What is eCommerce Fraud?

eCommerce fraud is the online purchases made by criminals using fake or stolen credit cards, making e-commerce fraud prevention crucial for online businesses. This type of fraud leaves the merchant or seller without payment for the sale they complete.

Purchase fraud was once limited to stealing of credit card. But with rise of new payment methods, technologies, and payment processing systems opened many doors for criminals to commit fraudulent purchases online.

While latest technologies like EVM chip have helped to reduce counterfeit credit card fraud, e-commerce fraud prevention remains a challenge, as card not present fraud is increasing each year.

A masked cybercriminal using a phishing hook to steal data from an unsuspecting businessman on his laptop, symbolizing the importance of e-commerce fraud prevention.
Stay safe from phishing! Learn e-commerce fraud prevention to protect your business.

Implications of eCommerce Fraud

eCommerce fraud often leads to chargeback, where the merchant must refund the amount to the cardholder. The sum includes transaction fees, legal fees, currency conversion, etc.

Moreover, the merchant also loses the product because they don’t receive payment for what they deliver.

In addition, if a merchant faces a large number of chargebacks, they struggle to find acquirer to process payments, as banks consider them high-risk customers.

Why does eCommerce fraud take place?

eCommerce transactions do not require a physical card to be present to complete a purchase. Customers only need to fill the card information. This allows criminals to obtain the card details from others and use it to make fraudulent purchases. Since a large amount credit card and debit card details are stored online, hackers can remotely access these data.

Every time businesses implement new measures to prevent online transaction fraud, cunning fraudsters step up their game and find new ways to exploit the system. So, it is really important for eCommerce businesses to equip themselves with the right tools and strategies to prevent fraudulent purchases.

Types of eCommerce Fraud

Stolen cards were once the most common types of eCommerce fraud, but the complex online transactions systems opened new doors for cyber criminals. They are highly creative and new forms of online transaction frauds are appeared in each year. Here are some common eCommerce fraud methods that you should know about.

Card Testing Fraud

Cybercriminals gain access to many credit card numbers either by stealing them or by purchasing them from the dark web. But they may not know whether all the card numbers work for online purchases. Some may be blocked or maxed out. Others may not be valid anymore.

So, they use bots or scripts to automate the process of checking a large number of credit card numbers. In this stage, they go for small purchases because their goal is to filter working card numbers without alerting the owner of the card or merchant. So, it is difficult to recognize fraud at this stage. Once the fraudster filters working card numbers, they go for expensive purchases.

Interception Fraud

Large eCommerce websites can verify whether the shipping address matches the address of cardholder in the card issuer company records. If they do not match, the purchase may raise a red flag.

So, fraudsters enter the cardholder’s address as the shipping address when they use a stolen credit card to make a purchase. This way, they can avoid the red flag. Then the fraudster calls customer support and changes the shipping address before the product is shipped.

Chargeback/Refund Fraud

Card issuers and bank offers chargeback service to protect their customers. It allows card users to reclaim their money for illegitimate purchases. For example, if someone steals their credit card information and makes a purchase, the card holder can approach the bank or card issuer and request for refunding. This feature is a headache for eCommerce businesses. Chargeback requests can be genuine or malicious.

A card holder may request for chargeback when their card is used by criminals to make purchases. They may also request chargeback for the following reasons.

  • They never received the product
  • They returned the product, but the seller did not processed it
  • The item does not match the advertisement
  • The company did not cancel a recurring payment as requested

But not all people are honest. Some customers may request for a chargeback stating the above reasons even if they are not true. This is like shoplifting. They try to get something for nothing.

Affiliate Fraud

Affiliate marketing is a great technique for eCommerce businesses to increase visitors and sales. However, there are malicious actors who sign up for affiliate programs and send fake traffic to the online store. They also rely on spam emails and fake advertisements to direct traffic to the online store.

Triangulation Fraud

Malicious actors set up fake eCommerce websites and make compelling offers to persuade people to make purchases. When people make purchases, the malicious actor collects the credit card details of many people. Then they use the obtained information to make fraudulent purchases on other eCommerce websites.

Phishing/Account Takeover Fraud

Most online stores allow users to store personal information, including card details, in their account. So, if a user account gets hacked, cybercriminals can make illegitimate purchases. For a cybercriminal, they don’t have to hack the online store, user account, or the email. If they get access to even the social media account, they can use it to sign in to an online store and make purchases.

Hints of Fraudulent Orders

You can recognize potential fraudulent orders by looking for the common signs. Here is a list of some hints that will help you to identify possible fraudulent orders. If a couple of these hints are appear in an order, there is nothing to worry about. But if a single order contains several of these hints, it’s time to roll up your sleeves, start digging and verify if it’s a potential fraudulent order.

  • Multiple orders come from multiple credit cards: Fraudsters may use multiple stolen cards or details of multiple cards which they may use in the same day or over a prolonged period of time.
  • Many transactions occur in a  short span of time.
  • First time shoppers: Fraudsters usually target new online stores every time or use new account and credit cards. If the shopper/account has already made some purchases, their new orders are very less unlikely to be a fraudulent.
  • Fraudsters often make large purchases for various reasons.
  • Large quantities of the same products: Fraudulent purchase patterns show that fraudsters buy a large quantity of the same products.
  • If multiple transactions occur in a short span, criminals might be attempting to max out stolen credit cards.
  • IP address doesn’t match Shipping/billing address.

How to Prevent eCommerce Fraud

Fighting eCommerce fraud may seem like an uphill battle but fortunately, there are many different technologies and services help eCommerce businesses to reduce fraud risk.

Implement 3D Secure

3D Secure is one of the most efficient solutions to tackle eCommerce fraud. It requires card users to go through additional verification during the transaction process so fraudsters can’t misuse stolen cards or card information. Moreover, when the 3D secure is enabled, the system transfers chargeback liability from merchant to the card issuer. So, it provides a great relief for eCommerce businesses.

Use Fraud Prevention Tools

There are many fraud detection and prevention tools for eCommerce websites. They provide multiple layers of protection to each transaction. Here is a list of some of the most popular eCommerce fraud detection and prevention tools.

  • Subnumo (works with WooCommerce, Magento, PrestaShop, Shopify& ZenCart)
  • Riskified (supports Magento, Shopify)
  • Fraudlabs Pro (Available for Magento, OpenCart, osCommerce, PrestaShop, Shopify, VirtueMart, WooCommerce, and ZenCart)
  • Dupzapper (Compatible with all ecommerce platforms)
  • Kount (designed for Magento)

Maintain PCI Compliance

PCI compliance is mandatory for all payment processing services, but they only provide the basic protection. So, you should also ensure that you follow the recommendations of PCI.

Require CVV and AVS

CVV (Card Verification Value) and AVS (Address Verification Service) helps to some extent, to verify that the actual cardholder is making the purchase. So, ensure that your payment processor supports these features and enables them.

Check for Unusual Card Declines

Fraudsters often have details of a large collection of cards and they try each card one by one. Most of these cards will be already blocked, expired or maxed out. So, they will be declined by the payment processor.

So, if there is any account that used multiple cards and most of them declined, the user is more likely a fraudster. So, it is a good idea to blacklist such accounts.

Implement SSL Certificate

SSL certificate serves as one of the most basic security measures. When SSL is implemented, the data is transferred through HTTPS protocol which gives an extra layer of security.

Use Velocity Checks

If you notice unusually large transactions, it’s more likely that a fraud trying to make purchase with stolen card. Velocity checks helps to look for these unusual transactions and block them. These transactions can then undergo manual review and approve after contacting the cardholder.

Conclusion

Fraudsters come up with new strategies quickly. So, you should always ensure that you follow the latest prevention practices. You should also consider subscribing for premium eCommerce fraud prevention tools to detect and prevent fraud attempts.