Ecommerce fraud, also known as purchase fraud, is on the rise. While digitalisation has streamlined processes, consolidated data and vastly improved the efficiency of administration, it’s as much a blessing as a curse. When it comes to fraud, digitalisation has presented fraudsters with a massive opportunity – at the expense of ecommerce retailers.
For the last 23 years, e-commerce businesses have experienced an exponential increase in fraudulent attacks, and this number shows no signs of slowing. In the US alone, e-commerce rates rocketed by 33 per cent between 2015 and 2016. As more consumers and companies engage in online transactions, e-commerce fraud seems to be an unstoppable epidemic.
So why does it happen, how does it happen, and what can be done to stop it?
Why does e-commerce fraud happen?
Ecommerce fraud is an incredibly lucrative endeavour when carried out successfully. Online businesses are an obvious target for cybercriminals, as it’s far easier for them to hide behind false details and cover up their tracks. An increase in international transactions have made this even easier, adding layers of complexity in terms of language barriers and long distance shipping.
To remain competitive in the retail market, more and more businesses have set up online shops in the hope of enticing digital shoppers. Today’s consumers are more savvy than ever, comparing different sites to get the best value for money.
In 2017 holiday season shoppers are expected to spend more online than in-store for the first time ever according to Deloitte. According to Statista, 2.14 billion people buy online goods and services in 2021. It’s no wonder that the e-commerce scene is a hot ticket for retailers. Unfortunately, this enthusiasm can mean that they fail to set up sufficient security protocols and checks. Sadly, it’s often the case that e-commerce companies don’t know how vulnerable they are until they experience an attack.
For the most part, the vulnerability of e-commerce retailers (otherwise known as merchants) can be attributed to factors beyond their control. Digital disruption is an inevitable and transformative force, and the evolution of cybercrime is a mammoth challenge that no single organisation can face alone. Nonetheless, it’s up to e-commerce retailers to invest in preventative measures for their own sake. To the delight of fraudsters across the globe, they can neglect to do this for a number of reasons.
One of the most common pitfalls is a simple lack of understanding. If e-commerce retailers truly understood the damage that fraudsters can do to their companies, they would be far more willing to develop effective strategies. Some companies are reluctant to invest in security software and platforms due to cost, which is an ironic but important factor as to why digital fraud has experienced such a high success rate. Another important contributor is the multi-channelled nature of e-commerce. Sales via third party websites like Amazon, eBay and Alibaba, as well as through mobile apps (also known as m-commerce), are even more susceptible to fraud because there are more chances for fraudsters to infiltrate transactions. A combination of misunderstanding, reluctance, evolving cybercrime and e-commerce infrastructure has cultivated a culture of computerised crime that effects almost all e-commerce retailers… Whether they know it or not.
The impact of e-commerce fraud
What happens when an online company (or any company, for that matter) becomes the victim of fraud? The most obvious consequence is a loss of revenue and resources. In many cases, fraud goes undetected, which makes the retailer’s traffic and other customer metrics unreliable. By failing to protect themselves against fraud for whatever reason, the victim can find themselves in a very difficult position.
Successful attacks damage the retailer’s image, making them seem unprepared and undependable. As well as harming e-commerce businesses themselves, fraudulent attacks can negatively impact consumers too. By visiting fake sites and making purchases, unwitting customers can have their details stolen and used to make purchases. In some cases, the customer can end up paying for a product or service that is never delivered. All of this can sabotage the relationship between customers and e-commerce companies, reflecting badly on online retail as a whole. There’s an obvious need to respond to these issues, but before this can happen, e-commerce retailers need to know what they’re dealing with.
What types of fraud do ecommerce retailers face?
Although stealing bank cards and account details to make payments is the most common method of e-commerce fraud, cybercriminals are notoriously creative. They also target phones, tablets, computers, and even gift cards. On top of this, the use of alternative payment methods has opened yet another door for opportunistic fraudsters. Here are some of the methods that are used to target e-commerce businesses.
This is the most common form of ecommerce fraud, comprising a massive 71 per cent of all attacks. Identity fraud is part of the majority of the methods used by cybercriminals, either as the end goal or the precursor to another attack. This doesn’t always involve stolen card details. Fraudsters will also use email accounts, user accounts, names, addresses, IP addresses and personal devices to make them seem like a real customer. This can lead to fraudulent purchases, the creation of fake accounts and the manipulation of traffic.
Friendly fraud can occur by design or by mistake. The basic premise is that a customer (legitimate or otherwise) will pay for a service or product which they claim is never delivered or was damaged on delivery. The merchant then has to issue a refund, redeliver the item, or face a chargeback. Chargebacks involve the retrieval of funds from the merchant by the issuing bank, which are then given back to the customer.
Chargebacks are a common point of contention for ecommerce retailers. There are services from companies like Chargebacks 911 and Ethoca which seek to intercept or intercede with chargebacks and provide disputation services for merchants. These can be excellent but it’s possible to reduce their frequency with purpose built software. Sometimes, customers genuinely pay for an item that they don’t receive. Without certain checks in place, it can be difficult for retailers to know whether or not they are telling the truth.
Simply put, clean fraud refers to fraudulent transactions that appear to be legitimate. This involves using stolen credit card information to impersonate the card holder. Fraudsters can get hold of these details through convincing account holders to make a purchase on a fake website, intercepting messages between transaction parties and even by buying them on the dark web, which can only be accessed by using certain browsers.
Through affiliate fraud, malicious actors can manipulate traffic and sign ups to make a merchant think they are receiving consumer attention that doesn’t actually exist. Many companies are part of, or run, an affiliate marketing programme that generates commission through sharing links and content. Unfortunately, affiliate fraud can be as simple as refreshing a webpage multiple times, or sending spam emails and popups to create a false sense of high traffic.
Similarly to triangulation fraud, online criminals set up a fake or replica website and entice buyers with cheap goods. The catch is that these goods don’t actually exist, or are never shipped. If the website is an impersonation, the existing business suffers damage to their image, not to mention the chance of chargebacks.
The customer pays for something they don’t receive, and can also suffer the loss of their bank details. Getting hold of credit card credentials in this way and using them to make fraudulent purchases is called triangulation fraud. The name comes from the threefold process of enticing buyers, stealing their details, and using them as part of a wider scheme.
How can e-commerce businesses protect themselves against fraud?
As of yet, there is no way to stop e-commerce fraud completely. As technology evolves, so do the tactics used to infiltrate digital businesses. Fraudsters are certainly clever, but they often leave tracks. Knowing what they are and how to spot them is a powerful weapon in the fight against fraud.
Some of the danger signs include:
- Unusually large orders
- Multiple orders over a short time period
- First time shoppers
- Suspect email addresses
- Blacklisted location
- Discrepancy between shipping and billing addresses.
E-commerce retailers should be particularly watchful for these signs during periods of high traffic, such as Black Friday or the Christmas period.
Although it’s important to know what to look out for, prevention is always better than cure. There are a number of different things that e-commerce retailers can do to reduce fraud, and for the most part they are brilliantly simple. Firstly, retailers can check that company URLs are in the encrypted ‘https’ format to ensure that the information on their site remains confidential. Another obvious but easily forgotten safeguard is to update passwords on a regular basis. When purchases are made, retailers can request Address Verification (AVS) Card Code Verification (CVV) in their payment gateway to detect impersonators. It’s also important to set out clear policies concerning reshipping, refunds and returns to avoid contention, and comply with Payment Card Industry security standards.
However it is an unfortunate reality that fraudsters are fully aware of all of these tactics and only the most naive will be stopped by them. There are many naive fraudsters so it is worthwhile implementing these measures via a PSP or in a customer order system.
The only effective way to deal with these threats if a business is operating at scale is through a dedicated fraud detection system like Ravelin. Ravelin picks up on the hundreds of micro-signals that fraudsters leave and through machine learning and algorithms is able to predict fraud with extreme accuracy.
E-commerce retailers face a difficult task in preventing fraud, and finding an effective response if and when it does happen. Fortunately, they aren’t short of options, and they aren’t on their own. Fraud prevention platforms like Ravelin are committed to unearthing and stopping fraudsters in their tracks, and increased government support is also having a positive impact. While no system is 100 per cent fool proof, by combining techniques and looking out for the warning signs, it’s possible for online retailers to drastically reduce the likelihood of fraud.