E-commerce grows year by year, but so does fraud. It comes in many shapes and sizes, targeting every possible vulnerability in a business’s infrastructure.
For merchants, the best way to counter e-commerce fraud is to first learn what it is and how it works. This guide looks into both questions. The gravity of the problem and its solutions should become clearer.
2022 fraud statistics are even more telling, as:
- Online attacks on e-commerce retailers amount to 206,000 per month on average.
- The cost of fraud events on businesses is set to rise by 25% by 2027.
- As a result, the global fraud detection and prevention market size is poised to reach $38.2 billion by 2025.
Fraud Prevention Basics You Should Know
Before we go into the most common types of fraud online retailers deal with, you should get a general idea of how businesses detect and prevent attacks. This side of keeping safe online is essential for retailers aiming to thrive in 2022’s commerce trends.
Software makes up most of your defenses, whether supervised or not. These can be end-to-end platforms or solutions tailored to tackle specific problems like false IDs, bonus abuse, and bad traffic from affiliates. Fraud detection and prevention vendors apply different data management methods and tools to get rid of fraudulent activity or stop it from ever entering your system.
A simple and frictionless technique in the fight against fraud is data enrichment. It can use a single data point, like an email address, to find more information about a user, creating their digital footprint and from there, informing their risk score.
Your system can enrich the primary data of several shoppers, for example, while segmenting its findings. These clear and detailed profiles can then help you take informed action.
Other technologies working to assist in fraud detection include:
- IP analysis
- Behavior tracking/analytics
- Device fingerprinting
- Canvas fingerprinting
- Velocity checks
- Machine learning
- Risk scoring
Fraud detection platforms can reveal suspicious users for manual review or trigger rules or thresholds you set, for automatic blocking or enforcing of additional checks (e.g. asking a user for their password once again).
5 Popular Types of E-commerce Fraud
If you’re a retailer, it’s worth getting to know what kind of fraud to prepare for, as well as how to protect your online store.
Shoppers might also find this information useful, as much of the below also targets or affects them.
1. Chargeback Fraud
A chargeback is a customer-initiated process where a store, whether land-based or online, is asked for a cardholder’s payment back by the issuing bank. But, unlike a refund, it’s all done through banks and costs the merchant a lot more than just the price tag of the goods – up to 2.60 times more, according to industry calculations.
The cardholder’s bank arranges for the payment to be returned by approaching the merchant’s bank. That then approaches any payment gateways and, finally, the merchant.
Legitimate reasons to ask for a chargeback include the product never arriving or the card getting stolen and used without the cardholder’s approval. In other words, the customer isn’t always behind the initial transaction.
However, when it comes to chargeback fraud, fraudulent claims enter this process. For example, a cardholder asking for money back for a purchase with no genuine problem.
While some cases involve customers lying because they want products without spending money, others are less malicious. A buyer can change their mind or realize that they misunderstood what they were paying for.
Mistakes happen, but so do worst-case scenarios, like fraudsters using stolen card details to pay for goods which will then be reshipped as part of a criminal scheme. The genuine cardholder can then ask for the chargeback.
But no matter the reason behind it, the biggest issue with chargebacks as well as chargeback fraud is the impact on the merchant.
Stores pay admin and processing fees for every accepted chargeback, as well as the price of the product back. But also, too many chargebacks result in the banks increasing the merchant’s regular rates for good or – in extreme cases – even banning them.
If you’re in e-commerce, it’s important to keep your guard up and try to prevent any chargebacks as best you can – both by not letting fraudulent transactions happen in the first place, and by encouraging customers to come directly to you rather than their bank with any issues.
2. Friendly Fraud
There are different types of friendly fraud, also known as first-party fraud. Their key characteristic is that the cardholder themselves is the scammer, not a second or third party, and not a professional criminal.
The most common schemes involve people making false claims for monetary or other gains. When it comes to e-commerce, chargeback fraud is a good example, but it can also involve someone asking a merchant for a refund while lying about the product’s condition, for example.
This is a kind of fraud by false claim, but retailers can also face more complicated versions. It’s when people buy products or services with falsified information.
For example, they might fill in an application form with wrong contact details, in which case it’s harder to track them down after they take advantage.
The general goal is to take without giving and, ideally, make a profit in the process.
Friendly fraud can be a major inconvenience and loss of time and funds, and is best mitigated by comprehensive anti-fraud software.
3. Return Fraud
If you’re an online retailer, you might know by now that loose return policies are risky. This is because fraudsters are more than happy to manipulate your business to get free stuff or money back.
Depending on how your shop works, you’ll deal with a range of return fraud. Considering 2020 saw US businesses lose around $25.3 billion to such cases, according to a report on merchandise returns, let’s explore a few popular schemes.
Someone could approach you via email or in person with a digital receipt and ask for a refund. There are cases where the receipt and product are stolen, so you need to make sure the claim is legitimate.
Then again, it could be what’s called wardrobing. Actual customers use a product a few times and try to return it, pretending it’s still brand new. This is where careful refund policies and examination of returned products could save your business.
With tools like Photoshop, someone could even get away with price tag switching. After buying an item online, a customer could edit the digital receipt to display a higher price and then claim a refund, whether online or in person.
There have also been reports of buyers returning empty boxes or even boxes filled with throwaway products of similar value to the product they’re trying to receive a refund for.
To battle this, your e-commerce platform can collect data to identify legitimate customers, cross-reference purchase information, and spot blacklisted people.
What’s more, device fingerprinting, IP analysis and behavior tracking can help catch a lot of crime overall.
4. Account Takeover Attacks
Fraud is never pleasant, but some schemes, like account takeovers, are double the trouble. They involve identity theft, usually by phishing or hacking, and taking control of a user’s profile.
Because superior user experience is a must in optimizing your e-commerce website, more and more customers store their credit card and other sensitive information on their online accounts for convenience (the fact this helps them buy more readily and easily is a welcome bonus for the store).
This also means that the dangers and consequences of account takeovers are higher than ever – both for the customers and the merchant, who could bear the brunt due to reputational damage as well as chargebacks.
Also, keep in mind that some fraudsters aren’t after money alone.
Depending on where it is, sneaking into someone’s account gives you all sorts of details, from passwords to linked profiles and contacts. These are opportunities for further havoc and profit.
The affected store can go in overdrive while their financial department tackles complaints, refunds or chargebacks. Bad reviews can follow, as users turn to safer competitors.
Any e-commerce business that offers customers the option to store payment data needs top-notch protection, including ways to detect suspicious account activity.
5. Triangulation Fraud
Here’s a more complex yet increasingly popular type of e-commerce scam.
Cybercriminals use triangulation fraud to take advantage of three parties:
- Someone whose credit card they steal or buy on the dark web
- An innocent buyer interested in a product
- A legitimate retailer selling said product
This is how this scheme works:
- The buyer places an order at the fraudster’s fake eshop or auction.
- The criminal uses the stolen card to order the same product from the legitimate merchant, and gives the buyer’s address.
- The merchant ships it to the buyer.
The customer might still get what they paid for, but the fraudster walks away with a profit at no personal expense. And since they used fake details, tracking them is difficult.
The risk increases as identity theft statistics show that hackers like all kinds of payment methods that can fool victims and cover their own tracks. Over 350,000 wire transfer scams were reported in 2020. Bank transfer cases amounted to at least 300,000, while credit cards were the subject of just under 250,000 reports.
To complicate matters further, there are even cases where the middleman is also a victim. Fraudsters can dupe people into working for them, selling products for companies or employers they think are real.
At the end of the day, triangulation fraud can disappoint buyers, more because they fell for a fake retailer. But while they can get chargebacks and additional supports, merchants often take the brunt of the consequences.
Simply put, when the legitimate cardholder notices the fraudulent payments, they are likely to request a chargeback, which could or could not work out.
This means that triangulation fraud has at least two victims – with the person who ordered and received the item participating in criminal activity without their consent, and sometimes even receiving different or worse-quality items to what they ordered.
Protecting your company from fraudsters is a challenge. You’re trying to outsmart cybercriminals and their technology.
The wide range of threats to e-commerce businesses doesn’t help. They come from first, second, and third parties, each with their own methods and effects.
But don’t let this shake your confidence, not in building or protecting your marketplace. All it means is that you need to stay up to date on common types of fraud and set up efficient defenses.
Make fraud detection and prevention a priority, but explore additional options in data management and beyond. Aim to boost your security, workflow, customer relations, and overall productivity.
Finally, find a balance between convenience and security. While your customers do need to enjoy visiting your eshop, don’t neglect their safety, even if it means setting firm rules for things like application forms, refunds, and identity verification.
They’ll thank you in the long run.
About the Author:
Gergo Varga has been fighting online fraud since 2009 at various companies – even co-founding his own anti-fraud startup. He’s the author of the Fraud Prevention Guide for Dummies – SEON Special edition. He currently works as the Senior Content Manager / Evangelist at SEON, using his industry knowledge to keep marketing sharp, communicating between the different departments to understand what’s happening on the frontlines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.