Australian skincare founder hit by chargeback scams

Australian skincare founder Yasmin Hatzis says her company has lost tens of thousands of dollars to chargeback scams, as fraud concerns grow for small businesses under pressure from tighter household budgets.

Hatzis, a Sydney mother of four, runs a skincare brand with annual turnover of about AUD $500,000. She says some customers receive products and then dispute the transaction with their bank, leaving the business without the goods or the payment.

She says the problem goes beyond isolated orders. Repeat customers have also filed chargebacks after receiving items, creating a pattern that has hit margins and added pressure to day-to-day operations.

Chargebacks are designed to protect consumers from unauthorised transactions and card fraud, but merchants have long argued the process can leave them exposed when buyers misuse it. For smaller retailers, even a modest number of disputed transactions can quickly become a material cost, as they often lack the legal and administrative resources to challenge decisions.

Hatzis believes some disputes may be linked to pressure on household finances. She says some customers place large orders, then appear to regret the purchase and ask their bank to reverse the payment.

The issue comes as fraud specialists warn that criminal activity is changing in both method and scale. Richard Valente, Vice President Customer Experience Strategy at TP in Australia, said the threat landscape now extends well beyond conventional hacking attempts.

"It's becoming apparent that criminal syndicates are deliberately targeting sectors that hold large volumes of personal data, including banking, telecommunications, airlines, and logistics operations," Valente said.

Figures cited by the Australian Cyber Security Centre show a cybercrime is reported in Australia about every six minutes. Identity crime, meanwhile, affects just over one in five Australians, according to data referenced by TP.

Valente said organised groups are increasingly trying to gain access from inside businesses rather than only attacking from the outside. That can include recruiting or placing people within companies to obtain personal information and other sensitive data.

"Organised crime isn't just trying to break into systems anymore, they're strategically putting people inside organisations because information is power and has enormous value," he said.

"These crime networks are planting or recruiting insiders within an organisation to access sensitive data, reflecting a major shift in how criminal syndicates operate. We must follow a 'zero trust' posture-assuming we're going to get hacked and that fraud will inevitably be attempted."

For merchants dealing with card disputes, the challenge differs from a data breach but reflects the same imbalance between the speed of fraud and the ability of businesses to respond. Banks and card schemes often require proof that goods were delivered and that the cardholder authorised the transaction, yet that evidence does not always result in the merchant recovering the funds.

Small online retailers are particularly vulnerable because fulfilment is fast and orders are often processed automatically. Once products have been dispatched, a reversed payment can leave the business carrying the full cost of stock, shipping and related fees.

Changing Tactics

Valente said companies should expect persistent attempts at fraud and build systems around prevention, detection and response. He argued that technical controls and staff practices need to work together, especially in businesses handling customer data or payments.

"We've seen cases where groups attempt to place staff into businesses specifically to access personal data. Once they have that information, it can be used for identity fraud, extortion, and a wide range of serious criminal activities."

He also pointed to tighter internal controls as part of that response. These include restricting staff access to sensitive information, using third-party payment tools so employees do not see card details, and maintaining rules around workstation security for office and remote staff.

"Human beings are unfortunately the weakest link in cyber security, which is why continuous training, certification, and strong governance are essential alongside technology."

Businesses have also been looking more closely at transaction patterns and customer behaviour to identify suspicious activity before orders are completed. In retail, that can include unusual purchase sizes, repeated disputes from the same account, inconsistencies between billing and delivery details, or rapid repeat ordering.

For companies the size of Hatzis's skincare business, the stakes can be immediate. Losses running into tens of thousands of dollars represent a notable share of annual revenue for a brand turning over about AUD $500,000, at a time when many consumer-facing firms are already contending with weaker demand, rising costs and narrower margins.

"Every large organisation must accept the reality of persistent threats and face attempts at fraud. The key is investing heavily in prevention, detection and response. It's about making security a continuous priority rather than a one-off exercise."