With ecommerce fraud projected to cost businesses over $48 billion in 2023, online retailers need to be aware of the threats they are exposed to. This article will discuss why ecommerce fraud is on the rise, six primary fraud techniques, and steps businesses can take to prevent each type of ecommerce fraud.
Why is ecommerce fraud on the rise?
Ecommerce fraud is rising due to a significant gap between its rapid growth and inadequate fraud prevention capabilities. Cybercriminals are drawn by the potential for monetary gain, making ecommerce fraud highly attractive.
Online shopping has been experiencing 209% growth year-on-year, but traditional security and fraud detection solutions haven't innovated fast enough to thwart malicious actors. These failures end up costing businesses around 7.5% of their annual revenue.
This highlights the need for businesses to turn to digital identification solutions, such as Fingerprint, to keep up with the expanding number of online transactions and the sophistication of malicious actors.
Six types of ecommerce fraud
Online merchants are responsible for ensuring that customer transactions are secure. Unfortunately, fraud is common for online business owners, so it's essential to be aware of the types that might affect your business and customers.
Below are six types of ecommerce fraud that online businesses should be aware of to protect themselves and their customers.
1. Card cracking
Card cracking occurs when cyber criminals make small charges to test whether a credit card will work for larger transactions. Targeted victims of this fraud include small businesses, companies that accept micro-transactions, and organizations reliant on donations. These entities typically lack sufficient authentication processes or resources to detect such fraud more efficiently, making them vulnerable to these schemes.
Card cracking can result in the following:
- Chargebacks where businesses lose money in fees and inventory.
- Bank penalties for fraudulent purchases.
- Higher payment decline rates may alert banks to high levels of risk associated with your business account.
Since stolen credit cards are often quickly canceled and reported, criminals may make insignificant purchases to avoid alerting the owner of fraudulent activity. Typical signs of card cracking include a series of small purchases happening in a short amount of time and an abundance of declined card notifications (e.g., incorrect expiration dates, wrong CVV numbers).
How to prevent card cracking:
- Include AVS and CVV tracking in payment processes.
- Monitor small transactions.
- Blocklist users with a history of card cracking.
- Implement a digital identification solution.
- Implement bot detection.
2. Chargeback fraud
Chargeback fraud occurs when a customer makes a legitimate purchase, then reports the transaction as fraudulent to receive a refund directly from the credit card company.
In some cases, chargeback fraud can also be classified as friendly fraud, where the card owner is complicit or somehow benefits from the purchase. The card owner may want a refund because they regret their initial purchase, do not remember making the purchase itself or possibly had their card used by a friend or family member. Other cases involve a malicious actor with no relation to the card owner.
Either way, chargeback fraud is the most common and expensive type for businesses, resulting in excess bank fees, lost inventory, bank card blocklisting, lost revenue, and lost time trying to resolve the issue.
How to prevent chargeback fraud:
- Use secure and trusted credit card verification tools.
- Check orders - some examples of fraud indications include many small purchases in a short time or completely different billing and shipping addresses.
- Automatically send email confirmation that an order has been made. This makes it harder for customers to claim that they never made a purchase and keep a paper trail.
- Making sure transaction details clearly state your business name and inform customers how it will show up on their account.
- Secure website payments against fraudulent activity/transactions before they happen with ecommerce fraud prevention software.
Triangulation fraud happens when an innocent customer makes a legitimate purchase on a third-party marketplace from a scammer who orders from the original retailer using stolen credit details to complete the initial transaction.
This fraud type is a complicated and increasingly common issue unique to online retailers, especially those with business models that sell on behalf of wholesalers and don't require direct customer-supplier interactions.
The following is an example of a typical triangulation fraud incident. Three distinct parties are involved (not including the credit card owner): the fraudster, a customer attempting to make a purchase, and the merchant.
- A customer makes a purchase on a third-party marketplace (e.g., Facebook marketplace, Amazon).
- The fraudster, posing as the customer, purchases the product from the retailer using stolen credit card details.
- The product is sent to the customer, as the fraudster has inserted their legitimate details in the purchase order.
- The owner of the stolen card notices the fraudulent activity and requests a chargeback from their bank.
- The retailer loses the money from the purchase, the fraudster pockets the customer's money as a middleman, and the legitimate customer is none the wiser.
How to prevent triangulation:
Triangulation can be challenging to identify, so it's crucial to have systems in place that automatically detect suspicious activity. This includes implementing a digital identification solution that identifies visitor behavior and bolsters payment systems to reduce the number of fraudulent transactions and chargebacks.
4. Account takeover
As its name implies, an account takeover occurs when a scammer takes over a legitimate customer's account. This could also involve the takeover of employee/business accounts to gain sensitive information about customers while posing as an official account. To make matters more complicated, bots are typically used to automate the process of gaining brute-force access to accounts.
How to prevent account takeover:
- Associate multiple login attempts from bot networks and block additional attempts from suspicious visitors.
- Use accurate visitor identification methods and require additional authentication from new/untrusted visitors before granting access.
Protecting users against account takeover can ensure that customers have an optimal experience and prevent chargebacks and penalties/fines from impacting your bottom line.
5. Interception fraud
Interception fraud is a criminal activity where criminals obtain sensitive information by intercepting data passed between two parties.
Interception fraud may involve:
- Intercepting important emails (e.g., invoices, requests for information) before they get to the intended recipient, then posing as the sender to elicit sensitive details from the customer. Fraudsters sometimes set up filters, so the original intended recipients never see the emails.
- They are posing as the login page of a legitimate website to trick customers into submitting their email/passwords. Criminals can then use the harvested credentials to log in to the real website and perform fraudulent transactions.
- Planting malware into websites or devices to steal sensitive information like email or account logins.
- Gaining access to customer details to modify orders in progress (e.g., changing the shipping address).
How to prevent interception fraud:
- Use data encryption—specifically, by enabling HTTPS on all websites and applications.
- Use a third-party service rather than internal email for invoicing, requiring employees to change their passwords regularly, scan corporate devices for malware (especially those configured for corporate email), and check email filters for suspicious forwarding addresses.
6. Identity theft
Identity theft occurs when a scammer uses the victim's details to steal even more personal data, drain financial accounts, or commit a crime under the stolen persona. This fraud affects millions of people every year and leads to lost revenue, wasted time, and compromised trust for consumers and businesses.
How to prevent identity theft:
- Implement site-wide encryption to protect customer data/privacy.
- Use multi-faceted verification methods.
- Restrict employee access to critical systems depending on specific job duties and requirements.
Online shoppers inherently trust the merchants they purchase from; in return, businesses need to ensure customers that their data won't fall into the hands of cybercriminals. Fingerprint helps online merchants stay ahead of fraudsters with browser fingerprinting by identifying unique and anonymous users with 99.5% accuracy.
By uniquely identifying malicious visitors and related patterns of fraudulent activity, ecommerce store owners can take proactive measures to reduce the risk of compromise. Give Fingerprint a test drive today; it's free for fourteen days with unlimited API calls.