eCommerce fraud is a problem facing online retailers and merchants around the world. It can affect businesses of any size, affecting sales and infringing on customer trust. Merchants face serious risks when it comes to protecting themselves from this kind of financial theft.
If you’re an online merchant with your own website, chances are you’ve been affected by eCommerce fraud in some way or another. Online retail doesn’t come without its challenges: issues such as payment processing fees, shipping costs, and buyer protection all add up and can sometimes put a strain on profits.
What Is eCommerce Fraud?
eCommerce fraud refers to any fraudulent activity during a transaction made through an electronic platform, more often than not the internet. There’s no denying that eCommerce fraud is a real and dangerous threat, and it can seriously impact your business.
It’s important to remember that online retail is still new, and as such, buyers naturally remain more cautious than they would in a physical store.
Buyers want reassurances that their purchases will be safe and secure, so trust between merchants and customers is crucial. Failure to meet those demands could mean losing sales or, even worse: damage to your reputation as an online merchant.
Common Types of eCommerce Fraud
Fraud is a major concern for all eCommerce businesses. The six most common types of online fraud are interception, card testing, friendly fraud, refund fraud, account takeover, and triangulation.
Interception Fraud
Interception fraud occurs when customers use stolen credit cards to make purchases on your site. Because the order appears legitimate (i.e., it was placed using an authorized credit card), interception is difficult to detect without sophisticated software protection tools.
Card Testing Fraud
Card testing involves analyzing transactions to determine whether they will be approved by the issuer or the card association (Visa, MasterCard, etc.). Once approved, criminals use the same card and account information to make a much larger, fraudulent purchase.
Friendly Fraud
Friendly fraud occurs when customers dispute legitimate charges on their credit card bills to get free products or reimbursements. Typically, merchants do not refund payments made with stolen cards, but criminals can convince victims to file chargeback requests against these through social engineering techniques such as phishing emails.
Refund Fraud
Refund fraud often involves the possession of compromised email accounts that have been used for subscriptions. Criminals use these accounts to subscribe users to paid services or newsletters without their consent and then request refunds from the merchant by claiming that they never agreed to the purchase.
Account Takeover Fraud
Account takeover occurs when criminals gain access to users’ accounts by exploiting vulnerabilities in a site’s security systems and then using those accounts for fraudulent purchases. Account takeover often involves subscribers redirected to malicious links sent via phishing emails or disclosed through social media channels.
Triangulation Fraud
Fraudsters triangulate information gathered from different sources (such as intercepting an email with a password change notification) to break into eCommerce accounts. This is one of the most common types of fraud on Facebook today because cybercriminals know that many do not take the necessary precautions to protect their account.
Triangulation fraud is particularly dangerous because it often results in the compromise of all eCommerce accounts on a particular site, and users may not realize they’ve been compromised until after fraudulent purchases have been made.
Fighting Back eCommerce Fraud
Fraud is an unfortunate reality of the eCommerce world. U.S. companies lose more than $100 billion each year to fraudsters, while merchants in some industries can see fraud rates as high as one fraudulent transaction for every three legitimate ones.
What can retailers do to fight back? Here are eCommerce fraud prevention tips:
Taking Advantage of Fraud Detection Solutions
Fighting eCommerce fraud starts with prevention, and few areas are better suited to getting ahead of fraudsters than using advanced detection solutions that can spot suspicious behavior in its early stages.
Fraud tools are the best early warning system you can have. They tend to be more proactive about avoiding fraudulent transactions rather than simply flagging them after they happen.
Fighting Fraud with Merchant-Funded Solutions
Merchants that don’t use merchant-funded solutions are being shortsighted when fighting fraud. Card issuers do a great job identifying risky transactions and protecting their brand reputation by flagging or even declining orders.
The problem is that while credit card companies provide some level of fraud protection, the onus is still on merchants to deal with the fraud that slips through the cracks.
In a merchant-funded model, you’re responsible for all fraud. If your fraud rates are high and you’re not using tools, it’s going to be highly costly.
That’s why every merchant should look into using robust, third-party fraud detection solutions that can catch suspicious behavior at its nascent stages. By proactively stopping fraudsters in their tracks before they can do damage, these solutions provide an invaluable layer of defense against fraudulent orders.
Maintaining PCI Compliance
While many business owners see compliance with card processing standards like PCI as an inconvenient obligation, it goes further than verifying credit card numbers and processing payments.
PCI compliance is a proven method for reducing fraud, thanks to companies’ requirements to protect cardholder data from being seen or stolen by unauthorized parties.
The PCI-DSS standard helps merchants guard against a breach. If customer details are stored in a protected environment, they can’t be used in a scam.
Maintaining solid security practices helps prevent the leakage of personal information. It also ensures that if any sensitive data is lost or stolen, it won’t fall into the wrong hands. This minimizes the chances that customers will become victims of identity theft or credit card fraud.
Be Extra Vigilant During the Holidays
Because the holidays are a time of increased spending and gift-giving, it’s also a prime period for eCommerce fraud perpetrators to exploit. Retailers should take extra precautions during this season instead of being lulled into a false sense of security due to the increase in legitimate orders.
It’s easy to get carried away with all the holiday cheer. But you need to maintain appropriate controls.
Retailers can’t be too careful when accepting payments during this busy time of year, so they shouldn’t be surprised if they see an uptick in fraudulent orders at this time.
Breaches may be more common among online stores around the holidays, but that doesn’t mean merchants should let their guard down or rely on credit card companies to protect them.
Don’t be too trusting. Keep your finger on the pulse and monitor suspicious activity during this time.
Creating Blocklists
Merchants can fight against fraudsters by blocklisting (or flagging) particular IP addresses and orders suspected of fraudulent behavior. However, there’s a fine line between blocklisting and falsely accusing customers of wrongdoing, especially when it comes to disputing orders placed with gift cards or store credit.
To ensure that all questionable orders are truly fraudulent, retailers need to develop an impartial, preemptive strategy for pinpointing potentially harmful buyer behavior.
An essential step in avoiding false positives is creating an effective decision tree. This allows you to have a set of rules so your system can self-interpret and detect suspicious behavior.
To ensure that their blocklisting strategies are effective, retailers also need to be aware of any correlation between certain transactions, such as international orders or orders paid with PayPal, and fraud.
Because it’s not always easy to immediately determine if an order is fraudulent when it comes in, merchants need to make sure they’re taking the necessary precautions against potentially damaging losses.
If you’re getting lots of customer complaints about suspicious charges, it’s time for a product upgrade.
Notes: Fraudulent activity often spikes during the holiday season. Make sure your business is PCI compliant to protect against these fraudsters. Make sure you don’t falsely accuse a legitimate customer of fraud by using a blocklisting strategy that effectively filters out fraudulent orders.