Fraud in eCommerce comes in several distinct flavours – the first involves unauthorized purchases. Most storefronts provide their customers with a means of storing personal information such as purchase history and delivery details. Hackers who gain access to these accounts can hijack them to net some free stuff.
Thing is, that’s actually preferable to the alternative – identity theft. If you don’t properly safeguard the customer information stored on your servers, hackers can and will make off with it. Anything is fair game here: usernames, passwords, credit card numbers, and so on.
At that point, they’ll either sell the data to other criminals or use it to commit fraud themselves.
There’s a third type of fraud – one that targets your business directly, rather than victimizing your customers. Chargeback fraud refers to instances where a customer purchases something from your store with a financial account they own, then proceeds to request a chargeback from their bank after receiving the goods they purchased. They might also contact your business and claim the product they ordered was never delivered.
Once they receive the chargeback, they keep their purchase, and you’re out however much they spent.
The following types of online fraud are usually addressed to those companies who sell goods or services. Fraudsters may be interested to obtain funds, merchandise or expensive items to resell.
There are 7 types of fraud e-commerce sellers should look out for:
Credit Card Fraud
Fraudsters often make online purchases using stolen credit cards details. Sometimes they may be in physical possession of the card, other times they could have gained all the information electronically. The moment the transaction is concluded and payment approved, the business is responsible for ensuring that the customer was who he said he was. The card owner may seek reimbursement to the Company equal to the amount of the payment.
In this case, fraudster using a stolen credit card makes an overpayment on purpose. After which, he contacts the business to signal an accidental overpayment and asks for a reimbursement. He will ask to refund of the excess amount, claiming his credit card is closed so they need to send the money using an alternative method. That means that the original charge of the credit card is not refunded and the business is responsible to the card owner of the full amount.
Typical of marketplace businesses, in which the Marketplace is responsible for both the consumer and the seller. In the present case, fraudster sells and receives the payment for non-existent items. Even in this case, it is the business who is responsible for the reimbursement.
Card testing fraud is the practice of creating and testing the validity of a credit card number, in order to use it on another website to commit fraud. Fraudster target websites which give a different response for each type of decline: for example, when a card is declined due to an incorrect expiration date, a different response is given, so they know they just need to find the expiration date.
Also known as Chargeback Fraud, it occurs when a consumer makes an online purchase and then claims his credit card has been stolen and asks for chargeback after receiving the purchased goods or services.
It is one of the most common types of fraud. In this case, fraudster carries out an online purchase using a different identity. This enables the fraudster to order items online under a false name and using someone else’s credit card.
In this case, an email asks for user ID, passwords, credit card details and other personal information. The sender seems to be a credit institution that needs a confirmation of some information due to a change in the system. Phishing allows criminals to get access to bank or other accounts and it can be used for identity theft.
How Do I Protect Myself from eCommerce fraud?
E-commerce fraud management is a big part of your customers’ data security. For identity theft and account fraud, take the following steps to keep your customers safe:
Ensure all systems are PCI compliant.
The Payment Card Industry has established clear guidelines for storage and security where payment card data is concerned. The easiest way to ensure your store follows them is through an eCommerce platform or third-party tool. Magento and WooCommerce are great choices.
Use address verification to avoid eCommerce fraud risk
Require a zip or postal code for all purchases. While this won’t stop every fraudulent purchase attempt, it will be enough to protect against a large portion.
Require Security codes for all credit card purchases.
Modern credit cards have a set of three identifying numbers on their back – requiring those numbers be entered for every credit card purchase should be standard practice. It is a big part of eCommerce fraud detection.
Track customer behaviour and purchase history.
Is a Philadelphia-based customer who primarily purchases beard oil and face cleanser suddenly making a massive order for women’s cosmetics to Russia? That’s a sure sign something fishy is going on.
Require delivered packages to be signed for.
This is about preventing criminals from receiving fraudulent packages, as it’s unlikely they’ll be able to spoof a customer’s signature.
Screen suspicious activity.
E-commerce fraud prevention implies to configure automatic reports for any of the following:
- Multiple orders to the same account using different credit cards.
- Multiple purchases to a single credit card in a short timeframe.
- Phone numbers that don’t match a billing address’s area code.
- Unusually large orders that pay for expedited shipping
- Sudden, unusual changes to a customer’s shipping address.
Mandate strong customer passwords.
This should be standard practice.
Keep track of prior fraud attempts.
This will allow you to both learn from fraud attempts against your business, and to establish a clear pattern – possibly even identifying the region or demographic in which those attempts most frequently occur.
Establish clear anti-fraud policies.
What security protocols are in place? How should employees react if they suspect your business has been defrauded?
As for defending yourself against chargeback fraud, that’s a little trickier. The best way you can protect yourself against chargeback fraud is through tracking numbers. That way, if a customer tries to claim a purchase was fraudulent, you can contact their bank with their shipping address and a notice of delivery.
Fraud is a fact of life in every industry, but eCommerce seems especially vulnerable to it. You need to educate yourself on the different breeds of fraud you might encounter. That’s the only way you’ll ever protect yourself and your business.
Not only that, but on specific dates such as Cyber Monday, along with Black Friday, is one of the most likely days you suffer from any of the mentioned. Large merchants and small E-Commerce alike are struggling the whole year in order to prepare for the boosting sales of Cyber Monday. Meanwhile, fraudsters and cyber-gangs are also preparing their strategies to attack merchants’ portals or to create complex fraud schemes to target retailers.
During Cyber Monday not only retailers are targets, but shoppers too. Hundreds of malicious app claiming for amazing sales are appearing, thousands of scam emails are being sent, and thousands of fake and fraudulent shopping websites are being deployed online.
A bad security strategy for merchants could bring a decrease of the brand value, anger from shoppers, and significant financial losses; a lack of vigilance from shoppers could mean a loss of our privacy and financial details, along with a good amount of cash. Since no one, from large merchants to small e-commerce and shoppers, is immune from fraud, UnFraud has developed some basics tips to follow in order to help the community.
Fraud tips for E-Commerce merchants on Cyber Monday and Black Friday:
Implement a fraud prevention system:
In order to prevent all types of fraud from happening to your clients or on your system, your security needs to be the tightest possible. This huge E-Commerce event leads a lot on data breaches and digital payment frauds.
Prepare a clear counter-fraud strategy:
Get ready for the big day with a policy that needs to be in place in time. You need to be clear with the steps you will have to take in the event of fraud. Like that, you will be sure to limit the damage done on either your E-Commerce or your clients’ data. If your counter-fraud strategy is not on point on time, you could lose a lot of money and all of your clients. You would not want that, would you?
Be sure you are using SSL Certificates:
As an E-Commerce merchant, you should already have a secured online payment solution. In order to be sure about it, you should check if your solution uses Secure Socket Layer, more known as SSL certificates.
Due Diligence :
When processing payments and then receiving receipts, make sure that credit and debit card numbers are the same of the last 4 digit numbers printed on the receipts you just received. If not, make sure to cancel the payment and signal the buyer with the used card.
Be careful about large orders:
If you are not used to receiving large orders, ask for an ID card or or ID documents, especially if these payments are processed with gift cards. Indeed, these can be frauds and cyber-gangs can use fake gift cards to order big amounts of products.
Monitoring social media:
Keeping an eye on social networks like Twitter profiles, Facebook pages and Instagram accounts can help you track customers who discover threats and security bugs. This will help you anticipate and deploy your counter-fraud strategy sooner.
Differing shipping and billing addresses:
Be aware that some scammers like to purchase abroad and give different billing and shipping addresses. These cross-border purchases represent a serious warning, meaning that you might want to ask some ID document to for a purchase.
Large orders shouldn’t be your only focus. Also focus on multiple and small orders, especially those that add up between them. Pay attention of sequence multiple orders purchased with similar credit card numbers.
Lock down your internal operations:
Be careful about what your employees receive. Communicate with them as much as you can. Tell them about the risks Black Friday and Cyber Monday represent regarding fraud. Also tell them about your counter-fraud strategy, SSL certificates and all of the things they have to take care of.
Tips for shoppers on Cyber Monday and Black Friday:
As an online shopper, you should be used about that one. So, Black Friday and Cyber Monday shouldn’t be special from any other day shopping online. That’s why you should, as you usually do, use secured internet connections and not public WiFi when you purchase something.
Make sure to have updated your anti-virus software:
Or, if you don’t have one, well, download one. Keep your anti-virus software up-to-date and running to protect yourself from spywares, adwares and malwares launched and sent by people who would like to steal your personal information during these crazy days.
Purchase only from secured E-Commerce merchants:
As it is told every year, purchase on secure E-Commerce websites through secured connection as SSL. This powerful encryption SSL protocol allows to send an receive information in a safe way. A lock will appear in the URL if you are on one of these websites.
Keep it online:
If you are lead to hop on a phone call with one of the merchants you bought from, whatever the reason, never give personal and credit cards details. Social engineers are very good at extrapolating and connecting data points in order to prepare a large-scale fraud. If you receive a phone call from someone claiming to be a shop you have recently ordered from, ask for a call-back number and call them back to make sure.
Create a new email account:
Trying to use a new and separate email account if you are often shopping online can be a bright idea. This way, not only are all of your purchases in one account where you can easily check on them, but you have to worry about one email being secured should something be compromised. Plus, your personal email account will be protected from possible scams. Especially on days like Black Friday.
Double check the E-Commerce:
After having filled a cart up and before processing your payment, think about double checking the website you are on. What does it mean? Just do a quick Google search and quickly scroll through a few blogs and forums to find if scams have been reported on the website you are currently buying on. If not, you are free to buy. Otherwise, quickly delete your cart and delete your cookies.
Read the website’s refund policy:
A lot of laws exist to protect shoppers’ rights online. But some E-Commerces still manage to scam some online buyers. This is why you need to read an online shop’s refund policy. A good an secured E-Commerce will have a clear and easy to find refund and returns policy that is easy to understand, for everybody.
Check the grammar:
E-commerce is one of the most breached areas by cybercriminals. Losses caused by online frauds are about EUR 4 billion, with an increase of 15% per year. Any online retailer should provide a protection system in order to limit damages caused by online threats.
The best scenario would be to prevent fraud from occurring. The first step is to monitor and check every order, being careful to the matching of IP, email and shipping addresses. Pay attention to international transactions, since most of credit card fraud cases are from foreign buyers. So pay attention if the billing and shipping addresses don’t match. And last but not least, equip your business with a fraud protection service. In any case, the best defence for your online business is being aware of the threats that are out there and knowing what to look for.
It is impossible stay 100% safe, but by using these tips, and by being vigilant and smart, it will help you decreasing the chances of becoming a victim of a scam (if you are shopper) or a fraud (if you are a merchant).