceptable for the company to issue a refund and ignore the underlying problem.
We don’t have enough information to determine the outcome of Nina’s story. On the one hand, Nespresso was likely paid for the products they shipped. eBay appears to have shunned these particular fraudsters from their platform. The victims whose credit cards were stolen shouldn’t have been liable for the fraudulent purchases. Nina got a great discount on some excellent coffee, and she auctioned off the new espresso machine and donated the proceeds to charity.
However, Nina is quick to point out that this is not a victimless crime. For starters, the credit card companies, and sometimes merchants, must absorb the costs of fraud, which raises prices for everyone. Retail shrink costs each U.S. consumer hundreds of dollars each year; imagine how much more you’re paying for elaborate fraud schemes like this one. Additionally, it appears that many of the victims of this credit card fraud are elderly or other vulnerable populations. In closing, she reminds us that “recovery from identity theft works for people who are equipped to deal with it, but not the elderly.”