Running an online business is a challenge. For online shops, there is the issue of shopping cart abandonment. If you’re a virtual law practice, there’s the difficulty of maintaining confidentiality. Even for bricks-and-mortar outlets, operating in the online space is an important stream of revenue. The biggest challenge for any online business is ecommerce fraud.
Ecommerce fraud is a threat on many levels. It can impact revenue, credibility, brand reputation, customer loyalty, and even scaling in business. Online fraud takes various forms. In tackling it, there is a range of approaches. Let’s take a look at exactly what ecommerce fraud is, how to recognize it, and how to stop it before it ruins your business.
What Is It?
Ecommerce fraud consists of a variety of criminal activities targeted at online platforms. It can range from identity theft to stolen credit cards. It can be perpetrated by hackers and, sometimes, by customers.
Although it’s an ever-increasing threat to businesses, catching and prosecuting ecommerce fraudsters is complex and expensive. Consequently, convictions are rare. The best option for online businesses is to put their energy into prevention. The first step is understanding the range of fraudulent activities your business might face. Here are the most common types:
This is the most basic and common type of fraud. All businesses can fall prey to payment fraud, particularly through CNP transactions (card-not-present). Stolen credit cards are used for purchases which are then sold on for a profit. Stolen cards can also be used to buy gift cards and vouchers.
An offshoot of this type of fraud is “card testing.” This is when fraudsters make small purchases using stolen cards to test if the card works. These purchases aren’t the end goal, but if successful and unnoticed, they give criminals the green flag to go on and spend large amounts, usually on different sites.
Closely related to payment fraud is interception fraud. Here, fraudsters intercept and take products when they’re out for delivery. They place an order using a shipping address linked to a stolen payment card. To get their hands on the item, fraudsters either contact the delivery service to redirect the package, or they lurk close to the address of the victim (the genuine owner of the stolen card), sign for the package, and steal the package, literally intercepting it on the victim’s doorstep.
Basically, fraudsters look for weak or unguarded links in the order and delivery journey. Businesses that don’t have secure systems in terms of order management ecommerce are leaving themselves wide open to interception fraud.
Account Takeover Fraud (ATO)
This form of ecommerce fraud is exactly as it sounds. Criminals gain access to and take control of a user’s account. It’s a form of identity theft where fraudsters use stolen personal information and passwords to log into a customer’s account and then make purchases or use services. They will also change passwords and other personal information, locking the genuine customer out of their account.
This type of fraud not only affects retail; gaming and streaming platforms can easily fall prey also. When it comes to issues of streaming security and performance, account takeover is a major concern.
Friendly or Chargeback Fraud
Here, the customer makes a purchase online but then claims that the transaction is invalid and asks for a chargeback. The card company is duty-bound to reimburse the customer, leaving the retailer or service provider out of pocket. Sometimes, the customer is acting in good faith, but often they aren’t. They might, for example, lie about not having received an item, or they may claim that an item they returned was never refunded.
Refund fraud is closely related to chargeback fraud. It involves a fraudster asking to be reimbursed because of accidental overpayment. The fraudster then asks for the refund to be paid to a different card, the original card is then not refunded, and the retailer ends up liable for this amount.
A little more complex in its setup is triangulation fraud. As the name suggests, it’s a three-sided arrangement. It involves a fraudster, a shopper, and an ecommerce business.
The fraudster sets up a fake storefront on a retail platform. The items for sale are usually high-cost goods at bargain prices. Customers are attracted to the shop and place orders; the fraudsters then use stolen credit cards to buy goods from a legitimate online business which they then sell to the fake store customers.
The real losers in this scenario are the unfortunate owners of the stolen cards, but a legitimate business could also be stung financially if the cards are identified as stolen and, by association with a scam, could also see their reputation damaged.
Retail Arbitrage Fraud
This fraud involves a buyer making huge quantities of purchases via malicious bots. The goods are then resold on a different platform. This activity causes wildly varying prices across the market and can destroy a customer base and profits.
New Account Opening Fraud (NAO)
Here, a fraudster will create a new account from parts of stolen, real identities. They can use this account to take advantage of offers and deals. As the fraudsters are using bits of true identities, it can be hard to identify this method of fraud.
How to Spot It
Of course, ecommerce fraudsters aim to stay unnoticed by their victims, but fraud is never invisible. Any guide on small business management tips will talk about the importance of keeping a close eye on your business transactions on a daily basis. The same goes for being alert to fraud. There are definite tell-tale signs that companies can look out for. Here’s a list of the most common ones:
- Look out for customers creating new email addresses to make purchases.
- Notice when a customer’s buying habits radically change.
- Suddenly buying at greater speed, quantity, or price than usual is a red flag.
- Be suspicious of customers shipping to unusual or multiple locations.
- Keep a check on whether a customer’s IP and billing addresses don’t match.
- Using multiple cards from a single IP or physical address is also a warning sign.
How to Stop It
It’s all well and good knowing what types of ecommerce fraud exist and how to notice them. But the most important thing is knowing how to stop them.
The answer is part human and part tech. Asking your team to be vigilant in looking for red flags is vital. Make sure your staff is briefed and trained. Prioritize this in the same way you strive to streamline team velocity.
Of course, tech plays the main role in what is a crime committed via technology. Having the right systems and software in place to protect your company is just one of the many ecommerce tools for online business needed in today’s commercial world.
Keep Anti-Fraud Software Up to Date
Tech can only help if it’s up to date. No software will save the day without maintenance. Fraudulent tactics, malware, and viruses are constantly evolving, adapting, and looking for gaps in your business’s defenses. Keep your software up to date to keep pace with new challenges.
Address Verification Services (AVS)
This system is invaluable in detecting mismatches between customer addresses and card details. Credit card companies offer this service, which works by comparing the details a customer submits during a transaction with the address linked to the payment method. A code is then sent to the business, which flags discrepancies and suspicious differences.
Having customers create strong passwords and giving them clear guidance on how to do this can be a huge help in reducing fraud. Authentication processes that require codes sent to mobile devices or voice recognition can also put blocks in the way of potential fraudsters. No account is unbreachable but stepping up authentication makes life harder for fraudsters.
Good software will flag recurring cards, individuals, or addresses linked to attempted fraud or suspicious actions. Get your team involved in making a blacklist and regularly checking it against orders and transactions that are flagged as suspicious.
Use a Third-Party Payment Processor
Outsourcing the payment side of your business to a reliable external specialist can be a safer way of handling secure payment. These companies will safely handle fraud checks, chargebacks, and data storage.
Account takeovers, new account opening, and all kinds of payment fraud are set to continue being threats in the future. Although, without a doubt, newer, more advanced versions are bound to emerge.
When it comes to ecommerce tech predictions, ai comes up again and again. Businesses are increasingly using ai for sales, so it stands to reason that fraudsters will use it too. But ai isn’t the only growing threat; synthetic identity and deepfakes are also emerging new forms of fraud.
Synthetic identity involves making a fictional persona from information about a real person and invented details. It’s a mix that can evade fraud detection software.
Deepfakes are digital, video versions of real people, manipulated to say and act as the creator decides. They’re created for malicious purposes, but the potential for deep fakes in fraud is worrying.
Ecommerce has no choice but to catch up and wise up to these fraud trends if businesses are going to protect themselves.
About the Author:
Jessica Day is the Senior Director for Marketing Strategy at Dialpad, a modern business communications platform that takes every kind of conversation to the next level—turning conversations into opportunities. Jessica is an expert in collaborating with multifunctional teams to execute and optimize marketing efforts, for both company and client campaigns. Jessica has written for domains such as Lucky Orange and Filestack. Here is her LinkedIn.