eCommerce Fraud: What It Is and How to Protect Yourself
It’s no surprise that as eCommerce grows, with global sales reaching $876 billion, eCommerce fraud is surging along with it. In the last couple of years online fraud has increased by 70%. With no staff or cameras securing online stores and transactions, it’s important to know how to protect your business, virtually.
Fake or stolen credit cards, identity theft, or affiliate fraud advertising are all part of the scammer schemes for a physical or material gain at the expense of your online store.
In this article, we’ll take a look at the most common types of eCommerce fraud, how to identify each and every one of them, as well as give merchants tips and tricks in preventing online fraud. Keep reading and find out how to ensure safety of the customer’s data and their online purchases.
What is eCommerce Fraud?
Fraud is wrongful or criminal deception intended to result in financial or personal gain. A perpetrator uses deception to lead their victim to believe in a lie in order to obtain a benefit or value.
In simple terms, fraud is when a person is financially cheated by another person.
eCommerce fraud is any type of fraudulent activity occurring on an eCommerce platform.
A scammer approaches merchants proposing a fraudulent business transaction, for example, with a stolen or fake credit card.
When an online store is engaged in fraud, merchants suffer the most. Not getting a payment or being forced to absorb the fraudulent costs negatively affects their revenue.
Therefore, it’s important to be aware of the multiple types of eCommerce fraud in order to detect it in time and protect yourself, the business, and your customers.
7 Types of eCommerce Fraud You Need to Know About
With new developments in payment methods, data processing systems, and new technologies, merchants are constantly exposed to new forms of fraud. The best way to fight fraud is by identifying the type and ways to protect against it.
There are plenty of fraudulent schemes online, but we want to highlight the most common types of fraud. Recognizing them in time can help merchants implement the right strategies to protect themselves and avoid becoming fraud victims.
Here are 7 eCommerce fraud types every merchant should watch out for:
Let’s take a closer look at each one of them and learn to prevent and combat future fraud attempts.
Friendly / Chargeback Fraud
Not all transaction fraud is caused by a scammer. Sometimes, a chargeback can be initiated by a regular buyer. That is called a friendly fraud, or first-party fraud. Friendly fraud occurs when someone buys a product online and then requests a chargeback, claiming a faulty transaction.
However, chargeback fraud can be used to receive items for free. Scammers purchase items online and later argue in multiple ways just to get their money back. They can claim the item was never delivered, that they returned the item, or that it was faulty. While none of that is true, they will still get their chargeback at the merchant’s expense.
These fraudulent attacks result in chargeback fees for the merchants. The problems are essentially the same as with standard transaction fraud. Merchants succumb to the challenge of having to prove the cardholder’s bad intention when disputing the chargeback.
Transaction Fraud
A stolen credit card sells for around $150 with the right information. The more valuable data available, such as CVV, address, or security information of the cardholder, the bigger the price.
Once a scammer has purchased a stolen card, it’s time to earn some money. And there is no easier and safer way to do it than buying products online and selling them. Transaction fraud means:
- A scammer uses stolen credit card numbers and details to pay at an online store.
- The store processes the payment.
- The real cardholder notices the fraudulent transaction done without their knowledge.
- They initiate a chargeback to their bank to get their money back.
While the cardholder will get their money back easily, the merchant will be hit three times as hard. They will have to fully refund the payment, accept losses for the sale, and pay an expensive admin fee to the card network.
Furthermore, with too many chargebacks, card providers can mark merchants as “high fraud targets” and increase their transaction fees.
Triangulation Fraud
This is a new form of fraud that’s making itself known within the eCommerce world. Triangulation fraud involves a real customer, a real online store, and a fake online store operated by a scammer, who has stolen credit card details. Here’s how it works:
- The scammer puts up a listing on eBay or any other marketplace for a high-demand item.
- A customer purchases this item.
- The fake seller then uses stolen credit card details to buy the item from you – the real merchant – and gives you the address of the customer.
- You ship the product to the customer.
- The real cardholder notices a fraudulent transaction with their card and demands a chargeback.
- The fake seller disappears without a trace, while the real merchant has to pay the chargeback fee.
In the end, the customer gets their product, the scammer gets the customer’s money, while the real merchant is left with a lost sale and chargeback fees.
Account Takeover Fraud (AOT)
ATO occurs when a scammer gains access to a user’s online account on an eCommerce website or store, such as Amazon, Paypal, Google Pay, or others. Fraudsters use identity theft, malware, bots, and other tools and techniques to acquire user credentials and take control of an eCommerce account.
Many people use low-security passwords or use the same password for multiple sites. By gaining a little bit of personal information, scammers can easily hack these and use the information to their advantage. They can change account details, make purchases, withdraw funds, or gain access to other user accounts.
Account takeover fraud has become more common, costing victims and the merchant’s reputation. Customers will turn to competitor websites with stronger security measures.
Shipping / Interception Fraud
Shipping fraud occurs when the delivery address and the billing address match the information of the stolen credit card or data. The victim’s card and address are used to place an order on an eCommerce store. The main goal of the scammers is to intercept the package and take the goods for themselves.
This fraudulent activity can be done in multiple ways. The scammer can ask a customer service representative to change the shipping address just before the order is sent. They will receive the product while the payment is made by the victim of the stolen card. Or they can contact the shipping company to reroute the order to a different address.
In the end the fraudster gets the goods, the victim gets a chargeback, and the merchant is left with a lost sale and bad reputation.
Card Testing Fraud
Also known as card cracking. This type of fraud occurs when a scammer tests stolen credit card information by making one or more small purchases. These small transactions are less likely to tip off the real cardholder and attract attention from merchants. The fraudster can test whether the cards can be successfully used and what their limit is.
Once the credit cards have proven useful, scammers will quickly make more expensive purchases until the cards are maxed out or someone notices the fraudulent activity and blocks further transactions.
Card testing fraud can be extremely costly for merchants. Scammers usually make a large number of small purchases at once, using multiple stolen credit cards. If all of the small transactions turn into chargebacks, merchants may lose thousands in lost revenue and chargeback fees.
Refund Fraud
Refund schemes are simple. A scammer purchases an item on your online store using a stolen credit card. He then returns the item, asking for a refund. Only now, the payment must be refunded to a different card or account.
This type of fraud has risen within eCommerce in recent years. With refund policies being more generous than ever, refund fraud is getting easier for scammers.
In the end the fraudster gets the refund, the original cardholder gets a chargeback, and the merchant is left with a lost sale, ruined reputation, and chargeback fees. The best way to prevent refund fraud is by mandating that all refunds will be made to the same card or account.
How to Identify eCommerce Fraud
Participating in eCommerce comes with a unique set of challenges. One of them is escaping eCommerce fraud.
Validating real customers from fakes is not easy. And a single mistake can result in a huge financial loss, blacklists, tarnished reputation, as well as chargeback fees, etc.
Any fraudulent chargeback notification feels like a punch in the gut. Merchants must educate themselves about eCommerce fraud detection, as well as fraud prevention. Here are some red flags to look out for:
- First-Time Shoppers. Scammers will try their luck in one place and move on to the next, targeting stores and websites they haven't used before. Once they scam one, they will quickly move to the next, without leaving a trail. Keep an eye on first-time shoppers and their activities within your online store.
- Location, Location, Location. In the most secure transactions, the billing, IP, and shipping addresses are usually close to each other. Transactions that show long distances between those three should be treated more carefully. Keep an eye on unusual orders from distant countries, or orders with multiple shipping addresses.
- Larger Orders or Quantity. Credit card fraud will prompt larger-than-average orders, as the lifespan of a stolen card number is not very long. Scammers aim to maximize their spending in a single transaction, to max out the credit card as fast and easily as possible. Double-check unusually large orders of the same product to prevent credit card fraud to avoid becoming a victim.
- Fast Shipping. The majority of regular buyers will likely save money and select a cheaper – thus longer – shipping option. However, a scammer e will want to obtain the goods as quickly as possible, since money isn't a problem. Pay extra attention to orders with rushed or overnight shipping, as they are higher risk.
- Multiple Transactions in a Short Time Period. This is a clear red flag of credit card fraud. The fraudster is trying to max out the card before the account is closed. Double-check multiple orders made from the same account in a short amount of time.
- Multiple Cards From a Single IP address. Transactions like these will indicate multiple orders placed from the same computer. While the account names and shipping addresses may differ, a single IP address for multiple cards and orders points to a high risk of fraudulent transactions and is worth keeping an eye on.
5 Steps for Preventing Fraud on Your eCommerce Store
eCommerce fraud is an inescapable threat, looming around every corner with its many shapes and forms. To succeed in fraud detection and up your fraud prevention game, Printify offers five useful steps to take, in order to protect the business, customers, and reputation.
1. Use eCommerce Fraud Prevention Tools
Fraud detection and prevention tools are useful helpers, integrated with the most popular eCommerce platforms and marketplaces such as Shopify, WooCommerce, and Magento.
These tools help merchants screen for fraud, detect IP addresses, provide useful information from blacklists, email addresses, locations, and more. Some of the most popular eCommerce fraud prevention tools are:
2. Train Your Customer Support Team
eCommerce customer service has a vital role to play in fraud detection and protection. If your support team rushes to approve orders, fraudulent transactions can easily slip by unnoticed. Scammers tend to target front-line customer service representatives, who don’t have the necessary knowledge or training in fraud detection and prevention.
Train customer service representatives to watch out for all the above-mentioned red flags. Consider hiring additional support during holiday or peak seasons. Or, hire a professional to assess current security measures and train customer support agents to keep your business safe.
3. Use AVS and CVV
Address Verification Service (AVS) is offered by many credit card companies to help merchants compare the submitted address with the one banks have on file. A bank double-checks it and sends the AVS code to the merchant. These codes can indicate discrepancies between the existing address and the one provided by the scammer.
Credit Verification Value (CVV) is a security number printed on the back of a credit card. This code is not stored in any files, meaning the buyer needs to have a physical credit card to make the purchase. This comes in handy in preventing transactions with stolen cards.
By using AVS and CVV for transaction verification, merchants can evaluate whether to accept, reject, or flag a specific transaction for potential fraud.
4. Stay Up-to-date With PCI Standards
Payment Card Industry (PCI) security standards are designed to guarantee that all companies that accept, store, process, or transmit credit card information ensure security and a safe environment.
Stay up to date with standards and choose a reliable third-party payment processor. Merchants must ensure that their payment processors are PCI-compliant. These standards are not only required for accepting credit card payments, they help combat fraud as well.
Third-party payment processors thrive and make money off your sales. So it is in their interests to make the transactions as safe as possible, boosting the reputation and income for your business and themselves.
5. Perform Regular Site Audits
Conducting regular security checks can help merchants discover flaws in their security systems before scammers take advantage of these weaknesses.
Prevent fraudulent transactions and activities by following this checklist and precautions:
- Perform regular malware scans
- Frequently back up your online store
- Ensure the SSL certificate is current
- Keep cart plugins and software up-to-date
- Set strong passwords for all critical accounts
- Properly encrypt all communications amongst the store, customers, and suppliers
- Remove inactive plugins
- Keep the store PCI-compliant
Conclusion
Scammers get smarter by the day, thinking of new sneaky ways to accomplish their goals. There will always be someone looking to profit from fraudulent transactions by taking advantage of buyer-friendly sales policies or using stolen credit cards and identity theft.
This is why it is extremely important to implement well-thought-out practices and strategies to combat these fraudsters.
Once you understand what eCommerce fraud is, how it occurs, and how to detect it, you have the power to take the necessary precautions to prevent fraud and protect your business. Keep an eye on the red flags, follow our suggested steps, and reduce the risk of becoming a victim of fraud. Keep your business, reputation, and customers safe.
Make It Happen Today!
Written by
Baiba Blain
Share the article
Topics
