Walmart’s Online Cash Creates New Fraud Problem

Written by Evan Schuman
May 2nd, 2012

When Walmart launched its E-Commerce cash program on April 26, did it open the door to evil-minded rivals by giving them the means to falsely lock up merchandise? That is just one example of the many implications behind Walmart’s move to enable people to use cash to make online purchases.

Beyond new security holes on the risk side, the reward side is equally huge. While everyone seems to have focused on the general unbanked audience, a much more interesting prospect for this program is teenagers. Plus, this is sort of an anti-showrooming move, where online shoppers are being lured into the stores. Revenue sharing between Walmart channels is also a point of nervousness with this program. And a store’s inability to cancel such online orders—even if the customer then finds the item on the shelf—is problematic, too. This is a rare example of the kinds of compromises—between online and in-store operations—chains must make these days.

The program itself is straightforward. A consumer who wants to pay for an item with cash simply chooses the cash option on the Web site, and then he/she has 48 hours to get to a Walmart store to cough up the cash. Until the consumer pays for the item, it isn’t processed and it doesn’t ship. The product is, however, removed from inventory and placed in sort of a purchase purgatory. And therein lies the risk to Walmart.

What if some unscrupulous rival (OK, for the record, that’s the only kind of rival) opts to have a large number of bogus cash purchases made of a particularly popular item, one of which no retailer can get many. Let’s assume this is the day before Black Friday, or perhaps December 21 or some other crucial day when losing the ability to sell special merchandise for two days would be painful.

Clearly, no one would ever show up to pay for the merchandise, which would be sellable again after two days. The evil rival would most likely create a large number of bogus customers—using fake or deceptive IP addresses—who would each buy a small number of the item. Making the purchases appear to be geographically distributed would also be necessary. And, yes, it would only work on products of relatively tight availability (such as that ultra-hot toy everyone wants for the December holidays).

This was one of the issues Walmart’s team considered during the three-and-a-half years it took the world’s largest retailer to roll out E-Commerce using cash, according to participants in the Walmart online cash team. Ultimately, it was considered not a huge issue. The type of coordination that such an attack would require would likely leave too many digital fingerprints. And if it was proven that another chain attempted such a ploy, the lawsuit proceeds would cover any resulting losses many times over.

Walmart’s Efforts To Limit Fraud

Walmart spokesman Ravi Jariwala said the chain will closely monitor cash transactions—looking to spot such frauds—with particular attention to “really hot items.” The chain also reserves the right—especially during critical timeframes such as Black Friday, high-profile sales and Christmas—”to turn them off, to make them ineligible for pay-by-cash” temporarily, Jariwala said.

The cash program required some physical POS changes. “‘ order payment’ buttons have been added to our registers/payment terminals. When an associate presses this button, it triggers a real-time look up to’s system to determine the balance due for the ‘Pay with Cash’ order,” said Walmart spokesperson Shernaz Daver.

“This balance then gets added to the customer’s total transaction, meaning that if they shopped for other items in the store, their store items and ‘Pay with Cash’ items are consolidated into a single amount. They don’t have to pay for them separately. The customer then pays with cash or their preferred tender type and, once payment is received, it initiates the process to begin fulfillment of the customer’s ‘Pay with Cash’ order.”

But according to someone else involved in the program, POS changes—which alone cost “a couple of million dollars”—went far beyond that. Other than the new buttons and physically upgrading the memory of some older POS units, this was almost entirely programming. Much of those changes involved different state rules for what the in-store receipts need to display.

In the early part of the three-and-a-half-year-long process (“they paused this project. We had various phases of this project that were put on hold two or three times,” said one source), the intent was that the pay-by-cash program would be rolled out with a chain-wide online layaway service. Other than a two-month trial (with only a small number of items) late last year, layaway is still on hold.

The Battle For Revenue Credit

Another key area of complexity for the rollout was handling the revenue split between online and in-store. The idea of split revenue at Walmart with these types of programs is not unusual. With site-to-store, for example, the store gets about 7 percent, according to a Walmart official involved in the process.

But what makes the online-cash deal much trickier is that the merchandise is not supposed to be at the store. And when it is, there’s a deliciously political issue around POS programming.

A likely scenario: A customer calls her local Walmart, seeking a 16-oz claw hammer for $6. An associate tells the customer the store has none in stock but mentions that she can get it online, even if she wants to only pay cash. The customer hits, finds and buys the hammer with cash, and then is given two days to show up and pay for the item. The next day, with the printed online receipt in hand, she goes to her local Walmart and tries to pay for the hammer.

Ahhhh, but something has now changed. It seems the store received a hardware delivery that morning, and it now does have that hammer in stock. The best scenario (for the customer and for the store) is for the associate to tell the customer: “Ma’am, you’re in luck. It just so happens we now have that hammer in stock. If you’ll just walk down that aisle there, it will be on the middle shelf, about three-quarters of the way down on the left side. This way, you can have the item right away and not have to pay shipping charges. Just let me cancel the online order, and we’ll have you all squared away.”

This is where things get dicey between San Bruno (California, online headquarters) and Bentonville (Arkansas, stores and corporate headquarters). After processing the order and sending the customer to pay, San Bruno would rather the stores not kill the order and keep all of the credit for the sale, even though that’s certainly in the interest of both the stores and the customer.

Making Cancellations All But Impossible

The chain will certainly permit this to happen, but the compromise is that the chain will also not make it particularly easy. The POS will not flag to the associate that the merchandise is in the store, nor will the POS make it especially easy to cancel the online order. An associate can manually do a lookup and the customer can, of course, check the aisle before consummating the online deal, but the chain has decided to not make it too easy and certainly not automated.

There is a risk with that approach. What if a customer completes an online purchase of that hammer and pays the shipping and waits the XX days for it to arrive? And what if that customer then hears—perhaps from a neighbor, who happened to have also needed a hammer—the local store did, in fact, have that item in stock that day?

Even more likely, what if the customer completes the online cash order, and then does a regular shopping run and sees the hammer in stock? That customer will not be happy, and the store—or online—will have to deal with a request to cancel the online order anyway. Why not eliminate that problem before it happens? The reason is the numbers game. This scenario is likely to impact a very small number of online-cash customers, and the chances of someone finding out are not high. But it’s still a gamble.

“You are going to get channel conflict,” one Walmart source said, who added that the bigger concern is customers who ask that their orders be cancelled after finding the item on the shelf. “Once you tender the cash and close the transaction, it may be impossible to cancel it,” the source said. If it happens enough, though, that could be changed.

Walmart’s Jariwala confirmed that once the cash is paid in-store, there’s no turning back. “The store associate cannot cancel or change the order from the POS. Customers could do that by accessing their account, but nothing through the POS,” Jariwala said.

It’s unclear whether the customer could, in fact, undo it online. The order has been set up and the final detail is confirming receipt of the cash payment. Once that is done, the order would be processed and fulfilled. How long afterward could the order be effectively canceled? Not long at all.

One Walmart source said the only way to deal with that situation (where a customer wants to cancel after having found the item on the store shelf) would be to have the customer accept the delivery and to then return it to the store for a refund. In that case, though, the customer would typically not be reimbursed the delivery charge. Naturally, a manager could overrule that, as managers can theoretically overrule almost any policy.

Walmart Expects 20 Percent Abandonment Rate

Many in retail were somewhat taken aback by Walmart’s move, as most retail changes these days involve more mobile and digital payments. A program that embraces cash seemed unexpected. But it shouldn’t have been. In Walmart stores today, almost 40 percent of all transactions involve cash.

Walmart expects about a 20 percent abandonment rate on online-cash orders, one source said. But the working theory was just about all of that would come from customers not showing up, as opposed to orders being cancelled. And with Walmart’s online operation targeting some $5.5 billion in revenue this year, any additional revenue is welcome.

One part of that expected online-cash spending group is especially longed for: teens. The perception of the unbanked is that they are low-income customers who don’t have a payment card because no issuer will give them one due to the high credit risk. Although teens technically fall into that category, they—typically—don’t have cards because of their age, not their money.

With part-time jobs and with many teenagers having all essential expenses covered by a parent or guardian, this group can often have a healthy amount of cash available to spend. Teens also love online and mobile. Plus, Walmart’s low prices are a lure. And if Walmart becomes one of the few places teens can shop online all by themselves, that could prove to be a marketing bonanza.

By going through online, it creates an opportunity to identify some of those cash customers and to try and start a CRM file on each. By selecting a local store, it verifies a very likely geography. And once in the store, upsell efforts are a given.

Walmart Learns Its Security Lesson

The online-cash program will share many attributes with the successful shop-to-store program, but the chain hopes it will have one difference. When ship-to-store was launched several years ago, the decision was made to soften some of the site’s fraud rules. That was done for two reasons, said one participant in those meetings.

First, the chain uses Retail Decisions (fraud risk evaluation) software. At that time, it was on a tiered usage plan, so the more it was used, the more Walmart paid. By avoiding that package and using its own less aggressive fraud system (essentially fraud-scoring versus simply looking at a few order attributes), Walmart had hoped to save some money. (The retailer has since moved to a flat-rate deal with Retail Decisions, one source said.)

Second, the group thought fraud would be low because, in effect, “Who would be stupid enough to use a stolen card on the site and then drive to the store, stand in front of a security camera and say, ‘Here I am. Give me my stuff’?”

Turns out the initial fraud rates were high, and the chain had to increase fraud systems. Were crooks showing up? Not exactly. They were typically overseas. The people who showed up were unsuspecting locals, who the thieves conned into making the pickups by offering them a percentage of the purchases. If arrested, the locals would have no valid info about the thieves.

This time, the program will be launched with high security against cyberthieves. Let’s only hope that the real crooks don’t turn out to be fellow merchants.


One Comment | Read Walmart’s Online Cash Creates New Fraud Problem

  1. ed Says:

    Wal-Mart pay-with-cash for online orders is a big benefit for resellers and suppliers versus reselling their products through eBay or

    A startup supplier or product manufacturer no longer need to meet Wal-Mart strict specifications and minimum order requirement to stock products for sale in-store. They can now market throught to a bigger crowd that can also pay with cash and use Wal-Mart expansive logistic system to deliver just-in-time.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.