Owning an ecommerce business entails a unique set of challenges. Online businesses are quickly becoming easy targets for cyber criminals and ecommerce fraud continues to increase. Fortunately, ecommerce fraud prevention is also on the rise, with methods as sophisticated as the scams that they themselves prevent.
Ecommerce is a complex and sometimes risky sector for merchants. There are many opportunities to expand your business, but the expansion can expose you to new threats. The Association of Certified Fraud Examiners has found that about 50% of small businesses are victims of fraud at some point in their business life cycle.
In fact, the ecommerce sector is becoming a very tempting target for cybercriminals. According to Javelin’s Strategy and Research Study , by 2020 the volume of online payments will reach a total of $646 billion worldwide.
This is why ecommerce fraud i s growing so rapidly. Despite the efforts of the industry and the increase in the number of online fraud prevention tools, these hackers have managed to successfully make a profit at the expense of a total of two million victims in 2019 alone .
In addition, as concern about ecommerce fraud has grown dramatically, online businesses’ perception that they are under attack has also increased. As a result, “fake” frauds reduce merchants’ revenues . According to the study, nearly one-third of all transactions rejected on suspicion of fraud are actually legitimate.
False frauds do not only prevent the sale from happening, but also damage the seller’s brand, as customers are frustrated by the fact that their purchase has been rejected.
However, online fraud can be detected and prevented with the right tools. In this article, we discuss the most common scams affecting ecommerce merchants, the warning signs of possible fraud, and best practices to prevent it.
The most common ecommerce merchant scams
As a merchant, your first defensive tactic against ecommerce fraud is simply to know what you’re dealing with.
Here are the 7 most common online frauds.
Friendly fraud (or Chargeback Fraud)
A customer (the scammer) complains and claims a refund for a purchase while keeping the product.
In this situation, the customer keeps the purchased item, but receives a refund, because he claims (falsely) that the product does not meet expectations or because the payment was made with a stolen card.
Usually, this type of fraud is not carried out by cyber criminals, but by consumers who are clearly aware of what they are doing.
Classic fraud (or Clean Fraud)
A fraudster uses a stolen card to make a purchase.
As in the previous case, this type of online fraud is generally committed by unsophisticated fraudsters.
However, it is more complicated than friendly fraud, as there is a third person, the fraudster, who steals the credit card credentials. This can cheat fraud detection systems by changing the IP of the device from which the fraud is committed.
Triangulation refers to the case in which the fraudster creates a false online storefront, where he sells products at very cheap prices.
The fraudster creates a fake online business, whose sole purpose is to get credit card details. Upon receiving the customers’ orders, the fraudster orders the goods from a real seller and sends them to the original customer. The scammer charges for the product, but the customer pays twice: the cheap price in the scammer’s business, and the original price from the real seller.
Sometimes, the scammer also uses the card information to make purchases on his own. This type of fraud can be identified by investigating the products that are part of the scam itself, and by trying to discover the online business where the scammer buys the products from the real merchant.
Fraud via identity theft
A fraudster obtains and uses another person’s personal identification data to commit fraudulent actions, for example, an online purchase.
In this case, the fraudsters steal someone else’s identity, create credit cards in the victim’s name and make online purchases. As the number and scope of data leaks increases, this type of fraud is becoming more common. It is also the most difficult to identify, as the fraudsters behind the identity theft often use pretty sophisticated methods.
Fraud via account takeover
This occurs when fraudsters take over the username and password of a legitimate customer and use stored credit cards to make purchases online.
Usually the shipping address is updated shortly before the purchase so that the fraudster can receive the stolen items.
Fraudsters create orders where the billing and shipping coincide with the address linked to the card in order to intercept the order.
Fraudsters can take over the package in several ways:
- Asking a customer service representative to change the address of the order before shipping.
- Contacting the seller to send the package to an address where he can receive the stolen goods.
- In cases where the fraudster lives near the cardholder’s billing address, waiting physically near the delivery address and offering to sign for the package when the owner is unavailable.
Fraud via card testing
This fraud consists of checking the validity of a credit card number, with the intention of using the same information on another website to commit an online scam.
To carry out this fraud, fraudsters often choose websites that show different types of response to cards that are declined.
For example, when a card is declined because of an incorrect expiration date, a different response is given, so they know they only need to find the expiration date. Usually this is done with bots, and the transaction attempts occur quickly and successively.
Warning signs of ecommerce fraud: detect it before it happens
The most effective method of preventing ecommerce fraud is to recognize the warning signs early enough to avoid them.
These are some of the signs that should put any merchant on alert:
- The shipping address and the billing address are different. This is what happens in identity theft fraud and triangulation fraud, where the card owner does not receive his order.
- Repeatedly rejected transactions. The fact that a transaction is rejected once or twice can happen to everyone, but transactions that are repeatedly rejected are a warning signal to the merchant. Although not always the case, this can be a sign that someone is trying to figure out personal data that they do not legally have access to.
- Many orders to the same address but with different cards. Making repeated online purchases with the same stolen card ends up bringing unwanted suspicion. This is why more experienced fraudsters often use different stolen cards in their transactions. However, having their orders sent to a different address for each transaction is not as easy as changing the stolen card.
- Excessively large orders (especially if they are urgent shipments). As with most crimes, fraudsters want to ensure that the reward justifies the risk they take in committing online fraud. For that reason, ecommerce frauds are often carried out on large orders. At the same time, the fraudsters want to make sure that the victims of the fraud do not notice that they are being victims of online fraud, so they try to make sure that the shipment is made as quickly as possible.
- Suspicious email addresses or phone numbers. An identity theft is rarely 100% foolproof, usually the fraud is committed with one or a couple of holes. That’s why it’s a good idea to look out for email addresses that don’t seem to make sense (different names, companies pretending to be individuals, etc.), as well as suspicious phone numbers (prefixes that differ in delivery and billing addresses).
- Many orders for the same item. Ecommerce fraudsters tend to choose items with a higher price, and when they find the one they like, they use it in their scams over and over again. Often the merchandise is fenced anyway, so it’s more about the monetary value than the actual product.
Ecommerce fraud prevention: practices to optimize security in your online business
With so many types of online fraud, how can ecommerce vendors prevent fraud from occurring? Here are some of the best practices you should consider implementing in your online business.
Be PCI DSS compliant.
The minimum required by law with which online merchants must comply is the Payment Card Industry Data Security Standard (PCI DSS).
Complying with PCI is not too difficult, as it requires online retailers to take simple measures such as changing default passwords on all their computers and establishing firewalls to protect their customers’ sensitive data.
truust.io is a PCI II compliant that offers several solutions as a payment partner to businesses at any size. For more information, get in touch with our team .
It is important to note that many ecommerce hosting solutions are PCI compliant without the merchant having to do anything. Therefore, if an online merchant is looking for a new solution for his ecommerce, it is convenient to choose one that is already PCI compliant.
Implement AVS and CVV
Using AVS (Address Verification Service) and CVV (Card Code Verification) are excellent ways to help prevent online fraud.
AVS ensures that the billing address entered matches the billing address the credit card company has on file. Most ecommerce sellers already use the AVS in their online businesses.
CVV is the three-number security code printed on the back of credit cards. This security measure is used less frequently in online stores, although it is becoming more common. The CVV is particularly useful as it is a code that is not stored in databases or printed on receipts. Thanks to this security measure, only by looking at the physical card is it possible to know the three-number code.
Follow up personally
Fraudsters will always prefer lazy merchants, as they will never check things twice. That’s why one of the most effective preventive measures against online fraud is to follow up on suspicions. With a little effort, this can help uncover exactly what the scammer doesn’t want us to see.
Here are some tracking practices that can help stop online fraud in time:
- Call the customer’s phone. This is the fastest way to verify that someone is who they say they are.
- Send an email directly to the customer to check if their email address is authentic. Honest customers won’t mind if you politely explain your suspicions, but fraudsters won’t know what to do. Pay attention to things like grammar and spelling in your answers to see if English is their second language.
- Search for the individual on social networks. Check their name and/or username to see if they are real or not, and if their profile matches the rest of the information.
- Delay the delivery. As previously mentioned, fraudsters want the fraud to be carried out as quickly as possible to minimize the chances of being discovered. Delaying a shipment on purpose, and letting them know about it, can discourage them from committing the fraud. However, this is a disadvantage for honest buyers, which is why this measure should be used only as a last option.
It is obvious that in an ecommerce there is usually not enough time to monitor each order individually. However, it is very important to be able to identify suspicious orders, no matter how minor they may seem, and to track them thoroughly to avoid possible fraud.
Conclusion and summary
Ecommerce fraud shows no signs of diminishing soon, but quite the opposite: the threat of online fraud is on the rise. Year after year, fraudsters steal large amounts of money from both online businesses and their customers.
But besides the monetary costs, fraud also negatively affects shoppers’ confidence in online stores, which can lead to further losses of money for ecommerce businesses.
That’s why security in online transactions has never been a higher priority than it is today. Fortunately, merchants can prevent fraud by detecting it before it occurs.
Review the most common online scams that we have presented in this article. Also, always be aware of the warning signs we have explained so that you can detect fraud attempts. Finally, consider implementing the anti-fraud practices we propose in your online business so that cybercriminals do not see your eCommerce site as an easy target.