1. Resources
  2. eCommerce Fraud
eCommerce Fraud Resources Hub

eCommerce Fraud Resources Hub

Discover the leading eCommerce fraud threats facing your business. We’ll explore how these schemes work, and look at some preventative steps you can take to reduce risk, protect your revenue, and keep your business secure.

eCommerce Fraud: The Ultimate Merchant’s Guide for 2022

eCommerce Faud: The Ultimate Merchant's Guide

Even as online shopping becomes increasingly popular, online merchants face the growing threat posed by eCommerce fraud.

When fraud attacks occur, they have an immediate impact on your revenue. They can do additional long-term damage to your business, though. That’s why understanding eCommerce fraud, how it works, and how you can prevent it are all critical steps in mitigating risk and protecting your revenue.

In this resource, we’ll provide an overview of different types of eCommerce fraud threats. We’ll also explanation how they work, and talk about the preventative steps you can take to keep your business safe.

What Is eCommerce Fraud?

eCommerce Fraud

[noun]ēˌ• käm • ərs • frôd

eCommerce fraud refers to any type of false, illegal, or illegitimate commercial transaction conducted through the internet. The fraudster typically impersonates a legitimate user, making purchases without valid authorization to do so.

There are a variety of methods that criminals can employ. Most involve purchases made using stolen customer data. For example, a criminal might buy goods with a stolen credit card, or make a purchase by accessing a customer’s account and using stored payment information without permission.

Most fraud activity has moved online in the last decade, and it’s easy to see why. The anonymity offered by the internet lowers the fraudster’s risk of being caught. It’s also easier; there are no signatures to forge and no physical cards to inspect. Plus, you have no idea what the purchaser actually looks like. It’s always more difficult to verify buyers in a card-not-present environment.

So…what’s this mean for you as a merchant? Simply put, it means more chargebacks.

When a cardholder discovers an unauthorized charge on their statement, that individual calls their issuing bank and files a chargeback. If that happens, you lose the revenue from the sale, plus any goods shipped. You also get hit with a chargeback fees and increased overhead costs. It can also damage your reputation, and lead to other long-term struggles for your business.

How Big of a Problem is eCommerce Fraud?

In short: it’s big.

The volume of payment fraud has risen dramatically over the last decade, in tandem with the increasing acceptance of eCommerce. The Association for Financial Professionals’ annual fraud report shows that three out of four organizations were targets of fraud in 2020.

The problem continues to grow out of control with each year. Statistics from Juniper Research estimate that online sellers will have lost $130 billion to online fraud between 2018 and 2023.

The cost of payment card fraud has increased by 60% over thelast decade, and is expected to increase significantly post Covid-19.Source: statista.com/statistics/1080685/global-card-fraud-losses-forecast/Fraud losses in cents per 100 U.S. dollars60% increase over the last decade

Of course, that estimate still predates the Covid-19 pandemic. Considering that successful fraud attacks increased by 52% between 2020 and 2021, it’s clear that eCommerce fraud is not something you can afford to ignore.

These criminal fraud attacks present a serious threat to you as an individual merchant. The web not only facilitates anonymous fraudulent transactions, it also provides a way for criminals to obtain large amounts of customer data quickly and easily, which they can turn into future criminal attacks.

How Do Fraudsters Access Customer Data?

The technique used to acquire customer data can vary based on the fraudster’s goals. With identity theft or account takeover, for example, cybercriminals often use a tactic known as “phishing.”

Fraudsters contact potential victims by email, telephone, or text message, pretending to be a representative of a recognizable and reputable organization. Consumers who believe the sender is legitimate may willingly give up personally identifiable information, including account details and passwords.

That works for individual, small-scale actors. For large-scale attacks, though, the easiest route is to buy cardholder information.

Over 14 billion personal records have been compromised since 2013. Many of these stolen records will end up on the deep web, which is an area of the internet not readily accessible by normal browsers. Within the deep web is a subset called the “dark web,” which is deliberately hidden and only accessible with not readily accessible browsers like Tor, which anonymize users.

Criminals can buy and sell information on the dark web with little risk of being traced. Because of the volume of information available, fraudsters can often buy card data and other personal records in bulk for pennies each. Some of these records are inactive, but fraudsters can use software programs that test the information by making small transactions (a practice called card testing). If the purchase goes through, they know the card is good.

Types of eCommerce Fraud

With most eCommerce fraud tactics, the cardholder is the fraudster’s point of attack. A criminal steals personal data, such as a social security number or bank account information, then uses the data to either make purchases or attempt to access other accounts by impersonating the cardholder.

But, although the consumer may be the primary target of a payment fraud scheme, these eCommerce fraud attacks will still impact your business in a big way. With that in mind, let’s look at some of the most common eCommerce fraud tactics, strategies, and threat sources:

Account Takeover Fraud

Account Takeover Fraud

Account takeover fraud (ATO) is often considered a form of identity theft. Instead of trying to hijack an entire identity, however, ATO is mostly about getting access to existing accounts. Thieves are specifically looking for usernames and passwords the victim uses to access an online account. Once they access the account, fraudsters can change details, make purchases, withdraw funds, and even leverage the stolen information to invade other accounts.

Learn More About Account Takeover Fraud
Synthetic Fraud

Synthetic Fraud

Yet another relative of identity theft, synthetic fraud also involves stealing personal information. Rather than impersonate a single person, however, the fraudster combines pieces of data from multiple consumers to create a fake (synthetic) persona. This fake user identity is then used to open accounts or go on a shopping spree, leaving the bill to whichever individual holds the corresponding Social Security number.

Learn More About Synthetic Fraud
Clean Fraud

Clean Fraud

Clean fraud is less a distinct form of eCommerce fraud, and more of a tactic to cover it up. Again, the fraudster uses stolen card data to illegally buy goods or service. At that point, however, the transaction information is manipulated to bypass fraud detection devices. The name refers to the fact that the transaction appears “clean,” and will not be picked up by fraud filters, blacklists, or other online fraud detection tools.

Learn More About Clean Fraud
Overpayment Fraud

Overpayment Fraud

In this tactic, the thief makes their fraudulent online purchase, then asks you to accept additional funds. The extra money is allegedly to pay for shipping or some other believable expense. The fraudster then instructs you to forward the funds to a third party. When the true cardholder discovers the fraud, they will file a chargeback to recoup their funds.

New Account Fraud

New Account Fraud

New account fraud occurs when a fraudster adopts a false identity to create a new payment card account. This often occurs at the banking level, with fraudsters using stolen or synthetic identities to secure new credit or debit cards, which they can use to make purchases.

Learn More About New Account Fraud
Gift Card Fraud

Gift Card Fraud

There are multiple ways to commit gift card fraud. Thieves may employ an automated algorithm to roll through a list of potential account numbers and request balances to try and find and steal active balances, or they may use gift cards as part of a broader triangulation scheme. These are just two of several tactics that involve gift cards as tools to commit fraud.

Learn More About Gift Card Fraud
Fraud as a Service (FaaS)

Fraud as a Service (FaaS)

Fraud as a Service is a process by which an individual bad actor provides tools and services to others to facilitate their commission of fraudulent online activity. FaaS can involve diverse tactics for perpetrating fraud. And, even if you intercept an individual fraud attack, the service provider is still out there, offering the same tools and services to other fraudsters.

Learn More About Fraud as a Service
Affiliate Fraud

Affiliate Fraud

Affiliate marketing is a model by which a publisher receives a commission for promoting an advertiser’s business on other websites and driving buyers to the advertiser’s site. The commission may be based on traffic, leads, or sales. So, affiliate fraud occurs when malicious actors manipulate traffic to score unearned commissions. Tactics include generating fake leads, taking credit for sales from other affiliates, or even collecting commission on purchases that the fraudster submitting themselves using stolen cards.

Learn More About Affiliate Fraud
Triangulation Fraud

Triangulation Fraud

True to its name, triangulation fraud involves three elements. First, a cardholder makes a purchase from an online source; a fake store or an auction site, for example. In most cases, the price is considerably lower than retail. The second step involves the fraudster, who takes the cardholder’s payment, as well as any personal data the customer supplied. Using a different, stolen card, the thief then buys the item from another site (at full price), has it shipped to the customer, and pockets the cardholder’s money.

Learn More About Triangulation Fraud
Replacement/Return Fraud

Replacement/Return Fraud

Product replacement fraud typically requires the help of an “inside man.” The customer orders an item, but the box is opened at the fulfillment stage. The ordered product is removed and replaced with a less valuable product (or nothing). A variation of this is fake return fraud, where the criminal orders an expensive item, then requests a refund. The item returned, however, is something of considerably less value.

Learn More About Return Fraud
Push Payment Fraud

Push Payment Fraud

Push payment fraud is any incident that involves manipulating “push” payments, meaning cardholder-initiated payments that allow buyers to make purchases without waiting for you to batch and submit transactions for settlement. Perpetrators can use social engineering, account takeover, phishing emails, and other tactics to accomplish their goal.

Learn More About Push Payment Fraud
Buy Now, Pay Later Fraud

Buy Now, Pay Later Fraud

Fraudsters are adept at abusing the increasingly popular “buy now, pay later” (BNPL) model. They can employ other tactics on this list like account takeover or synthetic fraud to make purchases using a BNPL option at checkout. The fraudster then disappears without paying for the goods or pays using stolen cardholder information.

Learn More About BNPL Fraud
Transaction Laundering

Transaction Laundering

Unlike other tactics, transaction laundering involves fraudsters conducting their activity by impersonating merchants. It’s a process by which fraudsters disguise themselves as legitimate merchants and begin working with an acquirer to process payments. Unbeknownst to the acquirer, the fraudster is actually using their account to launder revenue from criminal activity.

Learn More About Transaction Laundering

Is Friendly Fraud a Form of eCommerce Fraud?

Friendly fraud, also known as chargeback fraud, occurs when a cardholder uses a credit card to make a legitimate purchase, then files a chargeback with their issuing bank. This can happen unintentionally, but it can also result from consumers abusing the chargeback system to gain unwarranted “refunds.”

Friendly fraud is a form of eCommerce fraud. It’s distinct from the tactics outlined above, though, as it doesn’t come from crooks using stolen card data. It originates with the actual cardholder. Another important difference is that friendly fraud happens post-transaction. It’s almost impossible to prevent because you won’t know it’s fraud until after the fact.

While friendly fraud doesn’t work like typical eCommerce fraud, it’s still worth mentioning. In reality, as many as 60% of all chargebacks may be cases of friendly fraud. If your chargebacks are coming from friendly fraud, a management strategy focused on stopping eCommerce fraud will be inefficient, at best.

50 Insider Tips for Preventing Chargebacks

Learn More Simple Ways to
Prevent Chargebacks

Save time and protect your revenue with more insider tips and strategies for chargeback prevention. This FREE guide details 50 techniques for shutting down chargebacks before they happen.

Free Download

eCommerce Fraud Detection: Know the Signs of Fraud

So, with these and many other fraud sources to worry about, here’s the key question: what can you do to detect eCommerce fraud?

There’s no single tool that will accomplish this job on its own. eCommerce fraud detection is a complex matter demanding a variety of indicators to identify abuse without generating runaway false positives. Think about eCommerce fraud detection like a net; the finer the mesh, the more you’ll catch.

Here are just a few tools you should consider as part of your strategy:

Address Verification Service

Address Verification Service

Address Verification Service (AVS) reduces risk by automatically comparing the billing address listed in the transaction against the address registered with the issuing bank. If they don’t match, then AVS flags the transaction as potential fraud.

Learn More About AVS
Card Security Codes

Card Security Codes

Card security codes help ensure the shopper has physical possession of the card being used. These codes are printed on the card (usually on the back) and cannot legally be stored by either the merchant or the processor. The cardholder must reenter the digits with every purchase.

Learn More About Card Security Codes
3-D Secure

3-D Secure

3-D Secure is an opt-in technology that requires participating customers to enter a predetermined security code. The tool works like an online PIN code. Fraudsters have no way of knowing the security code, and the tool stops the transaction from being completed without the valid code.

Learn More About 3-D Secure
Fraud Blacklists

Fraud Blacklists

Fraud blacklists let you ban known or probable fraudsters. Whether these individuals are engaging in criminal or friendly fraud, establishing a blacklist can ensure they only cause trouble once. The blacklist can block orders by something specific to the user, like an individual IP address.

Learn More About Fraud Blacklists
Velocity Limits

Velocity Limits

Velocity limits, or velocity checks, scan for potential fraud based on the rate at which a buyer submits multiple transactions. This lets you segment suspicious transactions and identify possible cases of card testing, or fraudsters trying to run multiple transactions with a valid card number.

Learn More About Velocity Limits

Fraud Scoring: Automate Your eCommerce Fraud Decisioning

Again, this is not an exhaustive list. There are many different criminal fraud prevention tools you can deploy to gauge the risk behind each transaction. You should then subject each purchase to fraud scoring, which will let you assess fraud indicators using machine learning. Fraud scoring then provides simple up-or-down decisioning as to whether you should accept or reject the purchase, or subject that transaction to manual review.

Many service providers offer their technology as all-inclusive risk management platform to let you offload this process entirely, including (in no particular order):

Kount Logo

Kount

Kount’s patented digital fraud prevention solution means fewer chargebacks and declines, plus lower operational costs. It’s used by some of the world’s largest payment service providers, gateways, processors, and acquirers.

Riskified Logo

Riskified

Riskified uses machine learning to instantly differentiate between good and bad actors, allowing merchants to approve more orders (with a 100% chargeback guarantee) while providing a frictionless customer experience.

Signifyd Logo

Signifyd

Signifyd offers fraud protection for eCommerce backed by a 100% financial guarantee. Their technology identifies both good and bad consumer behaviors—reducing losses, lowering rejections, and increasing revenue.

Ravelin Logo

Ravelin

Ravelin provides technology and support to help merchants prevent evolving fraud threats and allow them to accept payments with confidence. They offer machine learning, access to a global fraud network, and more.

eCommerce Fraud Prevention: How to Know What Lies Ahead

You don’t need a fortune teller to see the future when it comes to eCommerce fraud. Careful examination of current fraud and chargeback data, coupled with careful research on new and developing fraud trends, puts the power of eCommerce fraud prevention in your hands. You must have the right practices in place, though.

Payment fraud can be difficult to eliminate, as fraudsters are always looking for new angles and technologies to exploit. Keeping up with them is a difficult costly process; it’s no surprise, then, that the average eCommerce merchant invested roughly 10% of their annual revenue in fraud management in 2021.

Deploying a few best practices can help decrease fraud occurrences and keep your costs manageable. For example, you can:

  • Encourage customers to create personal accounts for future purchases
  • Require strong passwords, and encourage shoppers to change them regularly
  • Use a dedicated computer for all financial transactions
  • Educate yourself on fraud tactics and developing trends
  • Remain vigilant and review regularly for vulnerabilities

However, the most important part of all is data. You can look at past transaction data to try and identify recurring patterns, pinpoint weaknesses, and identify opportunities.

We said that eCommerce fraud prevention is possible. We never said it would be easy, though.

eCommerce Fraud: The Bottom Line

Unfortunately, online fraud is a moving target. The more we shop, connect, and transact online, the more the danger grows. Meanwhile, criminals get more sophisticated all the time.

Implementing the above steps will help stop eCommerce fraud. That said, it won’t be enough to combat all online fraud, especially in the long term. There are simply too many different tactics that criminals can use, with new threats appearing daily. Staying up-to-date on the latest threats can be a full-time job on its own.

Chargebacks911® offers the most comprehensive chargeback management services and products available on the market today. Our experts are constantly uncovering new fraud threats and developing innovative strategies and technologies to fight back. This applies not only to eCommerce fraud prevention, but even to hard-to-fight challenges like friendly fraud.

Whatever you need to prevent chargebacks, we can help. Contact us today for a free demo.

Ready to get started?
We Take the Guesswork Out of Chargeback Management
Embed code has been copied to clipboard