5 Types of E-commerce Fraud

Table of Contents

  1. What Is Credit Card Fraud?
  2. What Is Friendly Fraud?
  3. What Is Account Takeover Fraud?
  4. What Is Refund Fraud?
  5. What Is Card Testing?
  6. Why Fraud Prevention Is Crucial 

There are quite a few advantages to doing business through e-commerce rather than in a brick-and-mortar store. For example, you have access to more customers, you don't have to buy or rent expensive retail space, and you don't have to hire as many employees to operate your business. Unfortunately, the world of e-commerce is not without its downsides, and one of the largest downsides is the fact that e-commerce merchants face more fraud than brick-and-mortar ones.

Almost every fraudulent purchase will result in a chargeback, which means fees and lost revenue for the affected merchant. Even worse too many chargebacks can result in additional consequences from card networks, processors, and acquirers up to and including account termination. In order to prevent this, e-commerce merchants need to know what they're up against. Let's talk about the five most common types of e-commerce fraud.

New call-to-actionDue to the relative ease of obtaining payment credentials from unsuspecting victims through phishing attacks as compared to stealing physical credit cards, e-commerce merchants are especially vulnerable to fraud.

Even with a success rate of 0.01%, a single phishing email sent to 10 million people can return 1,000 credit card numbers.

Those numbers can then be used to make purchases from e-commerce merchants, either by the fraudster themselves or by others after the credentials are sold on the dark web.

Estimates suggest that fraud cost e-commerce merchants $12 billion in 2020. And according to a 2021 report by LexisNexis, merchants lose an average of $3.60 in total for every dollar lost directly to fraud. The stakes are clearly high for merchants, and when it comes to preventing fraud, knowing is half the battle.

What Is Credit Card Fraud?

Credit card fraud is when someone makes an unauthorized purchase with credit card information that isn't theirs. This is the type of fraud people are most familiar with, in part due to how common it is.

Stolen credit card numbers are often obtained through phishing attacks that contact people by phone or email and attempt to convince them to hand over their credit card information. Sometimes these attacks promise a reward, other times they impersonate a trusted business or a government agency.

Credit card numbers can also be obtained by hacking a customer information database that's not properly secured, but these records won't contain all the information needed to successfully make a purchase from a merchant who has basic fraud prevention measures in place.

Stolen credit card information is bought and sold online, and this information can be used to make fraudulent purchases, especially from merchants whose fraud protection isn't up to snuff.

The rise of online shopping has come with a commensurate rise in credit card fraud, though it's also the type of fraud that card networks have put the most effort into fighting. Changes like EMV chips and new payment methods like Click to Pay are largely targeted at this type of fraud.

What Is Friendly Fraud?

Friendly fraud is when a customer knowingly makes a purchase, but then disputes the charge with their bank anyway—likely in an attempt to get a free product or service.

Friendly fraud also might occur when a customer is frustrated with a merchant (or their shipping or customer service) or out of impatience if a delivery has been delayed. However, the most common form of friendly fraud is the result of unclear merchant descriptors.

If someone is looking at their account history and sees a payment with a description that doesn't seem familiar, they will often file a chargeback to dispute it. Merchants can avoid this by ensuring their descriptor is clear and by using programs like Order Insight to preempt confused customers.

What Is Account Takeover Fraud?

Account takeover fraud occurs when a fraudster gains access to someone else’s online account—maybe the login for Amazon, an online store, or possibly to their PayPal, Apple Pay, or Google Pay account.

In many cases, this is easier than you’d expect. Most people use low-security passwords that fraudsters can easily hack with a little bit of personal information found on the web. Even more reuse the same passwords for multiple sites, so if customer credentials from a low-security site are leaked, fraudsters can attempt to use the same information to log in to more secure websites.

Manage Chargeback In-House Or OutshorePhishing is also a common cause of account takeover. Instead of targeting credit card information directly, which people may be more careful with, a phishing email might link to a login page that appears to be a site the victim knows, such as Amazon or PayPal.

When the victim logs in, the fraudster can use the same information to take over the victim's real account.

There's not always a lot merchants can do about this type of fraud, which is part of the reason it has become so common. Nearly 30% of e-commerce fraud is the result of account takeover. Some fraud tools can take on account takeover fraud, however, by using device fingerprinting or location data to red flag suspicious transactions.

What Is Refund Fraud?

In refund fraud schemes, the thief purchases an item with a stolen credit card, then returns it for a refund, asking that the funds be refunded to a different card or account.

This began as a common fraud strategy in brick and mortar stores (often with the fraudster seeking cash), but its prevalence in e-commerce has risen in recent years. Increasingly generous refund policies have also made refund fraud easier than ever.

While a generous refund policy can be a great way to prevent friendly fraud chargebacks, it's important to be aware of the downsides. The easiest way to prevent people seeking to commit refund fraud from targeting your business is simply to mandate that all refunds be returned to the same card with which the payment was made. The increasingly widespread adoption of this practice has been effective at reducing these fraud attempts.

What Is Card Testing?

Card testing occurs when a fraudster tests a stolen credit card number to see if it's functional by attempting one or more small purchases. These small purchases may be subject to less scrutiny from merchants and are less likely to tip off the cardholder.

If the test is successful, the fraudster will then attempt to make large purchases in quick succession until the card is maxed out or the bank catches on and blocks further transactions.

This type of fraud can be extremely costly for merchants, even at the beginning, since fraudsters typically charge a large number of smaller purchases all at once using multiple stolen credit card numbers. If these turn into chargebacks, it could mean thousands in lost revenue and chargeback fees.

Methods for preventing card testing are mostly the same as for preventing credit card fraud in general. However, merchants can also take advantage of velocity checking tools that look for multiple purchases using the same IP or device fingerprint to attack card testing more directly.

Why Fraud Prevention Is Crucial 

When it comes to online fraud, it’s not just the lost product and incorrectly declined transactions that cost merchants cash. The chargebacks that follow fraudulent purchases also cost businesses millions.

From the lost sales themselves to the chargeback fees, the resources spent fighting the chargebacks, and the looming threat to their merchant accounts, chargebacks pose yet another significant financial risk to today’s online retailers.

That’s why the prevention of fraud—as well as the chargebacks that come with them—is crucial to operating a financially healthy business in today’s day and age.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com

Get the guide, Chargebacks 101: Understanding Chargebacks & Their Root Causes

Ready to Start Reducing Chargebacks?