eCommerce has entered almost every household in developed and developing countries worldwide. Australian Payment Network in 2022 Payment Fraud Report states that the online spending of Australians in 2021 grew by 8.2% to $53 billion. Economic recovery after the pandemic was named one of the primary reasons for such growth.
Whereas, being the main factor for eCommerce businesses to thrive, the sharply increased number of online shoppers as was during the pandemic and growing online spending also makes it more attractive to frauds. The same AusPayNet reports that the incidence of all card fraud increased by 5.7% to $495 million for the year.
The factors described and the high-competitive environment made the protection of clients from fraud one of the primary concerns of eCommerce business owners. Moreover, the importance of protection and prevention of cyber criminal activities increases since it affects not only profitability but such essential assets like brand equity, including brand reputation and overall customer experience.
In the LION’ article supported by our partner ClearSale – the global leader in eCommerce fraud solutions, we give the definition of eCommerce fraud, introduce the most widespread types, reveal the primary principles and describe tools for detecting and preventing fraud schemes from harming eCommerce businesses.
Definition and types
eCommerce fraud is any intentional deception conducted by cybercriminals or fraudsters during an online transaction aiming for financial or personal profit, negatively affecting the business.
There are many types of eCommerce fraud, and it is helpful to understand the difference and the conditions in which they could happen.
Nine of the most common types of eCommerce fraud schemes are:
1. Credit card fraud
This type of fraud works when a fraudster uses card information, often obtained through the underground market, to buy a product or service. Thus, even if both cardholder and merchant became defrauded, it is the merchant who experiences the actual loss since refunds to the cardholder occur after the product has already shipped or the services have been used by criminals.
2. Card testing fraud
Similar to card credit fraud, this type also involves stolen data. However, here criminals test the stolen card information on the websites with different answers to incorrectly entered card data. They apply bots and scripts to test the combination of data on small test purchases, and whenever the purchase isn’t cancelled, they make the big-ticket purchases.
3. Friendly Fraud or Chargeback fraud
Friendly Fraud committing fraudster’s goal is to get a free product. During this type, the online purchase makes in an ordinary manner, and the payment processor lately will be intentionally requested a chargeback claiming hacked account or stolen credit card details. The amount that will be then reimbursed by the bank or credit card company at the final end will be paid back to them by the merchant, whereas the item will be kept by the dishonest customer.
For eCommerce companies, a chargeback is a kind of guarantee that mitigates the risks for a customer and tends to become part of the cost of doing business for enterprises. Whereas depending on the frequency, the bank can place the business on a chargeback monitoring program or classify it as a “high-risk” retailer, consequently making chargeback rates more than 1%, which affects the bottom line and even can destroy the small businesses.
4. Identity theft
In identity theft, highly sophisticated hackers use data breaches in order to still the personal data of real people, adopt their identities, issue credit cards in their names and hold online payments. This type of fraud is very difficult to identify.
5. Account takeover
Account takeover is a type of identity theft related to stolen login details of the user to enter eCommerce platforms the fraudsters target. Login details are most commonly acquired through a fraudulent practice called phishing when fraud communication imitating the eCommerce company messages is sent by email or SMS and instructs customers to enter personal and login information on the phishing website that mimics the real one.
6. Interception fraud
Interception fraud conducting cybercriminals places orders with shipping and billing address details that match the authorised card. Once the order is placed and confirmed, attempts to intercept and get to make to change the delivery address by contacting the customer support service or delivery company will be made. In some cases, if he lives in proximity to the actual cardholder, the fraudster may wait at the address and either steal it from the drop-off location, either receive the package as their own or even sign it for the victim, pretending that he is not home.
7. Triangulation fraud
Involves three parties – fraudster, shopper and legitimate online store. The fraudster creates a fake online storefront, which usually claims to sell high-quality goods at low prices and thus attracts victims. Shopper “purchases” the item by entering card information, whereas fraudsters stole this data, purchase the same item using it and have them delivered to the shopper. The victim believes that got a perfect bargain by buying the goods of quality for a low price, not knowing that exchanged them for their personal information and card details.
8. Refund Fraud
It is an attempt by cybercriminals to receive a refund for their online purchase, illegitimately declaring, for example, that the order never arrived, the box arrived empty, or items arrived with defects. When the refund could be possible only after the items are returned back, the fraudsters may send junk mail and claim that the item was sent. In the case of using the stolen card details, a fraudster could also ask for a refund to the card that differs from the one that the purchase was made through, saying it was cancelled or expired.
9. BOPIS Fraud
Buy-online, pick-up in-store (BOPIS) became a popular service feature during the pandemic, and it was also taken advantage of by criminals. It is difficult for retailers to identify them mostly because there is no shipping address which typically is matched with the cardholder billing address.
How to detect eCommerce fraud?
Although each type of fraud has its specifics, there are common marks most eCommerce fraud includes that may serve as red flags at different stages:
- Order. Multiple orders by the same buyer placed in a short period of time
- Payment. Multiple payment attempts with obvious patterns of data tailoring
- Shipment. Attempts to pay for the order from a country that differs from the country where the order should be shipped.
How to prevent eCommerce fraud?
Ensure PCI-compliance
All online stores that receive credit card payments should create their platforms in compliance with Payment Card Industry (PCI) requirements at a maximum level. PCI’s security standards are set to guarantee safe online transactions. Business processes and data security must be created and maintained based on the suggested guidelines and answer to the assigned standards.
Double down the security during peak shopping seasons or significant promotions
It is essential because of two reasons: a large flow of purchases during shopping seasons or significant promotions may distract the company from some of the routine fraud monitoring activities, whereas the customers tempted by offers and sellouts let their guard down and may become a victim of a variety of fraud schemes.
Study chargeback data
The more eCommerce fraud is imposed on the business, the more frequent chargebacks occur. Therefore, the chargeback data could be a reliable source to understand what’s causing these chargeback incidences and find an appropriate solution.
Build your fraud protection with the least experienced client in mind
Inexperienced and anxious eCommerce shoppers are a perfect target for fraudsters, and therefore they are usually the most common victims. Spreading communications to educate and encourage people to follow the simple data security rules on the internet could be one of the most efficient ways of fraud prevention. Start from the basic ones such as not trusting stranger links, checking the domain in the address line for trustworthiness before entering and submitting the data, and using the card issuers that protect their cardholders by providing advanced protection layers like 3D secure and others.
Consider fraud risks before significant business process changes
Whether it is the introduction of a new shipment method like described for BOPIS or the growth of the business by expanding to a new market, every novelty that leads to significant changes in the business processes should be predetermined by deep research and evaluation for risks of fraud. It is essential to concentrate not only on industry-specific risk trends but also consider global trends. At the same time, paying attention to market-specific fraud nuances before the expansion could prevent major financial and reputational losses in the future.
Don’t try to do it alone – choose the right fraud prevention partner
ClearSale is the world’s best eCommerce fraud solution committed to helping eCommerce businesses to stop fraud, sell more & create better customer experiences. ClearSale helps not only to prevent eCommerce fraud but also to recover losses to chargebacks and improve the customer experience. ClearSale is trusted by 5,000+ eCommerce companies worldwide, among which Asus, Privalia, Motorola, Under Armour, and Ebanx, naming a few.
ClearSale: “Highest Order Approval Rates. Lowest False Decline Rates. Happiest Customers”.