For e-commerce merchants, fraud is a costly and challenging problem that can sap revenue and damage customer relationships. And like many of the problems merchants deal with, there's no perfect or permanent solution. Every time merchants, banks, or card networks come up with a new way to fight fraud, fraudsters come up with a new way to commit it.
With so many different fraud schemes to educate themselves about and multiple attack vectors that need protecting, merchants have their work cut out for them when it comes to mounting effective defenses. In order to effectively fight e-commerce fraud, merchants need to know what it is, how it works, and what the most common schemes are.
At the same time, sophisticated fraudsters are adapting to the changing landscape of e-commerce with innovative new scams.
Chargebacks protect customer confidence in credit cards by providing them with an effective remedy against fraud, but this comes at a high cost to merchants. When fees, lost revenue, and operational costs are factored in, a typical chargeback can cost two and a half times the amount of the original disputed transaction.
Merchants who are unable to get fraud under control experience both financial losses and damage to their reputations—fairly nor not, customers tend to hold merchants partly responsible for fraud.
Perhaps most concerning of all, merchants with excessively high fraud and chargeback rates may be dropped and blackballed by their acquirers and payment processors.
It is imperative that every merchant understand the scope of their fraud problem and develop a plan for preventing fraudulent transactions and fighting fraudulent chargebacks.
Not every act of e-commerce fraud involves credit cards, but most of them do. Credit cards are the most commonly used payment instruments in e-commerce and many merchants store partial or complete sets of credit card credentials in a format that can be copied and stolen in the event of a data breach.
Phishing is another common means of acquiring payment information. Fraudsters often either offer the prospect of financial gain if the victim enters their payment information or impersonate an organization the victim has a relationship with, such as their bank.
Either way, the victim thinks they'll receive some small charge or none at all, only to find their account wiped out.
Stolen payment credentials are sold and traded in bulk on the dark web, making compromised credit card numbers widely and cheaply available to even the lowliest cybercriminals.
Fraudsters know that e-commerce fraud is easy to get away with. It can be carried out with near-total anonymity, it is rarely investigated or prosecuted, and the potential rewards are quite high considering the minimal risk involved.
This is the most well-known form of online fraud, in which the fraudster uses stolen payment credentials to make a purchase. The fraudster may keep the goods for their own use or attempt to resell them on a secondary market. Gift cards are often involved, as these provide the fraudster with an easy way to extract the full cash value of a fraudulent purchase.
This type of fraud occurs when a fraudster compromises a customer account on a website. Account takeover usually provides a means for the fraudster to commit credit card fraud with the payment credentials saved to the account. If an account with a bank or a peer-to-peer payment app is compromised, the fraudster may instead simply transfer the victim's funds to themselves directly.
While most common forms of fraud involve the perpetrator using someone else's payment information, that's not the case with chargeback fraud. The fraudster can use their own payment information to make a purchase, then file a chargeback under false pretenses, getting their money back and keeping the product they purchased.
When a fraudster obtains a batch of stolen payment credentials, they have no way of knowing immediately which are still valid and which have already been closed or reported stolen. In order to determine this, they attempt to make small purchases with each credit card, discarding the ones that are rejected. In many cases, these small purchases are made by a bot that can quickly test hundreds of cards.
In addition to the schemes described above, there are also other common methods of e-commerce fraud that don't usually affect merchants directly:
Triangulation fraud is a more complicated scheme wherein the fraudster sets up a fake online storefront to solicit orders for heavily discounted goods. They will then “fulfill” those orders by using stolen credit cards to make purchases with real merchants and keep the money paid to them by their customers as pure profit.
Merchants who know their customers and their shopping patterns are in the best position to detect fraud.
When something seems “off” about an order, whether it’s the size, the shipping address, or something subtle and specific, it’s worth looking at it more closely or contacting the customer to verify the details.
While the different e-commerce fraud types listed above all have different telltale indicators, here are some things every merchant should watch out for:
The most effective prevention methods will depend on the types of attacks being used, so good fraud defense always starts with a careful analysis of your fraud and chargeback data to determine the nature and sources of your fraud.
However, most merchants will benefit by following these general guidelines:
Fraud inevitably leads to chargebacks for merchants. True fraud chargebacks—those filed in accordance with the intent and spirit of the Fair Credit Billing Act—can't be fought. They’re legitimate chargebacks, and all merchants can do is accept them and try to find ways to stop future fraud attempts.
Fraudulent chargebacks, on the other hand, can be fought and reversed, but only if merchants have the right evidence and an understanding of how to navigate the chargeback representment process.
Fraud is a complex problem, and dealing with it requires a multilayered approach. Any strategy for reducing chargebacks must include plans for countering all of the various forms of e-commerce fraud that the merchant might experience.
Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com