7 types of e-commerce fraud and what to do about them

During the vacations, the busiest shopping period is both online and physical stores. In 2021 in have increased the number of fraudulent e-commerce transactions by 25% compared to the previous year. There is no denying that e-commerce is an easy target that is for fraudsters, and thus like to attack there. The truth is that e-commerce fraud is a threat that we must recognize and address. 

If you are a small business or a start-up e-commerce company, you are especially vulnerable to e-commerce fraud. You may not have the security measures in place to protect your data. Or maybe you're not familiar with data security best practices. 

Anyway, if you have an online shop, you should do everything you can to tighten up your online security. We'll tell you why, but first the basics. 

Understanding fraud in eCommerce

E-commerce fraud is an intentional act of deception in which a cybercriminal or a fraudulent customer defrauds you during your sales transactions. Such fraudulent activities will certainly cause you financial loss, but can adversely affect your reputation, brand image and customer relationships. 

The scam must remain undetected to be successful, at least until after the transaction. However, it may be difficult to prosecute the fraudster even when you discover his activities. 

Unlike physical stores, scammers can commit e-commerce fraud without even using a debit card to make a transaction. 

The amounts involved in individual incidents are usually not significant. It also takes a lot of time and effort to gather evidence and prove criminal intent.

But that's exactly the line of activity you shouldn't follow. Here's why. 

The value of fraudulent card transactions was $32.04 billion worldwide in 2021 and is expected to reach $38.5 billion in 2027. Closer to home, the true cost of e-commerce fraud to merchants is $3.60 for every $1 lost to fraud due to back booking fees, penalties and loss of customer trust.

So it's important to devote resources to preventing e-commerce fraud rather than incurring large losses that affect your bottom line. But that's premature. Before we talk about how to prevent fraud, let's look at why it happens in the first place. 

Why is e-commerce fraud so common?

There is no denying that the Internet is helping online business owners like you reach larger markets and level the playing field. But it has its vices that fraudulent customers or cybercriminals use to their advantage. 

In fact, e-commerce fraud is very widespread because: 

It is easy to cheat online 

Fraudsters need do absolutely nothing physical to carry out their nefarious plans. They don't need to steal credit cards or dive into garbage dumps to obtain discarded ATM bills and use them later. 

E-commerce fraud only requires access to credit card information, which a fraudster can obtain from the dark web. Considering that in early 2019 23 million stolen credit cards were for sale on the dark web, you can estimate how serious the problem is. 

An online store that unknowingly conducts transactions with stolen cards will likely receive chargebacks from the credit card company. 

It is always unseen

Because all fraud occurs with online shops, fraudsters enjoy anonymity in their schemes. They work unseen and can carry out their activities at any time and from any place. 

Typically, a fraudster creates a fake email account and uses mailboxes for their addresses. These do not contain any personally identifiable information, so they can be sure that the act cannot be traced back to them.

It is almost never prosecuted

Most ecommerce fraud involves relatively small amounts, so it may not be a priority for law enforcement to investigate. Collecting evidence also takes time and effort, much less proving intent. 

This is especially true when a tracking investigation shows that the crime was committed in another country. Fraudsters count on that, so it makes them bold. 

You are essentially on your own when it comes to e-commerce fraud. You also bear the responsibility of securing your customers' information from unseen bad actors. 

Different types of fraud in eCommerce

E-commerce fraud takes many forms, and some are easier to detect than others. Find out what the most common types of fraud are and how they occur. This can help you develop strategies to prevent them, which we will discuss later. 

Credit Card Fraud 

When someone uses a stolen credit/debit card to make online purchases, it falls under what we call Credit Card Fraud. Also known as card-not-present fraud, it is the most well-known form of e-commerce fraud. 

In most cases, the fraudster obtains cardholder information including name, account number, billing address, Card Value Verification (CVV) code and expiration date through the following methods: 

From the dark web

Via a phishing attack

Or by hacking your customer database 

Once you complete the transaction, the amount is credited to the legitimate cardholder's account. At some point, if the cardholder disputes the transaction or the issuing bank deems the transaction fraudulent, you will eventually have to issue a refund. 

Not only do you lose money for the product or service, but you are also liable for chargeback fees and other penalties. 

Testing credit card fraud

You can also fall victim to credit card test fraud or card cracking. This happens when fraudsters use multiple cards using bots or scripts to figure out which ones are active. In most cases of credit card test fraud, the purchases are so small that it does you little good to file reports against them to find them. 

Fraudsters test the validity of the card using this method. They do not make purchases. 

If you as a merchant allow the transaction, the fraudster will use that card to make as many purchases as he can until the card is completely empty or the bank blocks the card. 

Fraud by cracking bank cards can be quite costly. One study estimates that bank card cracking accounts for about 16% of all e-commerce fraud.

Friendly fraud

The next point we will discuss is "friendly fraud" or "chargeback fraud." This is when a customer makes an online purchase with a credit card and then disputes it as an invalid transaction. 

In most cases, the buyer waits weeks, even months, after receiving the products or services before challenging the transaction with his bank, citing one of the following arguments:

Never received the item/service

Returned the item to the seller

The order cancelled

Received the wrong article

The scammer hopes you won't have time to challenge the dispute or give him the benefit of the doubt. In either case, the issuing bank deposits the disputed amount back into the account, so the fraudster gets the product or service and his money back. 

In the meantime, the credit card provider will send you a chargeback, which means you'll have to pay back the money for that transaction. Don't forget that you'll probably have to pay chargeback fees as well. 

Enough friendly fraud can break any e-commerce business's back. That's not so friendly, is it?  

However, not all friendly fraud is intentional. 

For example, a customer may dispute a transaction because the delivery was so delayed that it was no longer needed. Another common reason is that the description of the purchase on the credit card is unclear, leaving the cardholder confused and thinking it was not a valid purchase.

Whether intentional or not, friendly fraud costs merchants like you a lot of money and effort. 

Refund Fraud

Return fraud is a little more complicated than regular credit card fraud. The fraudster uses a stolen card to make an online purchase. After he receives the item, he contacts you to say he wants to return the item and ask for his money back. 

However, the trick is that they ask you to send the refund to another account. This is because the credit card they originally used is no longer active. The result is that you end up paying twice: once to the fraudster and a refund to the legitimate cardholder. 

Although you will usually get back the item the fraudster purchased, such unscrupulous activity will still cause you financial loss. 

Account Takeover Fraud

Online shops usually require customers to create an account with their personal and transaction information. In account takeover fraud, a hacker gains control of these accounts through phishing emails. In these emails, your customers are tricked into handing over information such as their usernames and passwords. The fraudster logs into the account, changes the passwords, withdraws money and buys stuff. 

You can do virtually nothing to prevent account takeover fraud if customers fall for phishing scams or use the same password for all their accounts. However, you remain responsible for refunds, chargebacks and fees. 

Intercept Fraud

Intercept Fraud is very similar to credit card fraud. But instead of using a PO Box or other anonymous location as the delivery address, the scammers have the items delivered to the address of the legitimate credit card holder. Then they intercept the package before you can ship it. 

A common tactic is to call your customer service, marketplace (e.g. Amazon) or courier (e.g. FedEx) and ask to change the delivery address. Some may even physically intercept the package if they are in the same area as the cardholder, by going to the address and signing for it. 

Triangle Fraud

Triangle fraud, like "bait and switch," involves a legitimate buyer, a real web shop and a fake "storefront." The scammer operates "the shop window" and sells expensive items at ridiculously low prices. Shoppers are attracted to the bargain and end up buying these goods with a credit card. 

The scammer, now armed with his customers' credit card information, buys items from the web shop at normal prices and ships them to his customers. The fraudster can also buy items to send to himself. 

The legitimate cardholder often does not discover the fraud until later because he expects the purchase to show up on his account statement. 

The result is that the customer gets the item at a low price (they think), the fraudster profits from the goods they ship to themselves, and you, the merchant, pay for chargebacks to the stolen cards. It is always the merchant who loses in these stories. 

Identifying e-commerce fraud

Given the many ways you can become a victim of fraud, it would be in your best interest to recognize these deceptive practices. Keep in mind that there's not much you can do; fraudsters are pretty cunning. However, you can minimize the low-hanging fruit by carefully investigating the following:

Inconsistencies in zip code, city, IP address and email address

Significantly larger or frequent purchases by an existing customer relative to his usual buying behavior

Rush orders with multiples of one SKU

Change of location, especially different countries 

Shipping to different addresses

Back-to-back purchases, but not in high season

Multiple purchases with many different credit cards

Multiple unsuccessful attempts to enter card information, resulting in declined transactions

Multiple purchases from an unusual place in a short period of time, for example 20 orders from a country, from which you have never received an order before

Preventing e-commerce fraud

As a small online business owner, you may think that you are of no interest to cybercriminals. On the contrary, fraudsters target small businesses because you are less likely to have e-commerce credit card fraud prevention, security protocols and the resources to prosecute a fraud case. 

Recognizing fraud when it occurs is helpful, but it is much better if you prevent fraud altogether. 

There are many ways you can prevent fraud, and some you can implement immediately at little to no cost. Others may require a little more investment, but they are worth it if they can minimize fraud on your site.

Implement fraud prevention solutions

Those who commit e-commerce fraud are getting smarter by the day. Protecting your business from this requires advanced e-commerce fraud prevention measures and techniques. 

Automated fraud detection and prevention solutions can help you nip scams in the bud. 

Shopify includes, for example, an e-commerce fraud detection tool that analyzes trends to help webshops detect potential fraud. It also supports third-party apps for fraud protection, some of which are free to screen up to 500 orders per month. If you have a Shopify store, we encourage you to sign up for one of these apps pronto!

Other e-commerce marketplaces or website hosting platforms may also offer integrations with fraud prevention solutions. WordPress, for example, has numerous fraud prevention plugins.

Check the site regularly

Criminals are constantly looking for holes in the fence to exploit you. Keep them out by checking the following regularly:

Shopping cart and plugins updates

SSL Certificate Validity

PCI-DSS (Payment Card Industry Data Security Standard) compliance.

Backups

Password strength for backend access, FTPs and databases

Scans for malware

Data encryption

Inactive plugin status (remove them)

Ensure PCI compliance

E-commerce stores that accept credit cards must comply withPCI-DSS standards. Compliance means that you avoid fines, costs and possible lawsuits. It also means that your webshop and business processes ensure the security of credit card data. 

There are 12 requirements for PCI-DSS compliance. These include:

Install and maintain firewalls to protect cardholder data

Changing vendor-provided default values for system and security passwords 

Protecting cardholder information

Encrypting cardholder data sent over public networks

Use of updated antivirus software 

Develop and maintain secure applications and systems and uses

Restricting access to cardholder data 

Assign unique IDs to anyone with access to stored cardholder data

Limiting physical access to cardholder information

Tracking access to network resources 

Regular testing of security processes and systems

Maintaining information security policies for contractors and employees 

This may seem like a lot of work, but some e-commerce platforms, like BigCommerce, are PCI-compliant by default. That means most of the work is already done for you. Some web hosting sites also offer PCI-compliant options. 

Check regularly for suspicious activity

You can't walk down the aisles of your online store like you would at a physical store. But you can keep an eye out for fraud such as strange IP addresses, incorrect billing and delivery addresses, or multiple delivery addresses for the same accounts. 

You can also use speed monitoring tools to track buyer behavior to detect unusual activity. Check regularly, especially during busy buying seasons like the holidays. That's when fraudsters come out of the closet. They count on their transactions being lost in the crowd. 

Go for the address verification service 

Most card issuing banks and credit card companies offer their merchants an address verification service (AVS) for a small fee (usually between 0.01 and 0.10 cents per transaction). 

Through this process, the bank compares a credit card's billing address with the data they have stored with them. This is all part of their authorization process. If the addresses do not match, the bank stops the transaction.  

You may choose not to use AVS, but that may not be a good idea. Such a nominal fee is well worth the security it provides you. 

Ask about the CVV

The Card Verification Value (CVV) is usually the three- or four-digit security code etched on the back of a credit card. You can require your customers to add this value with all online purchases. While it is an extra step, it can help you verify the legitimacy of a transaction. 

Like AVS, you can choose not to ask your customers to enter the CVV for their online purchases. Unlike AVS, there is no cost associated with asking for a CVV, so it makes perfect sense to ask for one.

Using HTTPS

You probably already know that you should choose to open sites with HTTPS (Hypertext Transfer Protocol Secure) because it offers better data security than HTTP. But did you know that you don't automatically get HTTPS when you build your web shop? 

For example, for a WordPress site, you need to secure a Secure Socket Layer (SSL) certificate and follow a few steps to enable HTTPS for yourself.

Use HTTPS for your site to encrypt data from your webshop when a public network is involved. It is an excellent way to stop fraudsters. 

Limiting the collection of customer data 

Do not collect unnecessary personally identifiable or sensitive financial information from your customers, such as birth dates and Social Security numbers. 

Collect only what you need to complete a transaction to reduce your risks if someone hacks your database. If you don't have it, they can't get it. 

It is fine to collect as much information as possible about your customers about their preferences and annoyances to use for your ad marketing.

Blacklist of potential fraudsters

Finding customers is hard, but you should take a tough stance if you think a customer is committing fraud on your site. Put them on a reject list. It's not a perfect solution, but it will prevent them from making transactions with your company. 

Fraudsters can always come back with a new identity, but it helps to have a record. 

Imposing a purchase limit

Does that sound counterintuitive? Let us explain. You can set boundaries based on your customers' expected behavior. This will help you smell any suspicious behavior.

For example, if customer A is between 100 and 150 of products per month, you can set a limit of 200. On the other hand, if customer B usually buys between 1,000 and 1,500 per month, your limit would be 2,000.

Always ask for a physical address

You can refuse to execute transactions if the delivery is to a PO Box or virtual addresses, such as those of freight forwarders (if you see a container number like #ABC-1234567, that's a freight forwarder). In fact, you should. 

Most fraudsters use such anonymous addresses to avoid revealing anything personal, such as their actual address. 

Keep e-commerce fraud at bay

E-commerce fraud is the Achilles' heel of all online sellers, but that doesn't mean you have to take it lying down. It's almost impossible to avoid e-commerce fraud if you're an online merchant. But you can minimize it by being aware and knowing what steps you can take. 

It won't be easy, but it will be worth the effort to make your web shop as secure as possible.

A web shop has distinct advantages over a physical store, not the least of which are lower operating and overhead costs. But it is not without its drawbacks. One is that more people are making purchases online, doubling sales for many retailers, but the number of cases of Fraud also increases by 69% per year. In 2019, online retailers faced more than 200,000 attacks on their stores every month. 

Even if only a few are successful, the consequences can still be severe.

class="lazyload

We are here to help you

Don't wait any longer, switch to the latest technology