eCommerce Fraud Prevention
Table of Contents
- What Is E-commerce Fraud?
- What Are the Most Common Types of E-commerce Fraud?
- What Are the Common Signs of E-commerce Fraud?
- How Can Merchants Prevent E-commerce Fraud?
For e-commerce merchants, fraud is a costly and challenging problem that can sap revenue and damage customer relationships. And like many of the problems merchants deal with, there's no perfect or permanent solution. Every time merchants, banks, or card networks come up with a new way to fight fraud, fraudsters come up with a new way to commit it.
With so many different fraud schemes to educate themselves about and multiple attack vectors that need protecting, merchants have their work cut out for them when it comes to mounting effective defenses. In order to effectively fight e-commerce fraud, merchants need to know what it is, how it works, and what the most common schemes are.
At the same time, sophisticated fraudsters are adapting to the changing landscape of e-commerce with innovative new scams.
Chargebacks protect customer confidence in credit cards by providing them with an effective remedy against fraud, but this comes at a high cost to merchants. When fees, lost revenue, and operational costs are factored in, a typical chargeback can cost two and a half times the amount of the original disputed transaction.
Merchants who are unable to get fraud under control experience both financial losses and damage to their reputations—fairly nor not, customers tend to hold merchants partly responsible for fraud.
Perhaps most concerning of all, merchants with excessively high fraud and chargeback rates may be dropped and blackballed by their acquirers and payment processors.
It is imperative that every merchant understand the scope of their fraud problem and develop a plan for preventing fraudulent transactions and fighting fraudulent chargebacks.
What Is E-commerce Fraud?
Not every act of e-commerce fraud involves credit cards, but most of them do. Credit cards are the most commonly used payment instruments in e-commerce and many merchants store partial or complete sets of credit card credentials in a format that can be copied and stolen in the event of a data breach.
Phishing is another common means of acquiring payment information. Fraudsters often either offer the prospect of financial gain if the victim enters their payment information or impersonate an organization the victim has a relationship with, such as their bank.
Either way, the victim thinks they'll receive some small charge or none at all, only to find their account wiped out.
Stolen payment credentials are sold and traded in bulk on the dark web, making compromised credit card numbers widely and cheaply available to even the lowliest cybercriminals.
Fraudsters know that e-commerce fraud is easy to get away with. It can be carried out with near-total anonymity, it is rarely investigated or prosecuted, and the potential rewards are quite high considering the minimal risk involved.
What Are the Most Common Types of E-commerce Fraud?
Credit Card Fraud
This is the most well-known form of online fraud, in which the fraudster uses stolen payment credentials to make a purchase. The fraudster may keep the goods for their own use or attempt to resell them on a secondary market. Gift cards are often involved, as these provide the fraudster with an easy way to extract the full cash value of a fraudulent purchase.
Account Takeover Fraud
This type of fraud occurs when a fraudster compromises a customer account on a website. Account takeover usually provides a means for the fraudster to commit credit card fraud with the payment credentials saved to the account. If an account with a bank or a peer-to-peer payment app is compromised, the fraudster may instead simply transfer the victim's funds to themselves directly.
While most common forms of fraud involve the perpetrator using someone else's payment information, that's not the case with chargeback fraud. The fraudster can use their own payment information to make a purchase, then file a chargeback under false pretenses, getting their money back and keeping the product they purchased.
When a fraudster obtains a batch of stolen payment credentials, they have no way of knowing immediately which are still valid and which have already been closed or reported stolen. In order to determine this, they attempt to make small purchases with each credit card, discarding the ones that are rejected. In many cases, these small purchases are made by a bot that can quickly test hundreds of cards.
In addition to the schemes described above, there are also other common methods of e-commerce fraud that don't usually affect merchants directly:
Triangulation fraud is a more complicated scheme wherein the fraudster sets up a fake online storefront to solicit orders for heavily discounted goods. They will then “fulfill” those orders by using stolen credit cards to make purchases with real merchants and keep the money paid to them by their customers as pure profit.
What Are the Common Signs of E-commerce Fraud?
Merchants who know their customers and their shopping patterns are in the best position to detect fraud.
When something seems “off” about an order, whether it’s the size, the shipping address, or something subtle and specific, it’s worth looking at it more closely or contacting the customer to verify the details.
While the different e-commerce fraud types listed above all have different telltale indicators, here are some things every merchant should watch out for:
- Changes to existing customer accounts, such as new email or shipping addresses.
- A sudden increase in transaction volume. This may be a sign of card testing—multiple small purchases intended to determine whether a stolen card is still active and usable.
- Unusual delivery requests, such as changes to the shipping address after the order has been placed.
- Shipping addresses that don’t match the customer’s known location (based on their IP or billing address).
- Unusually large purchases, especially those involving large quantities of a single high-value item.
How Can Merchants Prevent E-commerce Fraud?
The most effective prevention methods will depend on the types of attacks being used, so good fraud defense always starts with a careful analysis of your fraud and chargeback data to determine the nature and sources of your fraud.
However, most merchants will benefit by following these general guidelines:
- Require AVS and CVV matching on all transactions.
- Implement 3-D Secure anti-fraud technology.
- Insist on strong passwords and two-factor authentication for customer accounts.
- Use anti-fraud tools that employ risk scoring, machine learning, and other advanced technologies to detect and block fraud.
- Train your staff to recognize fraud indicators.
- Review suspicious orders and contact the customer directly to resolve questions or concerns.
- Fight fraudulent chargebacks with compelling evidence and a concise cover letter.
Fraud inevitably leads to chargebacks for merchants. True fraud chargebacks—those filed in accordance with the intent and spirit of the Fair Credit Billing Act—can't be fought. They’re legitimate chargebacks, and all merchants can do is accept them and try to find ways to stop future fraud attempts.
Fraudulent chargebacks, on the other hand, can be fought and reversed, but only if merchants have the right evidence and an understanding of how to navigate the chargeback representment process.
Fraud is a complex problem, and dealing with it requires a multilayered approach. Any strategy for reducing chargebacks must include plans for countering all of the various forms of e-commerce fraud that the merchant might experience.