ChatGPT's Image Generation Could Be Driving Retail Fraud 

The retail industry is already facing a huge challenge with retail fraud - and this is only set to continue as generative AI tools reach new levels of sophistication.

The recent launch of ChatGPT's enhanced image generation capabilities marks yet another significant milestone in AI development - but also one that carries some serious implications for retail security and fraud prevention.

Generative AI is of course transforming retail in positive ways such as creative workflows, content production, and business operations (as it is across all industries). However, underpinning the excitement surrounding these advancements does lie some serious concerns: the same technology available to consumers is also making fraudsters faster and even more cunning. 

The democratisation of sophisticated image generation technology, such as ChatGPT’s Image Generation, is another example of that. It has the potential to create the perfect conditions for a new wave of retail fraud - one that could make the traditional verification process redundant and not fit for purpose

How Can GenAI tools Be Used To Enable Fraud?

The latest AI image generators can create images that look like real photographs as well as imagery from simple text prompts with incredible accuracy. It can reproduce documents with precisely matching formatting, official logos, accurate timestamps, and even realistic barcodes or QR codes. 

In the hands of fraudsters, these tools can be used to commit ‘return fraud’ by creating convincing fake receipts and proof-of-purchase documentation. What makes this use even more concerning is that, unlike previous forgeries that often contained telltale signs and human errors, AI-generated fakes are much better at creating indistinguishable dupes. 

The Potential Impact Stems Far & Wide

The concerns with this new technology extend far beyond merely returning items. For example, fake proof of purchase documentation can be used to claim warranty service for products that are out of warranty or purchased through unauthorised channels. Fraudsters could also generate fake receipts showing purchases at higher values than was actually paid for - then requesting refunds to gift cards for the inflated amount. Internal threats also exist too, as employees can create fake expense receipts for reimbursement. 

This is particularly damaging for businesses with less sophisticated verification processes in place. Perhaps the scenario most concerning of all is that these tools can enable scammers to generate convincing payment confirmations or shipping notices as part of larger social engineering attacks. Of course, the financial impact is substantial - industry estimates already place return fraud costs in the billions annually, and this could significantly increase as these GenAI tools become more accessible and sophisticated.

What About The Damage To Legitimate Customers?

It's not just about the direct financial impact on retailers, but also the potential impact of a ‘seamless customer experience’ for consumers. As retailers have to implement more complex and lengthy verification processes to mitigate sophisticated fraud, honest customers could face greater friction during their returns and exchange experience.

This creates a difficult dilemma for retailers. The National Retail Federation reports that 70% of consumers say a positive return experience encourages them to continue shopping with a retailer. Yet, creating stricter return verification processes to combat risks posed by genAI will not only frustrate these valuable customers, it could also impact their brand loyalty.

Hitting Back At GenAI With AI

While ChatGPT’s image generator is the latest advancement getting attention, it’s not the first or last genAI tool with these capabilities. So, how can retailers fight back? 

The solution to these challenges doesn't lie in reverting back to manual processes or creating higher-friction customer experiences. Retailers must instead fight AI-powered fraud with AI. By examining the full customer journey rather than just the return transaction, retailers can begin to identify suspicious patterns without creating friction for legitimate customers.

Advanced AI can be used to detect subtle inconsistencies that most models, and certainly not manual reviews or rules, can spot. 

The relationship between retailers and customers has always been built on trust and today's new genAI challenge isn't all that different. The successful retailers will be the ones that work out how to strike the right balance and view fraud prevention not as a cost center but as an essential component of the customer experience.

Doriel Abrahams is Principal Technologist at Forter

Image: Ideogram

You Might Also Read: 

A New Threat To Biometric Security:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Unlocking Business Potential With Strategic IT Evaluations
Phishing Scams Put Hotel Guest Data At Risk »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Communications Security Establishment (CSE) - Canada

Communications Security Establishment (CSE) - Canada

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Knostic

Knostic

Knostic is an early stage startup developing a risk management and governance platform designed for enterprise large language models (LLM).