Ecommerce is booming, and with the rise of numerous ecommerce platforms that let you easily build an online store from scratch, together with a constantly growing trend of online shopping, there never was a better time to offer your goods for the masses. But, everything has its downsides, and it’s important to be aware of the possible dangers of online selling; after all, there is trouble even in paradise.
What is ecommerce fraud?
Ecommerce fraud in definition is any type of illegal online transaction; it isn’t something we hear about often in the media, but the unfortunate truth is that it is becoming a global, concerning phenomenon; it comes in many different shapes and colors, targeting hundreds of millions of customers and merchants alike, from small business to large enterprises; according to a recent research by JuniperResearch, ecommerce fraud is expected to exceed $20B during this year, which is almost 20% more(!) compared to 2020.
In the following article we’ll dive into the different risks of ecommerce fraud; we’ll list some popular methods to detect it and break down different types of ecommerce fraud prevention tools.
What are the risks of ecommerce fraud?
In addition to risks of damaged brand reputation and decreased customer retention, the most obvious one that comes to mind when thinking about ecommerce fraud is profit margins cut. A research by NexisLexis found that the average cost of these types of frauds increased by 7.3% during 2020 compared to 2019.
As it isn’t hard enough to calculate your profits when business operations are as usual, this mission gets even harder when having to take into account losses incurred as a result of ecommerce fraud; that’s why making sure all your business metrics are tracked properly should be a top priority, and this is where BeProfit steps in: Shopify’s most accurate profit calculator lets you track all your store’s numbers in one intuitive dashboard, so staying on top of your profits and expenses becomes as easy as it gets, even in times of confusion and uncertainty.
Types of ecommerce fraud faced by online retailers
Credit card fraud
Card fraud is one of the most popular ecommerce fraud techniques worldwide. It happens when scammers steal card information through various methods to create fake credit cards for online purchases (and also for in-person use); it can also be accomplished through identity theft where scammers steal people’s information and use it to open fake accounts or lines of credit.
Affiliate marketing is highly popular and considered by many as one of the best ways to earn money online, especially as a passive income. It involves the online marketing of products and earning a commission on online purchases (or on link clicks), usually through a link that directs to a product page. Affiliate fraud is considered as any type of illegal activity that is intended to deceive the sellers, affiliates or buyers. For example, affiliate fraud can be done using bots that direct people to a certain site through affiliate links, or by deliberately tricking people into clicking an affiliate link.
Chargeback is essentially a bank-facilitated refund that is supposed to return a legitimate transaction fund to the consumer’s bank account. Chargeback fraud is when a consumer purchases a product with the intention of taking advantage of the merchant and exploiting them out of their merchandise or services; possible claims that can be made by scammers (post purchase) are that the product wasn’t delivered or that the merchant didn’t cancel recurring billing.
Phishing is a type of cyberattack that relies on human interactions and is meant to tempt individuals to provide their sensitive information such as credit card details, passwords, identity numbers or any other personal details of value, often using email or text messages as the main type of communication. When reaching out to their potential victims, scammers will put a great effort in making their message as well as identity as legitimate as possible, usually by impersonating government officials, service providers, other people you may know, and more; then, the information collected, usually by manipulating the victim to click on a certain link, will be used to illegally access your accounts, leading to a financial loss or identity theft.
Interception fraud, often referred to as Push Payment fraud, is a type of ecommerce fraud that aims to get potential victims to pay or authorize a payment via a fake invoice that is usually sent by email; the idea is that scammers will usually intercept emails involved in a certain transaction, then create a very similar transaction file (like a repeating monthly invoice) by changing the payment details like the address and bank account numbers. In many cases, these kinds of illegal payment requests will be written poorly; the message will impersonate a supplier you work with and ask for a second payment with a different address, sometimes phrased in a way that puts pressure on the victim into completing the transaction.
Triangular fraud happens when a customer is making a genuine purchase (usually at a very attractive price) from an illegitimate store on a third-party ecommerce platform (like ebay, Amazon etc); the scammer, who is the owner of that store, is then making a purchase from another store of the exact item the customer ordered using stolen credit card details, and sets the address to match the one of the customer who made the order. In many of these cases, the scammer’s account would be relatively new and the shipping information might not match the information of the billing.
How to detect ecommerce fraud?
Inconsistency of any information provided by customers is one of the most common red flags for online store owners and requires a serious double-check before confirming a transaction. Be extremely careful, especially when encountering the following scenarios:
Shipping and billing address are different
This is a classic case to get you suspicious. In most cases, scammers that are using stolen credit card details will have their orders shipped to a different address than the one of the real credit card holder.
Same address different cards
Similarly to the previous case, getting a few orders using different credit cards with the same shipping address should be carefully examined, as it may indicate suspicious transactions; scammers are doing their best not to raise suspicion, so alternatively to placing an order with different shipping and billing addresses, orders which are placed using different credit cards are another thing to look out for.
Multiple orders on the same item
Although it’s possible, it’s not very likely that a legitimate customer will make multiple orders on the same items, especially if they’re expensive. If that happens, there’s a probable chance that a scammer has targeted one (or a few) of your products (usually high-priced ones) and that their intentions are malicious.
Although getting an order with a large amount of items should instantly make you happy, it’s worth taking a further look to make sure that it’s legitimate. As we mentioned before, a common type of ecommerce fraud is cashback fraud, which aims to get a bank-facilitated refund by placing an order on your store; the higher the price of the order, the higher the cashback for the scammer will be. Got a suspiciously large order? Look out for a cashback fraud.
Repeated declined transactions
This may be one of the most intuitive and easy-to-spot ecommerce fraud attempts. Although we’ve all probably entered wrong credit card details by accident at some point, it’s not very likely that a legitimate customer will fail that step again and again; scammers will try to guess or even use malicious software to enter credit card details that aren’t theirs. It’s recommended to set a limit for a certain amount of declined transactions and direct your customers to email or phone support where you can better evaluate the legitimacy of the order.
Suspicious email addresses or phone numbers
Although these are relatively simple details, they have a strong potential of identifying fraud attacks and should be taken into account in terms of fraud detection. Look out for suspicious email addresses, like ones that don’t match the name of the customer at all; also, Gmail addresses are naturally more riskier than a verified business email address for example. The customer’s phone number can also raise suspicion if it doesn’t match the location of the customer. In addition, there are services that can help you learn more about your customers’ email address like Verifalia or Hunter.
How to prevent ecommerce fraud?
Protecting your online store from scammers by using ecommerce fraud prevention tools should be a high priority not only to ensure the safety of your customers, but to protect your credibility and bottom line. Listed below are a few common options to help you fight e commerce frauds.
PCI compliance or PCI DSS stands for Payment Card Industry Data Security Standard. These are a set of regulations and rules that every online business should follow in order to accept credit and debit card payments, aiming to protect customers from credit card theft. There are several levels of compliance depending on your store’s annual number of transactions; simply visit the PCI Security Standards Council’s website to get more information on the actions required.
AVS (Address Verification Service)
Address Verification services (often referred to as Address Validation) provide a system to verify a person claiming to own a credit card. Address Verification services provide tools that are being offered by most credit card processors, letting you validate the address of the credit card. If you receive an order and are not sure if the customer is legitimate, this is where AVS comes in; the system integrates with the credit card company and checks if the billing address on file matches the address of that person.
After processing is complete, you get an AVS response code (like match or no match) that corresponds to the results of the verification. If the customer enters an incorrect address, the transaction can still be approved and it’s up to the merchant to decide whether to cancel the order and refund the transaction, or alternatively ship the item.
CVV (Card Verification Value)
Card Verification Value is the number that appears on the back of a credit\debit card; it is crucial for the verification process of online purchases and is not supposed to be shared with anyone other than the cardholder. Similarly to Address Verification services, if you have CVV rules enabled, then when a transaction is submitted the CVV number is being sent to the card-issuing bank; if it approves the number, the merchant gets a CVV response code to let them know whether the value matches their company records.
HTTPS (Hypertext Transfer Protocol Secure)
Https is the encrypted version of the old familiar http. It is designed to secure a connection and verify the legitimacy of webpages, functioning as an indicator of web security. Getting a https certificate is obviously crucial for the protection against ecommerce fraud, but it is also very important to make sure your potential customers feel comfortable enough to leave their personal information and make a purchase (you can guess the potential of switching to a secured connection for increasing conversions rates). In most cases, online payment providers will require your website to use https as a condition for providing their services. Prices of https certificates vary, but it’s also possible to use the services of non-profit certificate authorities, like LetsEncrypt.
Avoid non-physical shipping addresses
When making an illegitimate order, let’s say by using a stolen credit card, scammers will often choose a non-physical shipping address to reduce the chances of getting caught to a minimum. One of the most common ways to do that is by entering the details of a post office box as the shipping address; although it doesn’t necessarily indicate an illegal activity, this is something that should definitely raise suspicion.
Ecommerce fraud isn’t something that should keep you out of sleep at night, but should definitely be taken seriously during your day-to-day business operations. It’s important to be aware of all the possible dangers out there, and above all – use your common sense; if you have a hunch that something isn’t right, go with your gut and double check every suspicious activity in your store to protect your business and your customers at once.