We put together this guide to help you protect your business and your consumer data. You can do this by implementing some e-commerce fraud prevention protocols. To really understand how it works, let’s examine what fraud is, how it happens, and what companies can do to mitigate their risk.
What is ECommerce Fraud?
E-commerce fraud is a type of fraud that occurs during an online transaction. There are many different types of e-commerce fraud, but the most common is credit card fraud. This occurs when a thief uses a stolen or counterfeit credit card to make a purchase online. Here, we have categorized e-commerce fraud into five different types that you should be aware of.
Credit Card Fraud
Credit card fraud is a broad term that is used to refer to any criminal activity involving a credit card. In the e-commerce world, it is “card-not-present” fraud, meaning the purchases are being made without a card present. It is also sometimes referred to as “payment fraud”.
This type of fraud occurs when the criminal obtains credit card information and uses it to make online purchases. Cybercriminals often obtain this information by purchasing lists on the dark web or hacking directly into a payment processing system for a bank or business. The information can also be secured using a skimming technology where criminals skim information from physical devices like ATMs or gas pumps.
Chargeback fraud, commonly called “friendly fraud”, refers to the process of purchasing goods or services online and then reporting them to your card issuer as fraudulent. This generally happens when an individual is using their own credit card, rather than a stolen one. They will make an online purchase and wait until their goods arrive. A few weeks or months down the road, the customer files a complaint with their credit card issuer to receive a refund.
The card issuing bank will typically give the customer a refund right away, as a form of good customer service. The issuer will then go through the investigation process to determine whether the purchase was fraudulent and who was at fault. This type of activity can be difficult to catch, and generally results in a loss of revenue for the merchant.
This type of fraud occurs when a scammer tries to get a business or individual to click on a link or open an attachment that contains malware. The scammer will often pose as a legitimate company or individual to trick the victim into acting on the request. When a customer clicks on the link, or offers personal information, the fraudster secures that data and uses it to make fraudulent purchases.
Phishing scams generally ask the user the password to their account. They scare the user into doing so by telling them their account will be deactivated, or this is an issue with the card. Consumers want to find out what the issue is, so they put in their password and the scammer then has full access.
Affiliate fraud is a completely different type of e-commerce fraud. In the e-commerce world, there is a type of marketing called “affiliate links”. This type of marketing involves businesses paying content creators and influencers a commission for sending customers to their online store. For example, if I placed an affiliate link in this article, and you clicked on it to go to a merchant’s website and made a purchase, the merchant would give me a percentage back as a commission for sending you to their store.
Criminals can do this by registering for domain names that are closely related to the actual merchant’s website. When people mistakenly type in the wrong website name and it lands on the fraudster’s page, they will have it setup to re-direct the consumer to the correct page using an affiliate link. As a result, the affiliate pays the fraudster a commission for their “referral” to the merchant site.
Interception fraud is an instance in which the fraudster uses stolen credit card information to make online purchases. They have the merchandise shipped to the address that is affiliated with the card, just as a consumer would. However, the criminal then intercepts the package before it reaches the cardholder.
They can do this in a few different ways. One common way is to call the customer service line before the package ships and change the shipping address. Another way is to register a fake email address for the merchant to send shipping notifications to. When the criminal gets the email saying the package will be delivered soon, they can intercept it before the cardholder arrives home to receive their package.
Identifying Fraudulent E-Commerce Activity
As a business owner, you have a lot of options available to you for fraud prevention. Many techniques can be learned and implemented to help you and your team detect fraud when it’s happening. We also suggest investing in automated tools, as they are much more effective but also more expensive. Here are some key things to watch for when looking for potentially fraudulent activity:
- Inconsistent Data: When the purchaser enters an address that doesn’t match the billing zip code, or the URL doesn’t line up with the cardholder’s email address
- Unusually High Purchase Price: The purchase being made does not align with the typical spending habits for that cardholder
- Multiple Purchases in a Short Time Period: The same card is used for multiple purchases on the same or different sites in a short time period
- Unusual Location: The purchase is being made from a location that is out of the ordinary for that cardholder
- Multiple Shipping Addresses: If the same card is used for multiple purchases, and those purchases are being shipped to different addresses
- Multiple Cards: Multiple purchases being shipped to the same address, but being purchased with different cards
- Multiple Decline Transactions in a Row: When many purchases are being attempted by the same card, or same purchaser and several have been declined, this could be indicative of inaccurate credentials and multiple attempts to hack the account.
Luckily, there are a variety of fraud detection and fraud prevention products on the market that merchants can utilize to protect their customers. In the next section, we’ll look at what’s available to implement in your business.
E-Commerce Fraud Prevention Protocols
E-commerce fraud prevention is big business, and for good reason! As cybercriminals become more sophisticated, so should fraud prevention practices. According to Statista, the fraud prevention industry will be worth nearly $70 billion by 2025. Large enterprise companies spend 10% or more of their revenue on fraud prevention tools and protocols.
There are several things you can do to mitigate the risk of fraud in your business. Implementing some simple but important protocols could save you and your customers thousands of dollars.
Remain PCI Compliant
This may seem like a no-brainer, but there is a shocking number of businesses who are not PCI compliant. This puts their customer data at risk and could put the business at risk of being shut down. Here are some of the key elements of PCI Compliance:
- Consumer data encryption
- Antivirus software to combat malware attacks
- Regularly changing the password for software and systems
- Routine testing of anti-fraud systems
- Restricting access to consumer data within your organization
Another major part of PCI compliance is a firewall between your access points and your consumer data. If you don’t have an internal IT team that can assist with these items, be sure to find a consultant or specialist to get it done.
Use ID Verification Software
When consumers purchase on your website, they are entering sensitive information and trusting you to protect it.
For an e-comm merchant, this is a delicate dance between protecting your customers and having too much friction in the checkout process. US consumers are notoriously averse to “friction” or too many steps required in the checkout process. That being said, you should still implement a verification system in your payment gateway. There are a few different options to choose from, including:
- Card Verification – the system requests the security number on the back of the card
- PIN Number – the system asks for the PIN associated with the card.
All these options should be available through your payment processor. Ask your representative how to activate these options to protect your consumer data.
Review Potentially Risky Orders in Depth
Depending on the volume in your business, it can be difficult to review every single order. That’s why fraud detection software exists. However, you should make time to review extremely risky orders manually. If your fraud detection software raises a flag on a particular order, be sure that you or someone on your team is reviewing that order.
When reviewing the order, look for things like unusual activity for that cardholder, billing data that doesn’t match, URLs from odd locations, etc. If you need more verification, attempt to reach out to the customer. It’s usually a sign of fraud if you don’t get a response back from them.
Require Proof of Delivery
Working with trusted delivery partners can help combat return fraud. This type of fraud happens when a customer purchases and receives their goods, but then asks for a refund, claiming they never received their products. If you work with carriers who provide proof of delivery such as photos or signatures, you could save your business a lot of money and headaches.
Implement Quantity Limits
High quantities of the same product or a few products can be indicative of fraud. Limiting the quantity that can be purchased on your site in one day can help mitigate this risk. To figure out what the limit should be, do some analysis on purchasing trends over the past 6-12 months. That should give you a good idea of how much your customers purchase at one time.
Block Repeat Offenders
Creating a blocklist of past fraudsters can prevent them from coming back for more. This can be done in two ways: building a blocklist and using IP fraud scoring tools. A blocklist is a document that contains names, credit card numbers, billing addresses, IP addresses, etc. It can flag and prevent attempted orders that are placed by the people on the list. An IP fraud scoring tool can detect IP addresses that have been linked to fraud in the past and prevent them from making purchases on your site.
Fraud Prevention Software
As the fraud prevention industry continues to grow, there are more options available to business owners. Here is a list of some of the top-rated fraud prevention software companies on the market today. If you’re looking for a fraud prevention software, partner, or consultant, this list is a great place to start.
Depending on your business, you may need different software and tools for protection. Doing your due diligence and planning to move forward can get you on track to protecting your customers and saving money by decreasing e-commerce fraud. Be sure to shop multiple vendors for software before making your selection. A good fit for a vendor is someone who will partner with you, provide flexible options, and meet the needs of your business.