How to tackle eCommerce fraud: how it happens and prevention strategies
How to tackle eCommerce fraud: how it happens and prevention strategies
eCommerce sector has been significantly in the recent years and it is expected to reach US$6.07 trillion in 2024. It’s a good news for eCommerce stores. But it also means that there will be a corresponding increase in eCommerce fraud.
One of the biggest challenges for eCommerce businesses these days is the fraudulent transactions. Where there is money involved, criminals find illegal ways to make money. So, eCommerce businesses have to be prepared and prevent eCommerce fraud and avoid losses. In this blog, we share a few tools and strategies to equip you to tackle eCommerce fraud.
- What is eCommerce Fraud?
eCommerce fraud is the online purchases made by criminals using fake or stolen credit cards. This leaves the merchant or seller without payment for the sale they made.
Purchase fraud was limited to stealing of credit card. But with rise of new payment methods, technologies, and payment processing systems opened many doors for criminals to commit fraudulent purchases online.
While latest technologies like EVM chip helped to reduce counterfeit credit card fraud, card not present fraud is increasing each year.
- Implications of eCommerce fraud
eCommerce fraud often leads to chargeback. The merchant will have to refund the amount to the card holder. The sum may include transaction fee, legal fee, and currency conversion, etc.
Moreover, the merchant also loses the product as they don’t get paid for the product they delivered.
In addition, if a merchant faces a large number of chargebacks, they can’t find an acquirer to process their payments as they will be considered as high-risk customers.
- Why does eCommerce fraud take place?
eCommerce transactions do not require a physical card to be present to complete a purchase. Customers just need to fill the card information. This allows criminals to obtain the card details from others and use it to make fraudulent purchases. As large amount credit card and debit card details are stored online, hackers can access these data remotely.
Every time new measures are taken to prevent online transaction fraud, cunning fraudsters step up their game and find new ways to exploit the system. So, it is really important for eCommerce businesses to be equipped with the right tools and strategies to prevent fraudulent purchases.
- Types of eCommerce fraud
Stolen cards had been the most common types of eCommerce fraud but the complex online transactions systems opened new doors for cyber criminals. They are highly creative and new forms of online transaction frauds are appeared in each year. Here are some common eCommerce fraud methods that you should know about.
- Card testing fraud
Cybercriminals gain access to a large number of credit card numbers either by stealing them or by purchasing them from the dark web. But they may not know whether all the card numbers can be used to successfully to make online purchases. The card numbers may be blocked or maxed out.
So, they use bots or scripts to automate the process of checking a large number of credit card numbers. In this stage, they go for small purchases because their goal is to filter working card numbers without alerting the owner of the card or merchant. So, it is difficult to recognize fraud at this stage. Once the fraudster filters working card numbers, they go for expensive purchases.
- Interception fraud
Large eCommerce websites can verify if the shipping address is the same as the address of cardholder in the card issuer company records. If they do not match, the purchase may raise a red flag.
So, fraudsters give the address of cardholder as shipping address when they use the stolen credit card to make purchase. This way, they can avoid the red flag. Then the fraudster calls customer support changes the shipping address before the product is shipped.
- Chargeback/Refund Fraud
Card issuers and back offers chargeback service to protect their customers. It allows card users to reclaim their money for illegitimate purchases. For example, if someone steal their credit card information and make a purchase, the card holder can approach the bank or card issuer and request for refunding. This feature is a headache for eCommerce businesses. Chargeback requests could be genuine or malicious.
A card holder may request for chargeback when their card is used by criminals to make purchases. They may also request chargeback for the following reasons.
- They never received the product
- They returned the product but it was not processed
- The item is not as advertised
- Recurring payment was not cancelled as requested
But not all people are honest. Some customers may request for chargeback stating the above reasons even if they are not true. This is like shoplifting. They try to get something for nothing.
- Affiliate fraud
Affiliate marketing is a great technique for eCommerce businesses to increase visitors and sales. However, there are malicious actors who use sign up for affiliate programmes and send fake traffic to the online store. They also rely on spam emails and fake advertisements to direct traffic to the online store.
- Triangulation fraud
Malicious actors set up fake eCommerce websites and make compelling offers to persuade people to make purchases. When people make purchases, the malicious actor gets the credit card details of many people. Then they use the obtained information to make fraudulent purchases on other eCommerce websites.
- Phishing/Account take over fraud
Most online stores allow to store personal information including card details in their account. So, if a user account gets hacked, cybercriminals can make illegitimate purchases. For a cybercriminal, they don’t have to hack the online store user account or the email. If they get access to even the social media account, they can use it to sign in to an online store and make purchases.
- Hints of Fraudulent Orders
You can recognize potential fraudulent orders by looking for the common signs. Here is a list of some hints that will help you to identify possible fraudulent orders. If a couple of these hints are present in an order, there is nothing to worry. But if a single order has several of these hints, it’s time to roll up your sleeves, start digging and verify if it’s potential fraudulent order.
- Multiple orders from multiple credit cards: Fraudsters may have multiple stolen cards or details of multiple cards which they may use in the same day or over a prolonged period of time.
- Many transactions in short span of time
- First time shoppers: Fraudsters usually target new online stores every time or use new account and credit cards. If the shopper/account has already made some purchases, their new orders are very less likely to be a fraud.
- Large orders: Fraudsters usually purchase for huge amount for various reasons.
- Large quantities of the same products: Fraudulent purchase patterns show that fraudsters buy a large quantity of the same products.
- Multiple orders in short span of time: Criminals attempts to max out the credit cards as quickly as possible.
- IP address doesn’t match Shipping/billing address
- How to prevent eCommerce fraud
Fighting eCommerce fraud may seem like an uphill battle but fortunately, there are many different technologies and services that help eCommerce businesses to reduce fraud risk.
- Implement 3D Secure
3D Secure is one of the most efficient solutions to tackle eCommerce fraud. It requires card users to go through additional verification during the transaction process so fraudsters can’t misuse stolen cards or card information. Moreover, when the 3D secure is enables, the chargeback liability is transferred from merchant to the card issuer. So, it is a great relief for eCommerce businesses.
- Use fraud prevention tools
There are many fraud detection and prevention tools for eCommerce websites. They provide multiple layers of protection to each transaction. Here is a list of some of the most popular eCommerce fraud detection and prevention tools.
- Subnumo (Available for WooCommerce, Magento, PrestaShop, Shopify& ZenCart)
- Riskified (Available for Magento, Shopify)
- Fraudlabs Pro (Available for Magento, OpenCart, osCommerce, PrestaShop, Shopify, VirtueMart, WooCommerce, and ZenCart)
- Dupzapper (Available for all ecommerce platforms)
- Kount (Available for Magento)
- Maintain PCI compliance
PCI compliance is mandatory for all payment processing services but the only do the basic protection. So, you should also ensure that you follow the recommendations of PCI.
- Require CVV and AVS
CVV (Card Verification Value) and AVS (Address Verification Service) helps, to an extent, to verify that actual cardholder is making the purchase. So, ensure that your payment processor supports this and it’s enabled.
- Check for unusual card declines
Fraudsters often have details of a large collection of cards and they try each card one by one. Most of these cards will be already blocked, expired or maxed out. So, they will be declined by the payment processor.
So, if there is any account that used multiple cards and most of them declined, it’s more likely a fraudster. So, it is a good idea to blacklist such accounts.
- Implement SSL certificate
SSL certificate is one of the most basic security measures. When SSL is implemented, the data is transferred through HTTPS protocol which gives an extra layer of security.
- Use velocity checks
If you see unusually large transactions, it’s more likely a fraud trying to make purchase with stolen card. Velocity checks helps to look for these unusual transactions and block them. These transactions can then be manually reviewed and approved after contacting the card holder.
Fraudsters come up with new strategies quickly. So, you should always ensure that you follow the latest prevention practices. You should also consider subscribing for premium eCommerce fraud prevention tools to detect and prevent fraud attempts.